Jamf Nation Community

alexjdale · ‎08-29-2017

With SKEL on the way in unfinished form, I'm scrambling to examine all of our options to manage it. I've determined that, unless Apple changes the implementation, I will have to start enrolling devices in MDM. For reasons I won't go into here, the obvious choice for us is InTune.

I'm a MDM newbie. I had assumed there would be some way to use Casper to install an MDM enrollment profile at a system level during provisioning, with users enrolling themselves later so they can leverage Conditional Access for MS apps/services. We need to be able to manage SKEL immediately so our critical security apps can load before we have users logging in.

Has anyone scripted their device enrollment with a third-party MDM solution like InTune? Is what I'm considering even possible?

jason_bracy · ‎08-29-2017

Sorry, but I am a little confused by your question. Casper (JAMF-Pro) is an MDM. You can only have one, so you would not be able to use both Casper and InTune on the same device.

alexjdale · ‎08-29-2017

Casper does not have to be configured to enroll the client in MDM. We've been using Casper since before MDM was a thing, and we never implemented MDM. We don't have an Apple push cert, nor is our JSS even able to access the Internet.

We can enroll devices into InTune alongside Casper with no issues, but it's user-based enrollment (for device affinity and a user certificate used for authentication). I'm wondering if anyone has performed a scripted enrollment of a device at the system level (since it's essentially installing a profile), or if that's even possible.

gachowski · ‎08-29-2017

You can also configure Casper to pull the user certs ... Your org is going to have to make a choice .. InTune or Casper.. I would highly recommend Casper.

https://www.jamf.com/jamf-nation/discussions/24208/conditional-access

C

Jamf Nation Community

Third-party MDM - automated enrollment?