Help

Workflow to make computers and devices immediately unusable

kbreed27
Contributor

Posted on ‎08-17-2023 01:31 PM

We have a not insignificant amount of iPads and Macs in our JAMF pro instance that have gone AWOL. We are also over our license count right now. My idea is to make a Computer and Device Pre-stage enrollment group to move all of these non-communicating devices into and delete the device records to free up our license count. A large number of them just need to recovered and retired.

The hope also is have the Macs rebind to our AD instance (I already have this setup) so that a user can login but then the computer is basically unusable after that and just displays a message to contact our support desk.  Is there an optimal way to accomplish this on MacOS and iOS. Like is there away to automate the sending of lost mode/lock device to as soon as a device/computer enrolls?

0 Kudos
1 REPLY 1

jtrant
Valued Contributor

‎08-17-2023 01:58 PM - edited ‎08-17-2023 01:59 PM

You don't need to delete a Mac to free up licenses, just set them to "Unmanaged" by un-checking the "Allow Jamf Pro to perform management tasks" checkbox. Make a view for unmanaged devices that are checking in so that you can make them managed again and take action.

iPads are a little different in that there is no Jamf binary, so your only option is to click the "Remove MDM Profile" button but this will also (obviously) result in a loss of control over the device.

With how critical MDM is, deleting a device record will immediately result in you losing control or visibility on the device, which is probably not something you want to do.

Remote locking with a message to contact the Helpdesk is a good way to get a user's attention and bring them into compliance, but if you have an EDR such as CrowdStrike you can contain the device so it can talk to nothing except the EDR.

You could also look at swiftDialog and make the prompts full screen so that users are less likely to ignore them.

0 Kudos