macOS MDM Enrolment State

DESCRIPTION

macOS devices are unique, in as much as they may be managed by both the FileWave Client and Apple's MDM process. The MDM Enrolment State is an inventory item which shows the current state of MDM enrolment.

FileWave requires the FileWave Client for basic management of macOS devices. MDM is an additional extra to expand the management options, as provided by Apple. There is no MDM only option for macOS devices.

INFORMATION

MDM Enrolment State

The state is a live report of the current status of the device's enrolment; imagine if a device was initially MDM enrolled, but the enrolment profile has been subsequently removed from the device. Status values include:

Full Enrolled – Device was MDM enrolled and all is good. This would be usual for DEP or OTA
Server only – Devices was MDM enrolled, but the device no longer has an enrolment profile installed
Device only – Device has an MDM enrolment profile installed, yet the database has no reference of this
Undefined – Device is running a version of FileWave older than 14.3.0 or has not yet reported back its state
Not Enrolled – Device has never been MDM enrolled and is managed purely by the FileWave Client

DIRECTIONS

A query may be used to identify devices that are not in an expected state, for example, identify devices that no longer have an Enrolment Profile installed

An example query could look something like:

Add, edit or remove criteria to meet desired reporting.

ADDITIONAL INFORMATION

To assist identifying why a device may show as 'Device Only', the following Custom Fields may be added, reporting the Server Root Cert Name and the APNs of the enrolment profile:

MDM Server Root Certificate Name

↓ macOS

Enrolment Profile APNs Topic

↓ macOS

2 Comments

On some of these "not ideal" states (like Server only or Device only), is there any preliminary troubleshooting that the customer can try before contacting FileWave support?

Server log files help, however, sometimes DEBUG log assists, but of course turning on DEBUG after the fact doesn't help. However, the '/usr/local/filewave/log/filewave_django.log' file stores appropriate MDM communication. For example, for FileWave to be involved with removing an Enrolment Profile, it would have to send an MDM command to do so (which occurs from archiving a device).

For devices that are enrolled, but FileWave is unaware, would most likely suggest the enrolment didn't complete (for whatever reason). Identifying the reason would likely involve support (you can try logs again for clues), but the only way to address is a re-enrolment. That said, the Enrolment Profile shows when it was installed on the device, so there are starting points which may help with identification.

Desktop / Laptop Client Install and Configure

Enrolling Computer Clients in to FileWave

Mass Deploy Windows FileWave Client

Apple Notarisation and Custom PKG Installers

Apple MDM Enrolment Methods

User Approved MDM Enrollment (macOS)

macOS MDM Enrolment State

Enrolling Mobile Devices into FileWave

Enrolling AppleTV into FileWave

Importing Computer Clients from a File

FileWave Custom Installer

Superprefs Fileset

FileWave Client Configuration Settings

Location Tracking Technologies

Location Tracking Setup

Apple MDM Missing Enrolment Profile

Clearing FileWave Client Certs

FileWave Client notification for zsh running in the background

FileWave Client Rename Behavior

FileWave Client Status Check: How to ask the client what it is doing on macOS and Windows

FileWave Windows Network Sweeper

PSExec as a Helper in Troubleshooting

Using PsExec to Remotely Restart the FileWaveWinClient Service

Understanding and Resolving Proxy Communication Issues in FileWave

Using PowerShell to Remotely Check the Windows FileWave Client Status

When does the inventory client run scans?

Troubleshooting Deployment Issues with the FileWave Upgrade Fileset

Archiving Clients

Retiring a device from FileWave

Uninstall the FileWave Client on Windows

Uninstall the FileWave Client on macOS

Removing Android Devices

macOS MDM Enrolment State

DESCRIPTION

INFORMATION

MDM Enrolment State

DIRECTIONS

ADDITIONAL INFORMATION

MDM Server Root Certificate Name

Enrolment Profile APNs Topic

2 Comments