Using Apple Configurator post setup of managed device

jriker1
New Contributor II

If I have Apple devices, managed by jamf, fully supervised and setup thru Apple DEP, how do I access those devices from my Mac? I am trying to access it and wipe it and reboot it and re-enroll it. Kind of like the cart put it back and refresh it thing. I went into Apple Configurator 2 and setup a supervision identity thru DEP (under Preferences > Organizations) but when I tie the iPad to my Mac, still comes up as pairing is prohibited by policy without the supervision certificate. Am I missing something else that needs to be done for this computer to be a trusted admin of this device?

Thanks.

JR

6 REPLIES 6

sshort
Valued Contributor

If you're going to have physical access to the devices check out the Jamf Reset app. It does exactly what you describe: erase a device to your base settings for another user. https://www.jamf.com/jamf-nation/articles/559/configuring-and-deploying-the-jamf-reset-app

jriker1
New Contributor II

Thanks. I've heard of that, but good to read the article, or reading. One issue with this is how does it get back on the Wi-Fi to reconfigure itself? I'm trying to avoid the manual process so was hoping with automator to push a Wi-Fi profile to the device after a wipe, and allow it to reconnect with DEP. Don't want our staff to be having to enter Wi-Fi info and credentials.

Thanks.

JR

jriker1
New Contributor II

Note I have kind of got this working in reverse. I took the supervision identify from my Apple Configurator 2 and loaded it into a DEP profile in JAMF. Then any new device that gets this profile can be managed by the Mac. But thinking this is backwards. Plus limited to devices that have provisioned on that profile and only ones since I added it to DEP.

Thanks.

JR

mickgrant
Contributor

i think your problem is in your pre-stage enrolment where you have pairing blocked. This will stop it connecting to the Mac
02da5c27bb54487c9bc1d4075f38df46

the fix it just wipe device from your management window for the device and re-roll through DEP will be automated, it will get your new prestage enrolment that will allow pairing with your configurator 2 machine in the future

jriker1
New Contributor II

Thanks, but that would be a security hole our CISO wouldn't like. If I could pare with a particular Mac that's fine, but that would allow it to pair with any computer.

Thanks.

JR

thejenbot
Contributor III

I think that the supervision identity thing may have gotten broken somewhere along the way, most likely an iOS update - this is no longer working for me, either, and someone at jamf tried out the workflow and it wasn't working for him, either...