Is there any way that I can do a dry run on a machine to see which
policies it's in scope without running them? Sort of like Powershells
'-whatif' command or '-list'
Working from the simplest first: have you enabled Cloud Identity
Provider and set the mappings to taste? Are you using SSO for the users
to authenticate when enrolling the devices or are you using something
like Jamf Connect post build to create the ...
Not a best practice as everyone should move to token authentication but
seems to be conflicting information about it as its still available in
11.9! Basic authentication in the Classic API is no longer supported and
will be turned off for all 11.5.0 ...
It would seem that its an all or nothing situation with the MDM
protocol:
https://support.apple.com/en-gb/guide/deployment/dep0f7dd3d8/web Use of
cameras iOS 5 iPadOS 13.1 This restriction is deprecated on unsupervised
devices and will be supervised ...
Exactly this. Work on adapting user behaviour rather than trying to
break Apples security. Theres tools such as Screen Nudge that can prompt
the user to enable screen recording for each application that requires
it.
You should set this up when the machine builds that it uses the cloud
mapping for the samAccountName as it will cause these issues. To rectify
those that have the issue, you can look at Directory Utility when not
logged in as the user to carry it out...
