Help

Remove Passcode Policy (conf. profile) deployed in PreStage Enrollments

bojanspasic
New Contributor II

yesterday

Hi All, 

Does anyone know how to remove the configuration profile for the passcode policy deployed during prestage enrollment?

In Prestage Enrollment settings, we have set the Passcode requirement, and now we want to deploy a new requirement, but I can't see the option to remove the existing profile.

 

Thank you all in advance.

0 Kudos
Reply
7 REPLIES 7

sdagley
Esteemed Contributor II

yesterday

@bojanspasic You should be able to remove it by making sure the Mac is out of scope for the Configuration Profile that you selected to deploy in your PreStage (any profile deployed in a PreStage should be removed after enrollment completes unless the scoping for the profile indicates it should remain on the Mac).

0 Kudos
Reply

bojanspasic
New Contributor II

yesterday

Hi @sdagley this is not a deployed profile; this is created by Passcode settings in Prestage Enrollment

Screenshot 2025-04-14 at 17.41.17.pngScreenshot 2025-04-14 at 18.12.00.png

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to bojanspasic

yesterday

@bojanspasic What version of Jamf Pro are you running? I'm on 11.15.2 and don't have a Passcode option in the PreStage, so I'd be using a Configuration Profile to apply that payload.

Reply

bojanspasic
New Contributor II
In response to sdagley

yesterday

I am running on 11.15.2. Also, I don't have a Passcode if I want to create a new Prestage enrollment now.

This Prestage enrollment was created 3-4 years ago, and at that time, Passcode was available.

0 Kudos
Reply

BGhilardi
New Contributor III

14 hours ago

You can create a configuration file for your Passcode strategy and then check it to deploy it in the Prestage.
Capture d’écran 2025-04-15 à 09.10.35.pngCapture d’écran 2025-04-15 à 09.12.13.png

0 Kudos
Reply

bojanspasic
New Contributor II
In response to BGhilardi

13 hours ago

Hi @BGhilardi 

Yes, that's correct, and I already did it.
But my concern is the existing "Standard Mac Enrollment - Passcode Policy" which I can't remove for already enrolled machines.

I am afraid that if I deploy a new Passcode (password) policy, it will overlap with the existing one, and sometimes macOS will enforce the old and sometimes the new one.

0 Kudos
Reply

bojanspasic
New Contributor II

7 hours ago

I contacted Jamf Support, and unfortunately, I cannot remove this legacy configuration profile.

Their proposed solution is to remove the Passcode from the pre-stage enrollment (as it's a legacy setting) and then re-enroll the computer.

This is only necessary if the new password requirements are less complex than the old ones; otherwise, the more stringent requirements will prevail.

 

Reply