Enrollment is the process of adding Mac computers to Jamf Pro. When computers are enrolled, inventory information for the computers is submitted to Jamf Pro.
Enrolling computers makes them managed by Jamf Pro. This allows you to perform inventory tasks, remote management, and configuration tasks on the computers.
There are two types of computer enrollment, with various methods to enroll a computer using that type:
Automated Device Enrollment—Automated Device Enrollment allows organizations to configure and manage devices from the moment the devices are removed from the box (known as zero-touch deployment). These devices become supervised, and the MDM profile can be configured to be unremovable by the user. Automated Device Enrollment is designed for devices owned by the organization. For more information, see Automated Device Enrollment into MDM in Apple's Deployment Reference for Mac.
Device Enrollment—Device Enrollment allows organizations to manually enroll devices and manage many different aspects of device use, including the ability to erase the device. If a user removes the MDM profile, all settings and apps that are being managed by the MDM solution are removed. For more information, see Device Enrollment into MDM in Apple's Deployment Reference for Mac.
Automated Device Enrollment for Computers
The only method you can use to enroll devices with Automated Device Enrollment and Jamf Pro is a PreStage enrollment. You can use a PreStage enrollment to customize the computer enrollment experience. For more information, see Computer PreStage Enrollments.
This method is one way to achieve a User Approved MDM status. For more information about User Approved MDM and Jamf Pro, see the Managing User Approved MDM with Jamf Pro Knowledge Base article.
Note: This enrollment method requires an Apple School Manager or Apple Business Manager account. For more information, see Integrating with Automated Device Enrollment.
Device Enrollment for Computers
There are several methods you can use to enroll computers with Device Enrollment and Jamf Pro:
(Recommended) User-initiated enrollment—You can use the User-Initiated Enrollment settings to customize the enrollment experience for users, including the messaging that displays for each step of the enrollment process. Users can then enroll their own computers by logging in to a web-based enrollment portal and following the onscreen instructions. During enrollment, users are prompted to download either an MDM profile or QuickAdd package based on the computer's macOS version. The MDM profile method is one way to achieve a User Approved MDM status. For more information about User Approved MDM and Jamf Pro, see the Managing User Approved MDM with Jamf Pro Knowledge Base article.
Use a QuickAdd package created with Recon—You can use Recon to create a QuickAdd package that enrolls computers when it is installed. This type of QuickAdd package can be deployed using almost any deployment tool, such as Apple Remote Desktop or Jamf Pro. You can also give the QuickAdd package to users to install on their own.
Use the network scanner—You can remotely enroll multiple computers in specified IP ranges by using the network scanner in Recon. Recon scans the specified IP ranges and enrolls any computers that it can connect to over SSH (Remote Login).
Run Recon remotely on a single computer—If you know the IP address of the computer that you want to enroll and SSH (Remote Login) is enabled on the computer, you can enroll the computer by running Recon remotely.
Note: Because of increased user data protections with macOS 10.14 or later, you cannot enable remote management remotely using the SSH protocol. To enable remote management on computers with macOS 10.14 or later, the user must select the Screen Sharing checkbox in System Preferences.
Run Recon locally—If you have physical access to the computer that you want to enroll, you can run Recon locally on the computer.
For related information, see the following section in this guide:
Components Installed on Managed Computers
See a list of the components installed on managed computers and find out how to remove them.