The following table explains several methods that enable a user for MDM in Jamf Pro:
Method | OS Requirement | Description |
|---|---|---|
Computer PreStage enrollment | N/A | When enrolling a computer via a PreStage enrollment using Automated Device Enrollment (formerly DEP), users created during the Setup Assistant will be MDM-enabled. The local user account will not be MDM-enabled if at least one of the following is true:
|
User-initiated enrollment | N/A | By default, the logged-in user on the computer will be MDM-enabled after enrollment. |
Agent-based enrollment with a QuickAdd.pkg or the Jamf management framework | macOS 10.15.7 or earlier | The logged-in user will be MDM-enabled. |
User-level configuration profile installation through Self Service for macOS | macOS 10.15.7 or earlier | Self Service will attempt to enable the logged-in user for MDM if the user is not already MDM-enabled and the computer has a removable MDM profile. |
Network and mobile user accounts are MDM-enabled by default in Jamf Pro, no matter the enrollment method that was used.
For computers with macOS 10.12 or later, only one local user account can be MDM-enabled on a computer at a time. If a second local user account becomes MDM-enabled on the computer, the first local user account will no longer be MDM-enabled.