macOS 11 MDM Enrollment Logs out user

Question

Using ProfileManager and a payload that works fine for macOS < macOS 11 devices

When I attempt to enroll a new macOS 11 device by downloading the .mobileconfig onto the device and running it via either a double click or using the "open" command in the terminal, the current (admin) user is logged out and can not log back into the machine until ~ 8 minutes have elapsed.

After the 8 minute lapse, I can log back into the machine, however no profile installed.

It seems this is related to the mechanism added to macOS 11 that makes users approve a profile within 8 minutes.

322

Asked by

JSully34

Answer this Question

Add a Comment

Answer 1

Beta 4 has fixed this issue. I have close the feedback.

With beta 4, when you install the profile you get the necessary prompt to approve the profile and everything proceeds as it should. Thank you!

Posted by

JSully34

Add a Comment

Answer 2

We not seen this behavior in our testing can you please collect a sysdiagnose and file a feedback report. For something like this if you can record a video of the issue as well that would very useful.

Just so you aware the expected flow is:

Open mobileconfig file however you'd like (UI or CLI)
You'll notice a notification appear saying you can install profile in System Preferences
Launch System Preferences
Navigate to the Profiles pref pane
Click the profile
Click install

Posted by

Systems Engineer 

Add a Comment

Answer 3

Feedback has been filed: Jul 6, 2020 at 11:25 AM – FB7858255

I also reproduced this behavior on beta 2

In my case no notification appears and I am immediately logged out.

Posted by

JSully34

Add a Comment

Answer 4

Beta 4 has fixed this issue. I have close the feedback.

With beta 4, when you install the profile you get the necessary prompt to approve the profile and everything proceeds as it should. Thank you!

Posted by

JSully34

Add a Comment

macOS 11 MDM Enrollment Logs out user

Accepted Answer

Answers