Help

Removal of MDM profile notification?

Weeklyupdates
New Contributor

Posted on ‎06-25-2018 04:31 PM

One of the employees at my company told me they remove the MDM profile from their IMac. This is no problem because it was easily reinstalled but, is there a way to be notified when any user removes this profile?

We have agents that work from home, and unfortunately people are let go quite often. We are able to secure the usage of our devices by locking it after termination of employment. If they were to remove the MDM profile, would we lose the ability to lock our computers without any notification? Or alert?

I’m not tech savvy but just trying to learn

0 Kudos
Reply
3 REPLIES 3

allanp81
Valued Contributor

Posted on ‎06-26-2018 12:13 AM

I don't know if there's any simple way other than by having your macs do a regular inventory update and then querying the API to see machines that are showing as not mdm capable? Maybe someone else would have a simpler way of finding out. Are you devices able to check in with Jamf Pro while offsite? I'm assuming yes.

Reply

Gavbrien
New Contributor

Posted on ‎06-26-2018 02:57 AM

You can use /usr/bin/profiles -L to list all the profiles. You could have an extension attribute based on that showing when a profile is present (or not)

Reply

gachowski
Valued Contributor II

Posted on ‎06-26-2018 10:00 AM

Yep I think Gavbien's idea is the easiest...This might get you started...

https://www.jamf.com/jamf-nation/discussions/9334/extension-attribute-to-see-config-profile

Reply