So I have around 360 devices that haven't checked into Jamf for at least 60 days. Thats a lot of licenses being used for no reason. Around 300 of those haven't checked in for 90 days, and maybe half of those haven't checked in for at least a year.
My fear is, we have devices all over the world, and managers that like to hold onto returned devices in a drawer for their next employee. If I move these devices into unmanaged, then i'll have to be notified that the device is going to be used again to move it into managed or the device won't get updates or any management tasks when, not if, the manager just turns it back on and hands it to their new employee and says "here, get to work". If I delete the device from jamf so its not taking a license anymore, then I have the same problem, but the only resolution is a full re-jamf. I have a feature request in for some time for some kind of Archived mode (similar to what Filewave has/had) that we could put a device in (call it Quiet or Stored mode), it doesn't take a license anymore but once the device checks in it will take a license and become reactivated again, but that doesn't appear to be coming anytime soon.
Is anyone else in any kind of similar scenario? What do you do to resolve these problems? Am I just missing something huge thats should be screaming to my face, but i'm missing it entirely and my boss will be mad at me when he see's someone say "yeah dude, just click this single button, duh"?
I would recommend integrating JAMF with your Asset Inventory tool and then update the devices as 'Unmanaged' when status of that asset is no more active on user name as per Asset Inventory Tool.
We've also seen this on older iPads, but we discovered that many of them lost MDM connectivity to Jamf Pro, so we had to restore and reenrol them to get them connected again - they were actually in use all the time, but the last inventory update was many months (or even years) ago.
We move devices that have not reported for more than 92 days (365 days in case they have encrypted disks and we have the recovery key) into special smart groups, and have a script that deletes the devices from these groups on a regular basis.
Consider this as a policy need more than a technology need: after X days without checking in, any org-owned device will be moved to unmanaged; before it can be redeployed, the local whomever needs to communicate the device name/serial and take all necessary steps to re-enroll and update the device.
When you frame the process as both cost-savings (freeing up licenses) as well as security (mandating that devices must be managed and updated prior to being returned to service) you'll get buy-in.