I use an extension attribute to search that info, and then you can create a smart group based on the result.
This attribute verifies that the client has enrolled to the JSS. Results returned are "Enabled" or "Not Enabled" based on whether the client has an MDM profile supplied by the JSS.
#!/bin/sh mdmEnrollmentProfileID="00000000-0000-0000-A000-4A414D460003" enrolled=`/usr/bin/profiles -C | /usr/bin/grep "$mdmEnrollmentProfileID"` if [ "$enrolled" != "" ]; then echo "<result>Enrolled</result>" else echo "<result>Not Enrolled</result>" fi
I believe it originated from another JAMFNation user, though I don't have their name on me at the moment.
It does not necessarily work, the issue I've seen is /var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist is missing, the machines say they've successfully enrolled but are showing up as MDM Compatibility: No the below script finds machines missing the plist that controls MDM. I've added it as an extension attribute so I can identify effected machines.
if [ ! -f /var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist ]; then
else echo "<result>yes</result>"