{"id":75621,"date":"2023-06-05T13:11:09","date_gmt":"2023-06-05T17:11:09","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=75621"},"modified":"2024-04-23T11:33:02","modified_gmt":"2024-04-23T15:33:02","slug":"create-a-mac-mdm-enrollment-policy","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy","title":{"rendered":"Create a Mac MDM Enrollment Policy"},"content":{"rendered":"\n<p>JumpCloud policies&nbsp;can help you customize, manage, and secure devices in your organization. You can create a Mobile Device Management (MDM) enrollment policy to enroll existing macOS devices in MDM without using Apple\u2019s Automated Device Enrollment.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Creating an&nbsp;MDM Enrollment Policy<\/h2>\n\n\n\n<p>You&nbsp;need to distribute and install your organization\u2019s MDM enrollment policy and users will then approve the enrollment profile. For more information, see&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/add-company-owned-apple-devices-to-mdm-with-device-enrollment\" target=\"_blank\" rel=\"noreferrer noopener\">Add Company-Owned Apple Devices to MDM with Device Enrollment<\/a>. Creating an MDM enrollment policy to do this saves you time and headaches.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>If your macOS device has been added to Apple Business Manager (ABM) or Apple School Manager (ASM) and the JumpCloud agent is installed, you can avoid wiping the device by following this procedure.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>MDM is configured for your organization. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/set-up-apple-mdm\" target=\"_blank\" rel=\"noreferrer noopener\">Set up Apple MDM<\/a>.<\/li>\n\n\n\n<li>To assign a&nbsp;policy&nbsp;to a device, you need an active device running the JumpCloud agent on a supported OS. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/get-started-devices\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Devices<\/a>.<\/li>\n\n\n\n<li>To assign a&nbsp;policy&nbsp;to a device group, you need a device group. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/get-started-device-groups\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Device Groups<\/a>.<\/li>\n\n\n\n<li>Users must be bound to the device in the Admin Portal before they will be prompted to&nbsp;<a href=\"#approve\">approve the MDM enrollment profile<\/a>&nbsp;on the device.<\/li>\n<\/ul>\n\n\n\n<p><strong>To create a JumpCloud MDM Enrollment Policy for Mac<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Log in to the JumpCloud Admin Portal:&nbsp;<a target=\"_blank\" href=\"https:\/\/console.jumpcloud.com\/login\" rel=\"noreferrer noopener\">https:\/\/console.jumpcloud.com\/login<\/a>.<\/li>\n\n\n\n<li>Go to&nbsp;<strong>DEVICE MANAGEMENT &gt;&nbsp;Policy Management<\/strong>.<\/li>\n\n\n\n<li>In the&nbsp;<strong>All<\/strong>&nbsp;tab, click (<strong>+<\/strong>).<\/li>\n\n\n\n<li>On the New Policy panel, select the&nbsp;<strong>Mac<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>Locate the&nbsp;<strong>JumpCloud MDM Enrollment<\/strong>&nbsp;policy, then click&nbsp;<strong>configure<\/strong>.<\/li>\n\n\n\n<li>(Optional) On the&nbsp;<strong>New Policy<\/strong>&nbsp;panel, enter a new, unique name for the&nbsp;policy&nbsp;or keep the default.&nbsp;<\/li>\n\n\n\n<li>(Optional) Under&nbsp;<strong>Settings<\/strong>, select<strong>&nbsp;Remove existing non-JumpCloud MDM enrollment profiles<\/strong>&nbsp;if you want to migrate devices previously enrolled in another MDM vendor. Selecting this removes existing non-JumpCloud MDM enrollment profiles before re-applying the JumpCloud MDM enrollment profile. However, it doesn\u2019t remove existing enrollment profiles from other MDM vendors if the devices were enrolled through Apple\u2019s Automated Device Enrollment. If you don\u2019t have any devices that used another MDM vendor, the&nbsp;<strong>Remove existing non-JumpCloud MDM enrollment profiles<\/strong>&nbsp;setting isn\u2019t visible.<br><img decoding=\"async\" width=\"2028\" height=\"1402\" class=\"wp-image-83666\" style=\"width: 800px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png 2028w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting-300x207.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting-1024x708.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting-768x531.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting-1536x1062.png 1536w\" sizes=\"(max-width: 2028px) 100vw, 2028px\" \/><\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab, then select one or more device groups where you&#8217;ll apply this policy.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Devices enrolled in ADE should not be added to an MDM Enrollment policy. Adding ADE devices to an MDM Enrollment policy may result in unexpected behavior during policy deployments.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"9\">\n<li>(Optional) Select the&nbsp;<strong>Devices<\/strong>&nbsp;tab, then select one or more devices where you&#8217;ll apply this&nbsp;policy.<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>save again<\/strong>&nbsp;to confirm.&nbsp;Allow up to a few minutes for the new policy to appear on the Policies&nbsp;page.<\/li>\n<\/ol>\n\n\n\n<p>After you create and apply a policy, the agent on an individual device continuously compares the local policy with the policy you created in JumpCloud. If a user modifies a device policy, JumpCloud automatically modifies the device policy to comply with the JumpCloud policy. This process ensures that JumpCloud policy and local devices are kept in sync.<br><br>Some policies take effect immediately while other policies may require an additional activation step, such as restarting the local system. After a policy takes effect, you can view the policy&#8217;s&nbsp;status or review the log file to determine if the policy requires additional attention.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"approve\">Approving an MDM Enrollment Profile<\/h2>\n\n\n\n<p>After you complete the JumpCloud enrollment policy described above, users must approve the MDM profile to unlock any user-approved MDM payloads.\u00a0<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Users must be bound to the device in the Admin Portal in order to be prompted to approve an MDM enrollment profile on the device.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>Users need Admin permissions on their devices to approve the enrollment profile. If you want to later remove Sudo\/Admin privileges from the\u00a0user, see\u00a0<a href=\"https:\/\/jumpcloud.com\/support\/set-admin-sudo-permissions\" target=\"_blank\" rel=\"noreferrer noopener\">Set Admin\/Sudo\u00a0Privileges<\/a>.<\/p>\n\n\n\n<p>Users running currently supported macOS versions (11.0 Big Sur or later) click\u00a0<strong>Enroll<\/strong>\u00a0in the menu bar app to start the enrollment approval. Users then click\u00a0<strong>Continue<\/strong>\u00a0to manually install the enrollment profile and follow the steps to complete the enrollment.<br><img decoding=\"async\" width=\"396\" height=\"277\" class=\"wp-image-109317\" style=\"width: 500px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/mdm_enrollment_policy_enroll_via_menu_bar_app.jpg\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/mdm_enrollment_policy_enroll_via_menu_bar_app.jpg 396w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/06\/mdm_enrollment_policy_enroll_via_menu_bar_app-300x210.jpg 300w\" sizes=\"(max-width: 396px) 100vw, 396px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>JumpCloud policies&nbsp;can help you customize, manage, and secure devices in your organization. You can create a Mobile Device Management (MDM) [&hellip;]<\/p>\n","protected":false},"author":203,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852,2995,2862],"support_tag":[],"coauthors":[2837],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create a Mac MDM Enrollment Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to create an MDM enrollment policy to enroll existing macOS devices in MDM without using Apple\u2019s ADE.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Mac MDM Enrollment Policy\" \/>\n<meta property=\"og:description\" content=\"Learn how to create an MDM enrollment policy to enroll existing macOS devices in MDM without using Apple\u2019s ADE.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-23T15:33:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"derekpietras\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy\",\"url\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy\",\"name\":\"Create a Mac MDM Enrollment Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png\",\"datePublished\":\"2023-06-05T17:11:09+00:00\",\"dateModified\":\"2024-04-23T15:33:02+00:00\",\"description\":\"Learn how to create an MDM enrollment policy to enroll existing macOS devices in MDM without using Apple\u2019s ADE.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create a Mac MDM Enrollment Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create a Mac MDM Enrollment Policy - JumpCloud","description":"Learn how to create an MDM enrollment policy to enroll existing macOS devices in MDM without using Apple\u2019s ADE.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy","og_locale":"en_US","og_type":"article","og_title":"Create a Mac MDM Enrollment Policy","og_description":"Learn how to create an MDM enrollment policy to enroll existing macOS devices in MDM without using Apple\u2019s ADE.","og_url":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy","og_site_name":"JumpCloud","article_modified_time":"2024-04-23T15:33:02+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"derekpietras"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy","url":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy","name":"Create a Mac MDM Enrollment Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png","datePublished":"2023-06-05T17:11:09+00:00","dateModified":"2024-04-23T15:33:02+00:00","description":"Learn how to create an MDM enrollment policy to enroll existing macOS devices in MDM without using Apple\u2019s ADE.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/remove-existing-enrollment-profile-setting.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/create-a-mac-mdm-enrollment-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create a Mac MDM Enrollment Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75621"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/203"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75621\/revisions"}],"predecessor-version":[{"id":109327,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75621\/revisions\/109327"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75621"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75621"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75621"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}