User Approved MDM Status Wrong?

Valued Contributor

I have a (virtual) Mac for which Jamf (10.7.1) claims that the 'User Approved MDM' status is 'no', but macOS (profiles status -v -type enrollment) tells me

profiles: verbose mode ON
profiles: using user name = thisguy
Enrolled via DEP: No
MDM enrollment: Yes (User Approved)

Any idea why they differ?

This node also does not have the JSS CA cert anymore, but I am pretty sure it was there when I enrolled the Mac.



I have seen this on a small handful of our machines.

Essentially the machines need re-enrolling to then report back the correct MDM status.

In our case as the MDM profile was non-removable I needed to remove the profiles database from recovery mode.

Valued Contributor

Thanks for the info. I really hate this 'you will have to re-enroll', but at least I know that I don't need to wait for some magic command that could fix the Mac in question - and I am glad that I don't have to completely re-install the OS...

Contributor III

We've seen a handful of these as well and removing MDM/re-adding it does the trick for us without a complete re-enrollment. Worth trying at least!

Choose the MDM Profile in Sys Prefs > Profiles and delete it. (If you're DEP you won't be able to do this...)
Then open terminal and do: sudo jamf mdm
I believe you'll have to manually approve the profile this way - but once that's done should be back to normal.


Contributor III

can that be scripted to remove and reinstall the MDM?

New Contributor

We're hitting this exact same thing. There is nothing that seems to work. I deleted the profile and ran sudo jamf mdm which SEEMED to work, but now there's no Profiles in Sys Prefs > Profiles.