Is there a way we can restrict Jamf's removal from macOS by any Admin users?
Any smart way that we need to supply a key/password to remove system from jamf.
Business case: A non-IT Admin user can just search the way to remove jamf Framework and MdmProfiles easily and we can't restrict that happening with a sudo command. To avoid that, a specific group of IT people with a pre-set key/password can only remove Jamf.
In my Jamf Admin class we learned that you can deploy a launch a launch daemon to check if the framework had been removed. If it was removed, the LD would readd the framework and could re-enroll the machine by reinstalling the Jamf enroll package (Which would be in a hidden location).
I have not implemented it since none of our users are admin, but I will check my notes later.