Skip to main content

Retiring or Refreshing Jamf Pro Managed Devices

This article has information for removing devices from your Jamf Pro inventory and ensuring data security.

Updated over 2 weeks ago

Description

The device refresh process has important steps to ensure that data is securely erased and your devices are able to be processed by the organization or individual that will acquire the device.

  1. Releasing Devices from Apple Business Manager or Apple School Manager

  2. Remove MDM Profile or Erase Device

  3. Delete Jamf Pro Inventory record (optional)

Some of these processes permanently remove data, so we recommend you test the processes before deploying to all your devices.

Release Device from Apple Business Manager or Apple School Manager

If you have devices in Apple Business Manager or Apple School Manager that you will not be enrolling again in the future, you should release the device. See the following articles on Apple:

Removing Management from Devices

For devices that your organization no longer wants to manage with Jamf Pro but you do not want to erase completely, we can remove the MDM profile from the device. The MDM profile can be removed:

  • by sending a command from Jamf Pro

  • manually from the device if the MDM profile was configured to be removable

If a device has a non-removable profile and is not receiving commands from Jamf, you will have to erase the device in order to remove the MDM profile.

macOS Devices

To remove the MDM profile using Jamf Pro, send the Remove MDM Profile command to managed computers.

  1. Log in to Jamf Pro.

  2. Pull up the device record in Jamf Pro for the computer that needs to be unmanaged.

  3. Select the Management tab.

  4. Select the Remove MDM Profile command.

  5. A prompt to unmanaged the computer will be generated. When ready, select Unmanage Device.

  6. To also remove the Jamf binary from the computer, you can either run the command below in Terminal or use a policy with the Files and processes payload to execute the command. 

    sudo jamf removeFramework

iOS Devices

To remove the MDM profile using Jamf Pro, send the Unmanage Device command to managed mobile devices.

  1. Log in to Jamf Pro.

  2. Pull up the device record in Jamf Pro for the mobile device that needs to be unmanaged.

  3. Select the Management tab.

  4. Select the Unmanage Device command.

  5. A prompt to unmanaged the computer will be generated. When ready, select Unmanage Device.

Erasing Devices

For devices that need to be completely reset and have the MDM profile removed, we can either send a command from Jamf or do it manually on the device. Devices will not re-enroll during setup as long as they have been unassigned from your MDM Server in Apple Business Manager or Apple School Manager.

Note: Sign out of iCloud on the device prior to sending to sending the wipe command to remove the risk of the device being Activation Locked.

macOS Devices

Initiate the erasure with Jamf Pro

To erase managed computers, send the Wipe Command command in Jamf Pro.

  1. Pull up the device record in Jamf Pro for the computer that needs to be wiped.

  2. Select the Management tab.

  3. Select the Wipe Computer command.

  4. A pop-up dialog will appear requiring a 6 digit passcode to be set. Once that code is specified select the Wipe Computer button.

Manually Resetting Computers

Follow the steps from Apple on Erase your Mac and reset it to factory settings.

iOS Devices

Initiate the erasure with Jamf Pro

Send the Wipe Command command to the devices. To do so, complete the following steps:

  1. Log in to Jamf Pro.

  2. Pull up the device record in Jamf Pro for the mobile device that we would like to wipe.

  3. Select the Management tab.

  4. Click Wipe Device from the available Management Commands.

  5. Select the additional options from the pop-up and click Wipe Device.

Manually Wiping an iOS/iPadOS device

Devices can be erased on the device through Settings > General > Transfer or Reset > Erase all Contents and Settings. If that is not available on the device, we can follow one of the options below:

Device Inventory Records

The device inventory record can be kept for historical purposes without taking up a license for Jamf Pro as long as the device is listed as unmanaged/not managed. If retaining the computer record, you may need to take action to mark the computer as Not Managed.

  1. Open the computer record.

  2. On the Inventory > General payload, click Edit in the top-right corner.

  3. Uncheck the box for Allow Jamf Pro to perform management tasks.

  4. Click Save in the top-right corner.

To delete the records follow the steps on the articles below:

Be sure the MDM profile is removed from devices before deleting the inventory record.

More Resources

Related Articles
Removing Jamf Pro Non-Removable MDM profiles
Limit IP Tracking on Devices Managed by Jamf Pro
Remove device from Jamf Now Management
Unmanage an Individual Mobile Device from Jamf Pro
Restore Deleted Device or Computer Record from Jamf Pro
Did this answer your question?