Enrolling your Mac Clients into MDM using fwcld



As of macOS Big Sur, Apple deprecated installations of profiles from the command line.  Enrolment must be either through DEP or installing a profile manually using System Preferences.

Description

This article describes fileset-based MDM enrollment for Mac Clients that already have FileWave Client installed, using a fileset. MDM provides the ability to instal VPP Apps, as well as other features, like 'Lost Mode'

UAMDM

Please be aware that in 10.13, Apple introduced User Approved MDM. Scripting the enrollment of a computer in this way will mean that this is not a User Approved MDM enrollment.

Ingredients

  • Below Fileset

↓ macOS

Directions

  1. Open FileWave Admin, and log in

  2. Import the downloaded Fileset

  3. Open the "Enroll iOS Device" assistant from the Assistants Menu

  4. Click on "Mass enrollment" and download the profile to your Machine

  5. Double-click the fileset to reveal contents

  6. Drag & Drop the .mobileconfig file to /usr/local/etc; '.placeholder' may be removed

  7. Edit the 'enrol_mdm.sh' script, replacing LOCALADMINUSERNAME with the name of a local admin of the target devices

Script contents:

1 2 3 4 5 6 7 8 #!/bin/zsh if [ ! $(/usr/bin/profiles -P | awk '/com.filewave.profile$/ {print $(NF)}') ] then profiles -I -F /usr/local/etc/MDM\ Enrollment\ Profile.mobileconfig -Y LOCALADMINUSERNAME fi



Deploy the Fileset to one or more test Clients before deploying to user devices. 

Script will not attempt to instal the Profile if an Enrolment Profile is already installed