For more information on User Enrollment management capabilities, see Mobile Device Management Capabilities. This separation allows users to keep their personal data protected and intact once the device is removed from Jamf Pro, while the corporate data is deleted. The user can access their corporate data without the administrator erasing, modifying, or viewing personal data. This allows for a limited management of devices using a set of configurations that associate management with the user, not the entire device. Enrolling personally owned devices keeps personal and institutional data separate by associating a personal Apple ID with personal data and a Managed Apple ID with corporate data. Both methods are designed to keep corporate data safe on devices while protecting users' privacy. Personally owned mobile devices can be enrolled with Jamf Pro using Account-Driven User Enrollment (applies to iOS 15 or later, or iPadOS 15 or later) or User Enrollment (applies to iOS 13.1 or later, or iPadOS 13.1 or later). You can see if a computer is managed by the management account by viewing the Managed attribute field in the computer inventory information. It is recommended that you choose the Randomly generate passwords option for maximum security. To enable the management account, you must enable user-initiated enrollment, and then configure the management account username and password. Perform authenticated restarts using a policy (when SecureToken is enabled on the management account) Generate a personal recovery key using a policy (when SecureToken is enabled on the management account) Using a policy to administer the management account allows you to do the following:Īuthentication to initiate an SSH session using Jamf Remote for the computer to check in to Jamf Pro to run policiesĮnrolling computers with macOS 10.15.7 or earlier using Recon, including creating a QuickAdd.pkg for Jamf binary enrollmentsĮnable FileVault using a policy (when SecureToken is enabled on the management account)Īdd or remove users from FileVault using a policy (when SecureToken is enabled on the management account) The management account only needs to be created if you want to perform the following tasks on the computer: However, choosing to create the management account on computers is optional and is only required for some workflows. This is required for computers to be considered managed by Jamf Pro. When you enroll computers, you must specify a local administrator account called the "management account".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |