Script to Automate Enroll if Mac is in ABM

PPAict
New Contributor III

Good morning.
We are deploying Jamf on approximately 200 new Macs that we are replacing for our employees; however we have around 60 already in operation, which were added to ABM by the Apple Reseller.

To avoid asking employees to use the terminal and type "sudo profiles renew -type enrollment" command, is there a way to make this process automatic?
I would like to be able to share a file by email and saying to them "Just launch it and wait until Setup your Mac will start". I tried with Automator without success.

Any ideas?

6 REPLIES 6

AJPinto
Honored Contributor III

Nope, Apple specifically removed being able automate this a few years ago. It used to be possible until Apple had better ideas.

 

You can run the profiles command from MDM, assuming the devices are enrolled. However, the user will need to watch for the macOS notification that does not always appear to go into system settings and do the thing. The user must be an admin, the user must enter their credentials manually, the user must manually do this entire process if you are using the profiles command. The only thing automatic is how much it sucks :(.

 

Edit: I forgot apple removed the admin requirement for the profiles renew command with macOS 15.

sdagley
Esteemed Contributor II

@PPAict Are those Macs running macOS Sequoia yet? If not, do you think it would be possible to have the users upgrade?

The reason I ask is the following change called out in the What's new for enterprise in macOS Sequoia KB article:

  • profiles renew -type enrollment no longer requires admin credentials if you are not already enrolled in MDM.

So in theory it sounds like your Automator approach would work on a Mac running macOS Sequoia.

PPAict
New Contributor III

Actually we're not suggesting users to upgrade to Sequoia (deferral 90 active on already enrolled macs).
So at the moment this option isn't viable :(

Shyamsundar
Contributor

If the Devices were added to ABM and not enrolled, Users will get a Notification to Enroll the Mac, 

 

Enforcing Automated Device Enrolment

In macOS 14 or later, if a Mac that’s registered to Apple School Manager or Apple Business Manager doesn’t enrol into device management during the first setup, a full-screen setup experience is displayed.

The user can choose “Not now” once, which causes the screen to be dismissed for 8 hours. During those 8 hours, the user sees a follow-up option in System Settings to start the enrolment. After the time expires, an administrator must enrol the device.

https://support.apple.com/en-in/guide/deployment/dep73069dd57/web

 

PPAict
New Contributor III

Oh, this sounds new to me, i really need to test it !
This could be perfect!

PPAict
New Contributor III

Macs are already active and on sonoma, and they don't trigger the ADE without some inputs :(