The JumpCloud Lounge Q&A Roundup: Enrolling in JumpCloud MDM, Pulling Disk Space, & Using Hardware for MFA




The JumpCloud® Lounge is a public Slack workspace where JumpCloud administrators, IT pros, and platform experts worldwide talk shop. People in the Lounge discuss JumpCloud pro tips and solutions to learn about putting the cloud directory platform to use at their organization.

We rounded up some of the Lounge’s recent questions and the answers provided by community members. While every IT environment is different, the Lounge community has a wealth of experience navigating them with or without JumpCloud’s cloud directory platform.

This roundup contains recent Lounge Q-and-As about how to troubleshoot MDM enrollment on a VM, looking at disk space across your devices, and options for multiple authentication for managed resources. 

Troubleshooting Installation Issues with JumpCloud’s MDM Enrollment Policy

Q: I’m trying out JumpCloud’s MDM Enrollment Policy to enroll a device into JumpCloud MDM for macOS® management. The policy isn’t installing successfully in testing on a virtual machine (VM). Has anyone ever seen this when trying to apply the MDM Enrollment Policy?

A: JumpCloud’s MDM Enrollment Policy lets IT admins enroll one or multiple macOS devices into JumpCloud MDM. The Policy silently installs the JumpCloud MDM Enrollment profile on systems, can be used to enroll JumpCloud-managed Macs in bulk, and makes it easy to migrate to JumpCloud MDM from another vendor. If you’re seeing failing Policy enrollment, there are a few places to start troubleshooting.  

You can try downloading the profile via your console’s MDM tab and then installing manually. With the profile downloaded on the VM, you’ll want to open System Preferences > Profiles > [+] and select the mobileconfig there. 

If the target device is a VM and the Policy installation is still unsuccessful, the culprit is likely your VM’s UDID (UUID) or serialNumber being rotated, which can cause issues registering the VM. You can correct this by setting your VM’s universally unique identifier (UUID) or serialNumber back to match what it was previously. Alternately, you can change both so they’re unique to the device. 

If either the UUID or the serialNumber doesn’t match what was previously used in a JumpCloud instance, the MDM Policy won’t load. Your JumpCloud instance stores these attributes for a system even after it’s deleted to allow for any future zero-touch provisioning.

You can learn more about enrolling in JumpCloud MDM by joining Office Hours on September 25th.

Pulling Disk Space with System Insights

Q: Is there a way to pull available disk space on end user devices using System InsightsTM in my JumpCloud Admin Portal? 

A: Yes, you can use System Insights to assess disk space on end user Windows®, Mac, and Linux® devices. System Insights is an asset management feature providing JumpCloud Admins with telemetry across their end user device fleets to easily gather information about JumpCloud-managed devices, including data on users and groups, hardware, apps and extensions, and more. 

For Windows devices, this information is in the Logical Drives table: 

For macOS and Linux, find the info in the Mounts table:

Using Hardware for Multi-factor Authentication 

Q: Does JumpCloud support any types of physical hardware options for multi-factor authentication (MFA or 2FA)? 

A: JumpCloud supports the use of physical hardware keys for end user MFA/2FA with WebAuthn. JumpCloud’s WebAuthn 2FA protects JumpCloud User Portal authentications, Single Sign On (SSO) applications, and password changes made from the User Portal.

You can use a variety of physical hardware keys with JumpCloud WebAuthn, like Google Titan and Yubikey, along with biometric authentication methods like a device fingerprint reader. These provide your end users an alternate way to verify their identity other than using a phone for TOTP MFA for the User Portal and SSO apps.

JumpCloud Admins can easily configure security settings for their organization’s users from their Admin Portal: 

Join Us in the Lounge

We hope you join the JumpCloud Lounge today and explore the channels and topics that are most interesting to you. Type !channels in a private message to yourself and Slack will respond with all the Lounge channels available to join. If you’d like to request a new channel, let us know by emailing slack_owner@jumpcloud.com

The JumpCloud Lounge doesn’t replace the standard avenues of speaking with your Customer Success Manager or filing a support ticket, but it does offer a new way to find answers to your questions and connect with your community of IT admins. 

Haven’t checked out the JumpCloud cloud directory platform yet? You can try JumpCloud Free with up to 10 users and 10 systems, plus free premium chat support for your first 10 days in JumpCloud. 


Related Posts
JumpCloud is adding support for Zero-Touch Enrollment for MacOS; this article details how this works and what's happening behind the scenes.

Blog

The Directory-Driven Magic Behind JumpCloud’s Zero-Touch Enrollment

JumpCloud is adding support for Zero-Touch Enrollment for MacOS; this article details how this works and what's happening behind the scenes.

Zero-Touch Enrollment for Macs allows admins to onboard new employees faster and more easily with one secure identity to access their device and resources.

Blog

Unify Device and Identity at Onboarding with Zero-Touch Enrollment

Zero-Touch Enrollment for Macs allows admins to onboard new employees faster and more easily with one secure identity to access their device and resources.

As the IT world shifts away from Windows to macOS, a lot of IT admins are asking what are the best practices for integrating Macs with Active Directory.

Blog

Best Practices for Integrating Macs with Active Directory

As the IT world shifts away from Windows to macOS, a lot of IT admins are asking what are the best practices for integrating Macs with Active Directory.