Enroll Remote macOS Systems with the MDM Enrollment Policy




Reading the tea leaves from Apple®’s WWDC2020, it’s evident that their mobile device management (MDM) framework is the future for macOS® lifecycle management. 

To that end, JumpCloud® is excited to offer admins a seamless way to remotely enroll macOS systems into MDM via policy in the Directory-as-a-Service® platform.

Admins can implement the JumpCloud MDM Enrollment policy in just a few clicks — enrolling their entire fleet of macOS systems into MDM without any end user input, interaction, or disruption.

One of the most exciting aspects of this policy is its ability to be used to migrate from another MDM vendor to JumpCloud. JumpCloud provides robust system management capabilities across Mac®, Windows®, and Linux® systems, leading many admins to Directory-as-a-Service as a way to consolidate device management into a single platform. 

How it Works

The MDM Enrollment Policy leverages the macOS system agent to apply the JumpCloud MDM enrollment profile.  

JumpCloud policies execute on a device’s agent check-in. This means that targeted offline systems will receive the policy’s payload the next time they come online.  

With one click of the checkbox shown below, the policy will also migrate the bound system from another MDM vendor to JumpCloud MDM.

When selected, the JumpCloud system agent removes any existing non-JumpCloud MDM enrollment profiles before installing the JumpCloud MDM profile on the macOS device. Like the Highlander, there can only be one MDM enrollment profile, so admins using another MDM provider must use this policy to remove existing profiles before deploying the JumpCloud MDM enrollment profile. 

Note: If a device has been enrolled into MDM via automated device enrollment (DEP) and the profile is set to be non-removable, the JumpCloud agent will not be able to remove this profile and migrate the system to JumpCloud MDM.

For admins looking to migrate systems in this state, the device must be reassigned to the JumpCloud MDM server through Apple Business or School Manager, and then re-registered to the profile via new device activation.

Why It Matters

For admins working in the new remote “work from home” world, macOS system management capabilities available via Apple MDM are more important than ever.

Often, the trickiest part of managing remote systems is deploying management software to them securely. The JumpCloud MDM Enrollment policy allows JumpCloud admins to roll out JumpCloud MDM to existing systems in their org with just a few clicks.

For admins that may have no remote system management currently in place, this policy can be paired with a new feature that allows end users to enroll their own machines into JumpCloud via a self-service workflow in the JumpCloud User Portal, creating a clear path to implement MDM.  

What’s Next

The JumpCloud Apple MDM development team is hard at work developing features that will capitalize on the investment Apple has made in the Apple MDM protocols revealed during its world wide developer conference. Stay tuned for releases that blend the power of the JumpCloud directory with the payloads only available via Apple MDM.


Related Posts
Monitor what software is installed on your remote users’ laptops to mitigate security risks and ensure it’s up-to-date. Try JumpCloud Free today.

Blog

How to Monitor Software Installation on Remote User Laptops

Monitor what software is installed on your remote users’ laptops to mitigate security risks and ensure it’s up-to-date. Try JumpCloud Free today.

Use a cloud directory platform to grant Windows, Mac, and Linux device certificates and establish a zero trust security model. Try JumpCloud Free.

Blog

Using Certificates for Device Trust in a Zero Trust Environment

Use a cloud directory platform to grant Windows, Mac, and Linux device certificates and establish a zero trust security model. Try JumpCloud Free.

In order to keep remote laptops secure and up-to-date, IT admins need a solution with a remote command line option. Try JumpCloud Free.

Blog

Manage Laptops Remotely with the Command Line

In order to keep remote laptops secure and up-to-date, IT admins need a solution with a remote command line option. Try JumpCloud Free.