Good night and good luck.ĮTA: for the Parallels crew, check out this post on Jamf Nation. If Jamf Now recognizes the device as enrolled. Or use an actual physical machine to test. To check if a computer is enrolled in either program, navigate to Auto-Enrollment > View Devices. TBH it's probably something we should all do anyway, to ensure consistent testing with VMs. Special characters can wreak havoc on MDM management as well. I would also strongly recommend using vfuse to define a random serial number rather than letting VMware (for this example at least), because vfuse's -s random will make sure special characters are not used. A list of currently-shipping model IDs can be found here. hw-model can be whatever, as long as it's a real Apple model ID. Open Self Service and login with authenticated domain creds and run a policy. Login with local administrator account created by the pre-stage enrollment. Perform Apple Internet Recovery (If Needed) Boot computer and run through first run wizard. Assign computer to our pre-stage enrollment. path/to/vfuse -i /path/to/osx_custom_ -o /path/to/save/location/ -s random -hw-model "iMacPro1,1" -n "macOS 10.13.3 mdm tester" Add Computer to our DEP account and assign it to Jamf. Using vfuse to build the VM will look something like this: You can add a device to ABM in AC2 without walking through enrollment. Fortunately if you're just evaluating user-approved MDM enrollment (not specifically DEP enrollment) for this change in Jamf Pro 10.3 the s/n can be random (though can't include special characters!), but a model ID must be defined. Yes, to enroll an iOS device via DEP/ADE you have to start with a factory rest O/S and go through setup (or use AC2 with DEP enrollment.) - In AC2 proceed to reset the device with the options to enroll in ABM/ASM and Supervise. In our instance, we have to rename the system, then reboot and then bind. This is comparable to this post by Ross D about testing DEP with VMs. One thing that we found helpful in our new machine workflow: it was discovered that if binding to AD through JAMF via policy object, the policy will take the name of the computer as it was at the start of the policy/script/etc when triggered. If you use VMs to test, my recommendation is to use AutoDMG+vfuse to build it. And as a result, the profiles won't install correctly. It'll do a big ol' "wft mate" during enrollment and cause some weirdness. What's worth noting for those of us that test on VMs, however, is that if you just set up a vanilla VM (with VMware Fusion, Parallels, VirtualBox, or your virtual tool of choice, whatever it is) is that a device without a recognized Apple hardware model ID is going to be treated as a generic "Mobile Device" and not be recognized as a Mac. This way the MDM profile is user-approved, because the user has to accept the installation themselves prior to the rest of the enrollment happening. As you've probably seen from the release notes of Jamf Pro 10.3, the enrollment style has changed for Macs on 10.13.0+ to prompt to install profiles rather than install the QuickAdd (which then installed the profile).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |