Jamf Nation Community

Thank you for the response. Did some more experimenting and it gets weirder. What I described above was happening while logged into the local admin account. When I logged in as the user's mobile account, Self Service works the way it should and app store apps install without any account info or password.

For an App Store app to install from Self Service the logged in user has to be an MDM Capable user. Was your local admin account listed as an MDM Capable user in the JSS?

Also, I have seen Self Service take me to the App Store as well. In these cases it is because the Install button was clicked more then once. If it is selected once and you click it again before the install starts it will take you to the App Store. Seems to be because something with the license already being used to install on your device but since it has finished the install one or more groups, ie the device or Apple or JAMF, not knowing about the license being used by the device. This is confusing but I admit I do not understand all of it.

The important notes from my rant:
1) Logged in user has to be listed as MDM capable.
2) Click the install button only once.

I have observed this on my High Sierra Beta test machine. Was logged in as local admin so will have to verify MDM capable user, but I am fairly sure that account is set up as such already. Bookmarked for more info.

Thank you, everybody. I've got some more exploring to do, but this puts me on the right track.

Hello
I will add my trouble with the VPP Installation since the introduction of Apples UAMDM.
I ended up on a support call with Jamf for this very problem. I was informed by Jamf the underlying issue is a result of Apple implementing the UAMDM Enrolment.
Prior to this VPP Apps would install very easy.
Our Lab machines are still bound to AD (Until NoADLogin matures more). What I found is our Local Management Account could not install VPP apps. For some reason only a AD account would become MDM Capable.
Yesterday was a classic situation of Jamf (& Apple) not 'making it easy' for management of Macs.
- Student asks for FCX to be installed on TV Production Macs. - We scope the Lab to FCX in Mac App Store in Jamf. Depending on which account is MDM Capable the student would be prompt to enter a User name and password. This has to be an Admin password, which means IT has to get involved.
- Not the point of VPP installation.

For DEP prior to the UAMDM:
Previously (Prior to 10.13.3 I think), you scope out the lab with the VPP app and it installs, regardless of the user logged in. Easy.
Now I need to log into each Mac after DEP has finished with an approved MDM account (in this instance its always a AD account) to install any VPP software.

Anyone found a solution or decent work around yet?
Am I doing something wrong?

cheers.
A

Update: Here is the solution Jamf gave me:
Option A: 1. Allow MDM profile removal in prestage before enrollment 2. Remove and re-install the MDM profile (sudo jamf removeMDMprofile; sleep 10; sudo jamf MDM) 3. Sign out, then back in to same user Option B: 1. Manually remove MDM profile via Management tab of device record 2. Re-install MDM profile via "sudo profiles -N" 3. Sign out then back in to same user 4. Run "sudo jamf manage" as well, as it will flip to unmanaged after this MDM profile removal method

Update 2: I came across this URL from another Jamf Nation discussion i was reading.

Here's a simple trick that has worked for me a few times.

Link