JumpCloud Webinar: How to Secure Identities and Devices Across a Remote Workforce Register today

The JumpCloud Lounge Q&A Roundup: Enrolling in JumpCloud MDM, Pulling Disk Space, & Using Hardware for MFA




The JumpCloud® Lounge is a public Slack workspace where JumpCloud administrators, IT pros, and platform experts worldwide talk shop. People in the Lounge discuss JumpCloud pro tips and solutions to learn about putting the cloud directory platform to use at their organization.

We rounded up some of the Lounge’s recent questions and the answers provided by community members. While every IT environment is different, the Lounge community has a wealth of experience navigating them with or without JumpCloud’s cloud directory platform.

This roundup contains recent Lounge Q-and-As about how to troubleshoot MDM enrollment on a VM, looking at disk space across your devices, and options for multiple authentication for managed resources. 

Troubleshooting Installation Issues with JumpCloud’s MDM Enrollment Policy

Q: I’m trying out JumpCloud’s MDM Enrollment Policy to enroll a device into JumpCloud MDM for macOS® management. The policy isn’t installing successfully in testing on a virtual machine (VM). Has anyone ever seen this when trying to apply the MDM Enrollment Policy?

A: JumpCloud’s MDM Enrollment Policy lets IT admins enroll one or multiple macOS devices into JumpCloud MDM. The Policy silently installs the JumpCloud MDM Enrollment profile on systems, can be used to enroll JumpCloud-managed Macs in bulk, and makes it easy to migrate to JumpCloud MDM from another vendor. If you’re seeing failing Policy enrollment, there are a few places to start troubleshooting.  

You can try downloading the profile via your console’s MDM tab and then installing manually. With the profile downloaded on the VM, you’ll want to open System Preferences > Profiles > [+] and select the mobileconfig there. 

If the target device is a VM and the Policy installation is still unsuccessful, the culprit is likely your VM’s UDID (UUID) or serialNumber being rotated, which can cause issues registering the VM. You can correct this by setting your VM’s universally unique identifier (UUID) or serialNumber back to match what it was previously. Alternately, you can change both so they’re unique to the device. 

If either the UUID or the serialNumber doesn’t match what was previously used in a JumpCloud instance, the MDM Policy won’t load. Your JumpCloud instance stores these attributes for a system even after it’s deleted to allow for any future zero-touch provisioning.

You can learn more about enrolling in JumpCloud MDM by joining Office Hours on September 25th.

Pulling Disk Space with System Insights

Q: Is there a way to pull available disk space on end user devices using System InsightsTM in my JumpCloud Admin Portal? 

A: Yes, you can use System Insights to assess disk space on end user Windows®, Mac, and Linux® devices. System Insights is an asset management feature providing JumpCloud Admins with telemetry across their end user device fleets to easily gather information about JumpCloud-managed devices, including data on users and groups, hardware, apps and extensions, and more. 

For Windows devices, this information is in the Logical Drives table: 

For macOS and Linux, find the info in the Mounts table:

Using Hardware for Multi-factor Authentication 

Q: Does JumpCloud support any types of physical hardware options for multi-factor authentication (MFA or 2FA)? 

A: JumpCloud supports the use of physical hardware keys for end user MFA/2FA with WebAuthn. JumpCloud’s WebAuthn 2FA protects JumpCloud User Portal authentications, Single Sign On (SSO) applications, and password changes made from the User Portal.

You can use a variety of physical hardware keys with JumpCloud WebAuthn, like Google Titan and Yubikey, along with biometric authentication methods like a device fingerprint reader. These provide your end users an alternate way to verify their identity other than using a phone for TOTP MFA for the User Portal and SSO apps.

JumpCloud Admins can easily configure security settings for their organization’s users from their Admin Portal: 

Join Us in the Lounge

We hope you join the JumpCloud Lounge today and explore the channels and topics that are most interesting to you. Type !channels in a private message to yourself and Slack will respond with all the Lounge channels available to join. If you’d like to request a new channel, let us know by emailing slack_owner@jumpcloud.com

The JumpCloud Lounge doesn’t replace the standard avenues of speaking with your Customer Success Manager or filing a support ticket, but it does offer a new way to find answers to your questions and connect with your community of IT admins. 

Haven’t checked out the JumpCloud cloud directory platform yet? You can try JumpCloud Free with up to 10 users and 10 systems, plus free premium chat support for your first 10 days in JumpCloud. 


Recent Posts
PCI DSS requires that environmental event reports are readily available. JumpCloud provides deep holistic event reports at the ready.

Blog

PCI DSS Part 3: Monitoring & Reporting

PCI DSS requires that environmental event reports are readily available. JumpCloud provides deep holistic event reports at the ready.

Need more than Google Cloud Identity? Learn how to centrally manage identities not just for Google services but also for all IT resources.

Blog

Cloud IAM Feature — Google Cloud Identity

Need more than Google Cloud Identity? Learn how to centrally manage identities not just for Google services but also for all IT resources.

Traditional GPOs served IT admins well for a time, but now struggle with modern infrastructure, resources, and remote work. Find a hosted GPO option here.

Blog

Hosted Group Policy Objects (GPOs)

Traditional GPOs served IT admins well for a time, but now struggle with modern infrastructure, resources, and remote work. Find a hosted GPO option here.