Help

Configuration Profiles applied per user?

psherotov
Contributor

Posted on ‎09-18-2023 05:44 AM

I would be awesome if I could apply configuration profiles at the user level and then exclude myself and local admin accounts...I vaguely remember that this was not something that worked. Anyone have any successes with this? And would they share how they succeeded?

0 Kudos
2 REPLIES 2

jtrant
Valued Contributor

‎09-18-2023 06:14 AM - edited ‎09-18-2023 06:20 AM

You can only deploy user-level configuration profile to MDM-enabled users on the Mac, which is always the account created during PreStage enrollment (and most likely your end-user account). For non-DEP enrollments, this is the logged in user at the time of enrollment:

https://docs.jamf.com/10.30.0/jamf-pro/administrator-guide/MDM-Enabled_Local_User_Accounts.html

This will automatically exclude your local admin account and, unless you are an MDM-enabled user on the Mac in question, yourself.

0 Kudos

jtrant
Valued Contributor
In response to jtrant

Posted on ‎09-18-2023 12:48 PM

If you really want to be safe you can build a smart group with the usernames you want to exclude and add those to the configuration profile exclusions, but this isn't always reliable since Jamf uses the logged in user at last inventory to decide scoping for user-level MDM profiles.

0 Kudos