- Jamf Nation Community
- Products
- Jamf Pro
- Re: Script to Automate Enroll if Mac is in ABM
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Script to Automate Enroll if Mac is in ABM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-20-2024 01:24 PM
Good morning.
We are deploying Jamf on approximately 200 new Macs that we are replacing for our employees; however we have around 60 already in operation, which were added to ABM by the Apple Reseller.
To avoid asking employees to use the terminal and type "sudo profiles renew -type enrollment" command, is there a way to make this process automatic?
I would like to be able to share a file by email and saying to them "Just launch it and wait until Setup your Mac will start". I tried with Automator without success.
Any ideas?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2024 02:36 PM - edited 10-21-2024 05:08 AM
Nope, Apple specifically removed being able automate this a few years ago. It used to be possible until Apple had better ideas.
You can run the profiles command from MDM, assuming the devices are enrolled. However, the user will need to watch for the macOS notification that does not always appear to go into system settings and do the thing. The user must be an admin, the user must enter their credentials manually, the user must manually do this entire process if you are using the profiles command. The only thing automatic is how much it sucks :(.
Edit: I forgot apple removed the admin requirement for the profiles renew command with macOS 15.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2024 07:21 PM - edited 10-20-2024 07:23 PM
@PPAict Are those Macs running macOS Sequoia yet? If not, do you think it would be possible to have the users upgrade?
The reason I ask is the following change called out in the What's new for enterprise in macOS Sequoia KB article:
-
profiles renew -type enrollmentno longer requires admin credentials if you are not already enrolled in MDM.
So in theory it sounds like your Automator approach would work on a Mac running macOS Sequoia.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-21-2024 05:29 AM
Actually we're not suggesting users to upgrade to Sequoia (deferral 90 active on already enrolled macs).
So at the moment this option isn't viable :(
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-20-2024 11:20 PM
If the Devices were added to ABM and not enrolled, Users will get a Notification to Enroll the Mac,
Enforcing Automated Device Enrolment
In macOS 14 or later, if a Mac that’s registered to Apple School Manager or Apple Business Manager doesn’t enrol into device management during the first setup, a full-screen setup experience is displayed.
The user can choose “Not now” once, which causes the screen to be dismissed for 8 hours. During those 8 hours, the user sees a follow-up option in System Settings to start the enrolment. After the time expires, an administrator must enrol the device.
https://support.apple.com/en-in/guide/deployment/dep73069dd57/web
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-20-2024 11:59 PM
Oh, this sounds new to me, i really need to test it !
This could be perfect!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-21-2024 05:27 AM
Macs are already active and on sonoma, and they don't trigger the ADE without some inputs :(
