Jamf Connect syncs local accounts to their network account in a cloud identity provider (IdP). For organizations transitioning from on-premise Active Directory to a cloud identity solution, Jamf Connect can also convert mobile accounts to local accounts; this process is called demobilization.
When you convert an existing MDM-capable mobile account to a local account through demobilization, the account loses MDM-capable status and its previous Active Directory-based network authentication authority. It is no longer eligible for user-level configuration profiles from an MDM, including Education Profiles used for managed classes in the Apple Classroom app.
Jamf recommends transitioning away from user-level configuration profiles before demobilizing mobile accounts. For more information about MDM enrollment methods, see MDM-Enabled Local User Accounts in the Jamf Pro Documentation.
If you plan to unbind accounts from Active Directory in addition to demobilizing them with Jamf Connect, you must make sure to demobilize accounts before unbinding them. This ensures that the Active Directory domain can be reached during the demobilization process.
You can use Jamf Connect's demobilization feature to convert mobile accounts into local accounts on macOS computers before unbinding from Active Directory with Jamf Pro. To ensure demobilization, unbinding, and network account connection with Jamf Connect succeed, you can use the following process:
Demobilizing accounts by deploying Jamf Connect with only the demobilization setting enabled
This requires users to log in to complete the demobilization process.
(Optional) Unbinding computers from Active Directory
(Optional) Enabling the Jamf Connect login window and configuring Self Service+
This workflow should not be used to enroll new computers or as a part of a PreStage enrollment.
If FileVault is enabled on your computers and automatic FileVault login is enabled in Jamf Connect, the demobilization process will fail. For instructions on disabling automatic FileVault login, see the Turning On FileVault with Jamf Connect in the Jamf Connect Documentation.