Apple MDM Missing Enrolment Profile

What

At times, MDM may appear slow or even worse, the MDM Enrolment Profile no longer seems to be apparent, preventing MDM management until re-enrolled.

Why

Apple observed that osquery can cause such issues, depending upon configuration.

osquery is a tool to describe a device based upon SQL and can be used by management tools or similar, e.g. Malware detection software. It is a popular tool, as highlighted by a couple of example applications that use osquery: CrowdStrike and Microsoft Defender.

If you use ADE/DEP to enroll the macOS systems you may find that the following command restores the device's belief that it is supervised and in MDM. To run the command you must be logged in on the device as it will launch a notification to click on to re-confirm that the device should be in MDM;

sudo profiles renew -type enrollment

Information

FileWave does not use osquery, so that may appear as if devices managed by FileWave could be immune, however, since other 3rd party software may do so, FileWave device management, as with any MDM, could be impacted.

Consider testing for devices running osquery, where MDM issues may arise or MDM Enrolment Profile is no longer present. If so, it would be recommended to communicate with the software vendor utilising osquery. Details imply a reduction in the aggressiveness of osquery should prevent this. Additionally, Apple were looking into mitigating against this issue.

https://www.osquery.io/

Desktop / Laptop Client Install and Configure

Enrolling Computer Clients in to FileWave

Mass Deploy Windows FileWave Client

Apple Notarisation and Custom PKG Installers

Apple MDM Enrolment Methods

User Approved MDM Enrollment (macOS)

macOS MDM Enrolment State

Enrolling Mobile Devices into FileWave

Enrolling AppleTV into FileWave

Importing Computer Clients from a File

Location Tracking Technologies

Location Tracking Setup

Apple MDM Missing Enrolment Profile

Clearing FileWave Client Certs

FileWave Client notification for zsh running in the background

FileWave Client Rename Behavior

FileWave Client Status Check: How to ask the client what it is doing on macOS and Windows

FileWave Windows Network Sweeper

PSExec as a Helper in Troubleshooting

Using PsExec to Remotely Restart the FileWaveWinClient Service

Understanding and Resolving Proxy Communication Issues in FileWave

Using PowerShell to Remotely Check the Windows FileWave Client Status

When does the inventory client run scans?

Archiving Clients

Retiring a device from FileWave

Uninstall the FileWave Client on Windows

Uninstall the FileWave Client on macOS

Removing Android Devices

Apple MDM Missing Enrolment Profile

What

Why

Information

No Comments

Desktop / Laptop Client Install and Configure

Enrolling Computer Clients in to FileWave

Mass Deploy Windows FileWave Client

Apple Notarisation and Custom PKG Installers

Apple MDM Enrolment Methods

User Approved MDM Enrollment (macOS)

macOS MDM Enrolment State

Enrolling Mobile Devices into FileWave

Enrolling AppleTV into FileWave

Importing Computer Clients from a File

Location Tracking Technologies

Location Tracking Setup

Apple MDM Missing Enrolment Profile

Clearing FileWave Client Certs

FileWave Client notification for zsh running in the background

FileWave Client Rename Behavior

FileWave Client Status Check: How to ask the client what it is doing on macOS and Windows

FileWave Windows Network Sweeper

PSExec as a Helper in Troubleshooting

Using PsExec to Remotely Restart the FileWaveWinClient Service

Understanding and Resolving Proxy Communication Issues in FileWave

Using PowerShell to Remotely Check the Windows FileWave Client Status

When does the inventory client run scans?

Archiving Clients

Retiring a device from FileWave

Uninstall the FileWave Client on Windows

Uninstall the FileWave Client on macOS

Removing Android Devices

Apple MDM Missing Enrolment Profile

What

Why

Information

Related Content

No Comments