Subscribe to Support RSS FeedApple requires interactive end user approval of MDM enrollment profiles to unlock all of the capabilities and payloads available with MDM. User approved MDM is required for a number of key MDM management tasks. These include some of the most powerful features of the MDM protocol including configurations for privacy preferences, including screen recording, and kernel extension safelisting.
User approved MDM payloads are only accepted by devices that have user approved MDM enrollment profiles. Learn more about user-approved MDM payloads.
In macOS 11+ devices that have user approved MDM payloads have the same management capabilities of devices that have enrolled through automated device enrollment and these devices are considered supervised.
Not seeing the Approve button? See Approve Button Missing.
The JumpCloud Mac App prompts end users to approve any non approved MDM enrollment profile that may exist on a JumpCloud managed device.
Any end user on a device has the ability to click the Approve button to make the MDM Enrollment Profile “User Approved”. End user approval needs to be done once per device, regardless of the number of users that have accounts on the device.
Devices that are enrolled in JumpCloud MDM receive prompts to approve JumpCloud MDM Enrollment profiles.
Devices that are enrolled in other MDM vendors also receive prompts to approve non JumpCloud MDM Enrollment profiles.
Approve Button Missing
In some circumstances for unknown reasons, the Approve button isn't present from the Profiles pane seen when approving an MDM Enrollment Profile. The Approve button must be clicked to approve an MDM Enrollment Profile and for a device to be successfully enrolled in MDM.
This is a known issue that can occur on MDM Enrollment Profiles that are installed outside of Apple's Automated Device Enrollment.
The only known method to see the Approve button is to remove the existing enrollment profile and then install a new profile.
To resolve the issue on devices that are targeted by the JumpCloud MDM Enrollment Policy, end users with administrative permissions can remove the JumpCloud MDM Enrollment Profile by clicking the minus sign ( - ) on the Profiles page.
The JumpCloud agent will automatically reinstall the JumpCloud MDM Enrollment Profile for devices running macOS versions 11.0 and earlier and the Approve button will be visible.
For devices running macOS versions 11.0 and later, the JumpCloud Menu Bar App will trigger end users to enroll in MDM.
Learn More