MacOnboardingMate – Knowledge base

Knowledge base

Jamf School – Renaming method is ignored at enrollment while planned in the workflow

Steps to reproduce :
– MOM Location configured with a renaming method
– The device is enrolled for the first time in Jamf School
– The renaming method is applied and the local Computer name is registered in the device details
– The device is erased and re-enrolled
– The renaming method is ignored and the Computer name is forcibly set to the name displayed in the device details.

What does explain this behaviour ?

At enrollment, Jamf School is source of truth for the device name of a previously enrolled device. MOM anticipates this policy, disabling any planned renaming method if the device being enrolled is already part of the Jamf School devices inventory.

Mismatch between the workflow applied during MOM Setup and the current MDM Location

Steps to reproduce :
– Two MOM Locations, one linked to an Automated Device Enrollment (ADE) Token « A » and the other linked to an ADE Token « B »
– The device is enrolled in MDM Location « A » via the ADE Token « A » that is probably not removable locally (unenrollment prevention)
– The device is moved from the ADE Token « A » to the ADE Token « B » without being unenrolled from the MDM console
– The device’s bootstrap profile stored in Apple Business Manager or Apple School Manager reflects this change
– MOM Setup has no mechanism to determine that the enrolled device is currently not enrolled in the new targeted MDM Location
– Therefore MOM Setup applies blindly the MDM workflow for MDM Location « B » to the device still enrolled in MDM Location « A ».

How to avoid this situation ?

When a device is moved between two ADE Tokens, don’t miss to unenroll the device from its original MDM Location. MOM Setup will determine that the device is not enrolled in MDM and will trigger its enrollment using Automated Device Enrollment. Once the device is enrolled in the new targeted MDM Location, MOM Setup will apply the matching MDM configuration.

Notification « AutoSetup aborted. The AutoSetup execution was prevented by a probe. » displayed during or after Setup

Steps to reproduce :
– MOM AutoSetup package scoped to all the devices enrolled in the MDM
– MOM Setup used to enroll a device using Device Enrollment (no Automated Device Enrollment capable device).

How to avoid this situation ?

If an AutoSetup package is scoped to all the devices enrolled, the MDM will spontaneously push the package to the device currently or previously enrolled, depending of its velocity. AutoSetup uses probes to detect if a Setup is in progress or was executed and in this situation, exits with the notification « AutoSetup aborted. The AutoSetup execution was prevented by a probe. » To avoid the display of this notification, scope the MOM AutoSetup only to devices enrolled using Automated Device Enrollment (smart group with the appropriate enrollment criteria).