Open Radar

 
Area:
Preferences

Summary:
User acceptance prompt introduced with 10.13.2 beta 1 (17C60c) will negatively impact fresh/new enrollments into Jamf Pro MDM. As an administrator for hundreds of machines, with new machines being enrolled weekly, I can not reliably trust end users to successfully approve the MDM profile with each occurrence. This will negatively impact my organizations ability to properly manage machines and utilize MDM. 

Per the release notes, this approval feature is disabled for machines enrolled in DEP, but not all organizations can make use of DEP at this time. DEP is the future, but not everyone is there yet. 

This change has the potential to impact over 1700 Macs. 

Steps to Reproduce:
A working Jamf Pro instance is required to properly replicate this process. My testing was done with Jamf Pro JSS 9.101.0-t1504998263 but the process should be the same for the recently released Jamf Pro v10.0.0.

Enroll a Mac into Jamf Pro management using the Quick Add installer package for your Jamf system. Once the enrollment has successfully completed, launch System Preferences, navigate to Profiles and then select the MDM Profile from the Profiles list on the left. With 10.13.2 beta 1, end users will be presented with a warning, “This profile was installed without user consent”. Click the “Details” button which will expose a drop-down sheet with further instructions, including the option to approve the profile.

Expected Results:
The MDM profile delivered by the Jamf Pro server should be immediately accepted by the OS with out any end user interaction.

Actual Results:
End users are expected to approve the MDM profile. Failure to approve the profile impacts MDM performance. 

Version/Build:
17C60c

Configuration:
Jamf Pro Server JSS 9.101.0-t1504998263 
Jamf Pro QuickAdd.pkg
macOS client