MDM Profiles

Here is a simple but useful command for the jamf binary.

       sudo jamf mdmenroll

This will force a new mdm enrollment request from the JSS, removing the old MDM profile and any profiles installed, installing a new MDM profile, and pushing new Configuration Profiles. This is useful as it won't enforce the rest of the management framework, meaning policy won't keep profiles from being installed.

From what I can tell, this is wrappered into the jamf recon and jamf enroll commands. I think it is probably part of a management call that goes something like mcx, policy, mdmenroll, making profiles wait for everything else and/or removing them every other time the policy runs. It appears that having an enroll call removes management if there was management in place before.

If you have a policy that is filling the last user on a machine with jamf recon -endUser or something similar, add a -noManage flag to the policy so that you don't have to redo the mdmenroll. There will probably updates or follow ups on this topic as time goes on.