What do you do with old devices?

Eltord
Contributor

So I have around 360 devices that haven't checked into Jamf for at least 60 days. Thats a lot of licenses being used for no reason. Around 300 of those haven't checked in for 90 days, and maybe half of those haven't checked in for at least a year.

My fear is, we have devices all over the world, and managers that like to hold onto returned devices in a drawer for their next employee. If I move these devices into unmanaged, then i'll have to be notified that the device is going to be used again to move it into managed or the device won't get updates or any management tasks when, not if, the manager just turns it back on and hands it to their new employee and says "here, get to work". If I delete the device from jamf so its not taking a license anymore, then I have the same problem, but the only resolution is a full re-jamf. I have a feature request in for some time for some kind of Archived mode (similar to what Filewave has/had) that we could put a device in (call it Quiet or Stored mode), it doesn't take a license anymore but once the device checks in it will take a license and become reactivated again, but that doesn't appear to be coming anytime soon.

 

Is anyone else in any kind of similar scenario? What do you do to resolve these problems? Am I just missing something huge thats should be screaming to my face, but i'm missing it entirely and my boss will be mad at me when he see's someone say "yeah dude, just click this single button, duh"?

10 REPLIES 10

vinu_thankachan
Contributor

We also have inactive devices. We are now moving the devices to unmanaged.
This will save licenses and preserve the inventory details including the FV recovery key.

nwiseman
Contributor

+1 for un-managing inactive devices to keep data. We started doing that when we had hundreds of old devices taking up licenses and it's worked out well for us. 

jarsport
New Contributor II

We are facing the same issue.  Haven't landed on a solution yet either.  Doing the same move to unmanaged at this point as well.

Vaid
New Contributor III

I would recommend integrating JAMF with your Asset Inventory tool and then update the devices as 'Unmanaged' when status of that asset is no more active on user name as per Asset Inventory Tool.

St0rMl0rD
Contributor III

We've also seen this on older iPads, but we discovered that many of them lost MDM connectivity to Jamf Pro, so we had to restore and reenrol them to get them connected again - they were actually in use all the time, but the last inventory update was many months (or even years) ago.

Klenke_daniel
New Contributor III

What we did was created a smart group and set the operator to more than x days ago.  Once you've done that you can add it to the excluded group for your apps and it will free up said license.  

mschroder
Valued Contributor

We move devices that have not reported for more than 92 days (365 days in case they have encrypted disks and we have the recovery key) into special smart groups, and have a script that deletes the devices from these groups on a regular basis.

pete_c
Contributor III

Consider this as a policy need more than a technology need: after X days without checking in, any org-owned device will be moved to unmanaged; before it can be redeployed, the local whomever needs to communicate the device name/serial and take all necessary steps to re-enroll and update the device.

When you frame the process as both cost-savings (freeing up licenses) as well as security (mandating that devices must be managed and updated prior to being returned to service) you'll get buy-in.

Jeff_mqu
New Contributor

Hi all, digging up an old post here, I have been reviewing my process around old / stale device clean up in JAMF Pro Cloud. I use a smart group that lists devices that haven't checked in for more than 180 days (conservative I know).

I then periodically delete there devices manually (via the mass action delete command on this Smart group).

Wondering if it would be better to unmanage these devices instead of deleting them (as a few have suggested earlier) & if so does anyone have a good way to automate this unmanage process?

There's no 'Action' in an Advanced Search or members of a Smart Group to change Managed status, but it can be done with the API.

See here: https://community.jamf.com/t5/jamf-pro/unmanaging-macos-devices-through-api/m-p/292683