Help

user approved MDM missing Approve button

Go to solution
AVmcclint
Honored Contributor

Posted on ‎10-05-2018 04:41 PM

I just upgraded from JSS 10.2.1 to 10.7.1 and I started powering up some of my tester Macs to make sure the new jamf files were being pushed out. All is well except for the fact that the 10.13.6 Macs give the alert in Self Service (according to this) but when I go to the MDM profile, there is no Approve button. There is no way to approve it?! How do I approve them and/or make the alert in Self Service stop appearing for 10.13 Macs? If it makes a difference, the line about "Functionality may be limited..." does not appear in the window for our MDM profile.
31fde0163ecd4f78b3b2eb334b200f62

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Hugonaut
Valued Contributor II

Posted on ‎10-06-2018 02:50 AM

IF DEP ENROLLMENT, you won't need to approve - For all Non DEP Devices, they need to be approved manually. Basically, any device you installed the quickadd / enrolled into JSS manually will need manual approval.

AS FOR THE SELF SERVICE POP UP - don't worry... you can change this in Your JSS -> Management Settings -> Self Service -> macOS & untick the boxes for 'Interaction'

bcb817a8437d4c5d867beef670b35da9

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

View solution in original post

Reply
11 REPLIES 11

Go to solution
Hugonaut
Valued Contributor II

Posted on ‎10-06-2018 02:50 AM

IF DEP ENROLLMENT, you won't need to approve - For all Non DEP Devices, they need to be approved manually. Basically, any device you installed the quickadd / enrolled into JSS manually will need manual approval.

AS FOR THE SELF SERVICE POP UP - don't worry... you can change this in Your JSS -> Management Settings -> Self Service -> macOS & untick the boxes for 'Interaction'

bcb817a8437d4c5d867beef670b35da9

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Reply

Go to solution
maheshveldandi
New Contributor III

Posted on ‎10-06-2018 04:06 AM

Yes Correct @ Hugonaut.

If the devices under DEP, you don't need to approve and For all non-DEP devices, they need to be approved manually. Any device you enrolled by User-Initiated Enrollment into JSS manually will need click on manual approval.

0 Kudos
Reply

Go to solution
RonHunter21
New Contributor II

Posted on ‎10-06-2018 06:32 AM

Im wondering is there a script to approve.... But i tried running "sudo jamf trustJSS"and that cleared the message but does not always work

0 Kudos
Reply

Go to solution
Hugonaut
Valued Contributor II

Posted on ‎10-06-2018 09:07 AM

@RonHunter21 at this moment there is not, you cannot approve it via remote commands or screen control, and you cant even gui script it.

you need to, or the user needs to manually approve it. They really hit home with the "User Approved MDM" on this one haha

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Reply

Go to solution
AVmcclint
Honored Contributor

Posted on ‎10-08-2018 03:22 AM

I think the point of my post got overlooked here. I'm not lamenting the fact that User Approved MDM is here (well I AM, but not in this post). It's the fact that I need to approve the MDM, and THERE IS NO BUTTON TO CLICK ON. Since we aren't on DEP, does this mean my Macs are unmanaged now because I can't click on a button that isn't there?

Thanks @Hugonaut for the heads up about the Self Service check box. At least I can stop that from hitting users' eyes and causing confusion.

Reply

Go to solution
allanp81
Valued Contributor

Posted on ‎10-08-2018 04:24 AM

Try forcing a jamf recon and then see if it has the same message. Depending on how often you are performing inventory updates, it may be that Jamf Pro thinks the machine hasn't been approved yet.

0 Kudos
Reply

Go to solution
crbeck
Contributor

Posted on ‎10-08-2018 06:17 AM

I second the forcing a jamf recon, Jamf Pro might not have the most up-to-date info on the status of that MDM profile.

0 Kudos
Reply

Go to solution
Hugonaut
Valued Contributor II

Posted on ‎10-08-2018 12:56 PM

@AVmcclint You're welcome!

I think the point of my post got overlooked here.

Yes it did, I mis understood the post. I should have asked more questions. 1 questions being, do you have a Mixed DEP / Monolothic imaging environment.

I 3rd the notion, force a Jamf recon. How many computers is this effecting? Very strange that they are not forcing a request for approval. I would dig into that computers logs and get your Jamf Buddy involved something bigger may be at play here.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
0 Kudos
Reply

Go to solution
easyedc
Valued Contributor II

Posted on ‎10-09-2018 06:32 AM

So I've been able to force (I think) by running a 

Jamf manage ; jamf mdm

Which does its thing and spits back out some verbiage about needing to manually accept the MDM profile.

Reply

Go to solution
dsx_work
New Contributor

Posted on ‎01-28-2019 01:42 AM

This solved the issue in one of our company computers:

Remove the MDM first:

sudo jamf removemdmprofile

once it is removed, do this to apply the MDM again:

sudo jamf mdm

This should allow you to approve the MDM in Profiles.

I hope it helps.

Reply

Go to solution
Sandy
Valued Contributor II

Posted on ‎03-19-2019 12:30 PM

SO to follow the logic here, I should not have any where the device record shows:
Enrolled via DEP: YES
User Approved MDM: NO

0 Kudos
Reply