Enrollment Methods Using Recon


Due to security changes in macOS, enrolling computers with macOS 11 or later in Jamf Pro using Recon is not supported. Consider the following:

  • macOS 11 or later does not permit the automated installation of configuration profiles using the profiles binary. In previous versions of macOS, the Jamf Management Framework and QuickAdd package-based enrollment would use this framework to install the MDM profile.

  • Installing a QuickAdd package on computers with macOS 11 or later attempts to install the Jamf management framework. It is recommended to install and trust the CA certificate to the Jamf Pro built-in CA before installing the QuickAdd package. This allows for policy communication but does not enable MDM communication, preventing configuration profiles and remote commands from working.

  • A CA certificate is no longer downloaded and installed when performing enrollment using a QuickAdd package.

It is recommended to use an MDM-first enrollment workflow. This includes Automated Device Enrollment or user-initiated enrollment. In these workflows, an MDM profile is installed first, and afterwards Jamf Pro automatically installs the Jamf Management Framework using an MDM command.