Personal Information
No personal information is collected, such as the content or names of personal files (documents, email, etc) or any browsing history.
Jamf Pro does NOT allow administrators to see location or users' private data stored on their Apple devices such as messages in university or personal email accounts, pictures, videos, phone calls, and text messages. MDM Administrators will only enable internet activity monitoring and location upon request from the user of a missing iOS mobile device.
Setup: Before You Start
Check if your Mac is already Jamf enrolled
- Navigate to System Preferences
- Select Profiles
- Check for MDM Profiles
Duo Two-Factor Authentication
The Setup Assistant on University-owned Mac computers, iPhones and iPads is protected by Duo Two-Factor Authentication. For general information about Duo, see Duo Two-Factor Authentication
You must respond to the Duo prompt in order to proceed with setup process.
Are you On-Campus or Off-Campus?
- On-Campus
If you are on-campus, use the Eduroam network. Authenticate to Eduroam using your Princeton netid in the form of netid@princeton.edu. Do not use an email alias. For more information about connecting to Eduroam at Princeton, see Article 8020 - Eduroam: Connecting to the eduroam wireless network
- Off-Campus
Be sure you know your Wi-Fi network name and password before starting the setup process.
Setup: Step-by-Step
Begin Setup
Some Setup Assistant screens are hidden by the Princeton Jamf Pro Enrollment Configuration. macOS features such as Siri, Passcode and Apple Pay may be configured after setup is complete.
- Start the computer
- If the computer does not display a Setup Assistant screen (i.e. it displays a login screen or Finder desktop), this is an "in use" Mac computer and must be completely erased before attempting to set it up. You will need to back up any data you want to keep before erasing the computer.
- Follow instructions in the macOS Setup Assistant screens
- On the Select your Wi-Fi network screen, select a network
- You must connect to a network. The setup process will fail without a network connection and require the computer to be erased before attempting to set it up again.
- If you are off-campus, select an available network and enter the password required to connect to that network
- If you are on-campus, select Eduroam and authenticate using your Princeton netid in the form of netid@princeton.edu. Do not use an email alias. For more information about connecting to Eduroam at Princeton, see Eduroam: Connecting to the eduroam wireless network
- Click Continue on the Remote Management screen
- If the Remote Management screen does not appear, restart the computer and reconnect to the network
- If the Remote Management screen still does not appear, contact your SCAD/DCS support person or the OIT Suppport and Operations Center (SOC).
- Enter your Princeton credentials on the Central Authentication Service (CAS) screen. Use your netID.
- Note: You will see a CAS and Duo universal prompt on the device you're enrolling, if the device is running macOS 10.15 or higher. Devices running macOS 10.14 or below will continue to use Duo append mode.
- Continue through the remaining Setup Assistant screens
- On the Create a Computer Account screen, keep the default account field, enter a secure password meeting Princeton's password requirements and click Continue.
- The initial account created in this step is an Administrator account. For more information on creating additional macOS user accounts after setup is complete, see the following Apple article: Set up users, guests, and groups on Mac
- If account creation fails, try again using a password containing at least 10 characters or using a different user name and account name.
- Continue through the remaining Setup Assistant screens.
- When the Desktop appears, reconnect to your Wi-Fi network and wait for the following apps to be installed:
- CrowdStrike
- Firefox
- Rapid7
- Microsoft 365 Office Suite
- Cisco Jabber
- Zoom
- Enable FileVault by restarting the computer and entering your macOS password at the prompt that appears during the restart process.
- Enter the password for the currently logged-in macOS account
- If prompted to save the FileVault encryption key, click Continue
- Jamf will store the recovery key automatically. This key is available from your department SCAD/DCS member or the Support and Operations Center (8-HELP)
*Note: The new enrollment CAS and Duo screens require macOS 10.15 or higher, if you have a device with macOS 10.14 or lower you will be presented with a generic username and password prompt with a silent duo prompt.
Completing Setup
After you have enabled FileVault and rebooted the computer, log in as the primary user of the computer to complete the setup process.
- Activate Microsoft Office
- Start Microsoft Word and sign into the app with your Princeton credentials. If you are using a sponsored account see Getting started with Microsoft 365.
- Install Code42 Crashplan
- Confirm the computer name
- The computer name is shown in System Preferences > Sharing
- If the computer name is not correct, use the 'Change computer name' item (in the MDM-Utilities category) in Princeton IT Self-service to change the name.
- Launch the Princeton IT Self-service app from the Applications folder
- Find CrashPlan and click the Install button below the app icon
- See Sign into CrashPlan in Article KB0011418 to complete the setup of Code42 CrashPlan
- Confirm the computer name
- Install additional recommended apps from self service:
- Microsoft Remote Desktop (RDC)
- GlobalProtect VPN
Princeton IT Self-service App
Users who do not have administrative rights on their computer can use the Princeton IT Self-service app to install apps, or in some cases, modify computer settings.
How to use the Princeton IT Self-service app:
- Launch the Princeton IT Self-service app from the Applications folder
- Select an app or item and click the action button below the app icon
SCAD/DCS macOS Computer Setup Guide
SCAD/DCS support staff should use the setup instructions in KB0010210 Mobile Device Management Environment - Enterprise and Site Admin Console Documentation
iPhone/iPad Setup Guide
Step-by-step instructions for setting up an Apple device running iOS or iPad OS are published in Article KB0013128.
Configurations applied to all devices managed by this service
The "Campus Base Configuration Profile" prompts the user to enter a passcode consisting of at least four (4) characters. The configuration also includes the Princeton SRA/VPN server setting for the SonicWall Connect Mobile app. Any additional distribution of configuration profiles are the responsibility of individual departments. If you have any questions about what additional profiles are enforced on your University-owned device, please contact your IT support group.
Lost/Stolen Device
Contact your SCAD/DCS member or the Support and Operations Center (SOC) at (609)258-HELP if you've misplaced your Mac, iPhone or iPad. If your iOS device is enrolled in the MDM program and is supervised, they will confirm your identity and then remotely lock your mobile device or, at your request, wipe the iOS device. If someone else gets possession of your device, the lock screen prevents access to log into the device. After the device is locked, you have time to think about your next steps or search for your device while leaving its contents intact.
Limitations & Known Issues
- Does not support macOS 10.12 and below; iOS 11 and below or pre-Apple TV 4K.
- macOS 10.14 and below may experience a FileVault issue when FV enables user which requires a reboot.
- Data and Profile migration from old computer to new computer is not seamless and requires a cable (Contact your SCAD/DCS member)
- If you use Migration Assistant, you cannot check "Computer & Network Settings" to migrate over to the new computer
- If you send a "disable remote management command" to a computer, it cannot be re-enabled unless you run Recon or inventory
- The Account Creation step of the Setup Assistant can fail to complete when enrolling computers with Jamf Pro using a PreStage enrollment
- During startup, you may see "connecting to mme-casper.princeton.edu", this is because a policy is installing that is scoped for startup, the length of time this shows, depends on how large the installation of the package is.
- If you are stuck on a "waiting for management screen" in Setup Assistant:
- Press Command-Q to shut down the computer
- Restart the computer and continue through the Setup Assistant screens
- When the Desktop appears, open System Preferences > Profiles
- If profiles are shown, continue setting up the computer as normal.
sudo jamf recon
- If there are no profiles, open Terminal and run the following command
sudo profiles renew -type enrollment
macOS Software
Automatically installed:
- Anti-malware Software
- Princeton IT Self Service
- Firefox Browser
- Vulnerability Scanning Software
- Zoom Full Client (Video Conferencing Client)
- Jabber Client (Chat and Soft Telephone Client)
- Microsoft 365 Office Suite
- Jamf management account. A local account named 'depprodadmin' is created during enrollment and given a random 128 character password that is unique to each computer.
Additional Software Available to be installed:
- VPN Software
- Backup and Restore Software
- Microsoft Remote Desktop
Device Information Collected
Jamf Pro can only collect the data needed to support the Apple device. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc)
No personal information is collected, such as the content or names of personal files (documents, email, etc) or any browsing history.
Jamf Pro does NOT allow administrators to see location or users' private data stored on their Apple devices such as messages in university or personal email accounts, pictures, videos, phone calls, and text messages. MDM Administrators will only enable internet activity monitoring and location upon request from the user of a missing iOS mobile device.