![]() ![]() This should be deployed after PreStage Enrollment, deploying as part of PreStage Enrollment will fail. The Configuration Profile contains details of the Kernel Extension and should be deployed to the Mac prior to installation of the LucidLink application (see Policy Setup). You need to ensure that the Mac does have internet connectivity at login time, it is at this stage that macOS will escrow the bootstrap token with Jamf Pro. There are no specific setup requirements, only that the PreStage Enrollment is configured in Jamf Pro and the Mac is part of the Scope. The act of enrolling the Mac this way is what generates the trust between ABM, Jamf Pro and macOS. There are no specific options or checkboxes in the PreStage Enrollment configuration that are required to allow Jamf to set “Reduced Security” mode. This is applicable to both Apple Silicon Macs and Intel-Based Macs. If the above steps are followed, Lucid will be installed and the KEXT automatically Allowed with no user intervention. pkg and contains a “Restart Options” payload to rebuild the KEXT Cache. The Mac is added to the scope of a Policy in Jamf Pro that installs the LucidLink.The Mac is added to the scope of a Configuration Profile in Jamf Pro that contains an “Approved Kernel Extension” payload, containing the TeamID for the lucidfs KEXT.This is important to facilitate the deployment of an “Approved Kernel Extension” payload without the need to manually enter macOS Recovery Mode and the Startup Security Utility on Apple SIlicon Macs. During the Apple Setup screen the Mac will undergo a Jamf Pro PreStage Enrollment which will allow a Bootstrap token to be escrowed in Jamf once the user logs into macOS.The Mac is powered on, out of the box or freshly reinstalled, and checks in with ABM which then forwards the Enrollment to the Jamf Pro instance.The Mac is added to the ABM instance by Apple, an Apple Authorised Reseller or manually via Apple Configurator for iOS.Since you cannot escrow a BootStrap Token if the Mac has not gone through a PreStage Enrollment. It is possible to deploy LucidLink and approve the lucidfs KEXT with a Mac in Jamf via User-Initiated enrollment although physical interaction with the Mac is required. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |