Help

Script to identify ADE devices?

Go to solution
macservit
New Contributor III

Posted on ‎05-15-2023 11:33 AM

We are an MSP that specializes in macOS and iOS, with macOS devices making up about 50% of total computers we support. Many are in Jamf Pro (separate cloud instances), and of those, the majority are ADE (vs. manually enrolled). All computers have an RMM agent installed, and we are looking to move to a different RMM platform. It would be helpful to know which computers have Jamf via ADE and which do not so we can anticipate which users will have permissions issues due to lack of profile-based PPPC control. 

Does anyone know of an option within the Profiles command that can identify the presence of the non-removable Jamf "MDM Profile" on a Mac? When I run the "sudo profiles -P" command, I can see all installed profiles. Some have human readable names, while others are just named with GUIDs. Nothing jumps out as the profile I need to verify. If one of the GUID entries is indeed the "MDM Profile" profile, then I'm going to assume the GUID is unique to each Jamf instance.

I'm trying to avoid the option of going into each Jamf Pro instance and manually collecting the data there...

0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
junjishimazaki
Valued Contributor

Posted on ‎05-15-2023 11:46 AM

Just to confirm, do you want to check whether the computer was enrolled via prestage?

View solution in original post

Go to solution
junjishimazaki
Valued Contributor
In response to macservit

‎05-15-2023 11:51 AM - edited ‎05-15-2023 11:54 AM

Then, why not create a smart group in each Jamf Pro instance with the "Enrolled via Automated Device Enrollment" criteria with the condition as yes? Then you can export that smart group

View solution in original post

6 REPLIES 6

Go to solution
junjishimazaki
Valued Contributor

Posted on ‎05-15-2023 11:46 AM

Just to confirm, do you want to check whether the computer was enrolled via prestage?

Go to solution
macservit
New Contributor III
In response to junjishimazaki

Posted on ‎05-15-2023 11:49 AM

Sorry, yes. And to confirm, I need to run the script from the current RMM tool, NOT from within the Jamf dashboards.

Right after I send my original post, another post was suggested to me that I might be able to massage into a solution...  https://community.jamf.com/t5/jamf-pro/device-ownership-how-to-identify-the-enrolled-devices-are/m-p...

0 Kudos

Go to solution
junjishimazaki
Valued Contributor
In response to macservit

‎05-15-2023 11:51 AM - edited ‎05-15-2023 11:54 AM

Then, why not create a smart group in each Jamf Pro instance with the "Enrolled via Automated Device Enrollment" criteria with the condition as yes? Then you can export that smart group

Go to solution
macservit
New Contributor III
In response to junjishimazaki

Posted on ‎05-15-2023 12:01 PM

As I mentioned in the very last sentence in my original post, I am trying to avoid going in to each individual Jamf instance and pulling that data

0 Kudos

Go to solution
macservit
New Contributor III

‎05-15-2023 12:09 PM - edited ‎05-15-2023 12:18 PM

We always set our Prestage Enrollments to be non-removable. With that in mind, it seems like I could just query the 'IsMDMUnremovable' bit in /usr/bin/profiles show -type enrollment and base the status on that. Unremovable = ADE, Removable = User enrolled. Yes?

0 Kudos

Go to solution
junjishimazaki
Valued Contributor

Posted on ‎05-15-2023 12:20 PM

If you are going to modify that script you linked and execute it in whatever RMM tool you are using. What kind of output are you expecting or what do you want? Quite honestly, using a smart group would be a lot easier than trying to figure out the script to make it work. You can even script that using the API call to create the smart group and download it. 

0 Kudos