Retention Guidelines for Apple Devices in the EDM Program

Apple jamfpro EDM

Apple devices that are not being actively managed through Jamf Pro will be removed from the EDM Apple Devices service. These retention guidelines maintain licensing costs and align with the retention guidelines that are already in place for Windows devices in the EDM program.

Defining A Device That Is Not Actively Managed

An Apple device is considered not actively managed if it meets one of the following criteria:

The device has not communicated with Jamf Pro within the last 365 days
- Any computer or device that does not have an updated communication date with Jamf Pro by Nov. 18, 2024, will be deleted from Jamf Pro. After Nov. 18, 2024, objects in Jamf Pro will be subject to automatic removal without notice after 365 days since last contacting the Jamf Pro server.
Computers or devices running operating systems with “Support Removed” by Jamf Pro as defined in the Jamf Pro System Requirements.
- Currently, this includes computers running macOS 10.12.x, iOS 8.x, and tvOS 9.x and earlier.
Computers or devices that are reporting as “Unmanaged”
- This could have occurred through a previous action to unmanage a computer or device or due to an incomplete enrollment.

Identifying Apple Devices That Have Not Checked In

Each Jamf Pro site had a default inventory search created during onboarding:
- “All Computers” within the Computers tab -> Search Inventory
- “All Devices – DEPT” within the Devices tab -> Search Inventory
Click on the desired inventory search, click the Display tab, and verify that the last communication date field is selected:
- Computers: Computer -> Last Check-in
- Devices: Device -> Last Inventory Update
- These would have been selected during initial creation, but if it is currently not set, click Edit in the lower-right, check the appropriate box, and click Save.
- Click View to see a list of all objects. Sort by Last Check-in or Last Inventory Update to easily identify objects that are subject for deletion.
  - Any object with a date of 365 days ago, or older — or an object with no last communication date — will be marked for deletion.

Identifying Apple Devices That Are Unmanaged or Have a "Support Removed" OS

Use the same process as above for the “Operating System Version” (“OS Version” for devices) and “Managed” fields.

What Do I Need to Do?

The actions you may to take depend upon whether the device still needs to be managed.

Devices That Should Be Managed

Locate the computer or device, connect it to the network, and allow it to check in with the Jamf Pro server. If applicable, update the operating system for unsupported systems and/or re-enroll unmanaged devices.
Verify that the last communication date, operating system version, and/or management status has been updated in Jamf Pro
- If not, reenroll the object, and repeat the verification steps.
No additional steps are needed. Once the check-in criteria is updated, it will drop out of the group to be deleted.

Devices That No Longer Need To Be Managed

No action is needed. The object will be deleted as planned.
If an object has Activation Lock enabled, Pitt IT recommends that you manually back up that information if the object remains at the University. Please see section below for more information.
No changes will be made to any existing Apple School Manager assignments. If an object is leaving the University, the normal process to unassign this in Apple School Manager should be followed. If the object is still at the University, the assignment will remain for the object to be reenrolled to the set department site.

Backing Up Information For Devices with "Activation Lock" Enabled

Please pay extra attention to the Activation Locked status. If a device is Activation Locked by a user logging in with an iCloud account, it will not be able to be formatted without the logged in user’s iCloud credentials or the user removing the computer or device from “Find My” through Apple. Jamf Pro stores a recovery key for Activation Locked computers and devices. Unfortunately, this cannot be exported via Inventory. It must be exported manually. For all computers or devices identified as having Activation Lock enabled, it is highly recommended to manually back up these codes before deletion following these steps: