So because of Apple’s restrictions on their Device Enrollment Program (devices must have been purchased by your organization directly from AI), I have a handful of donated iPads and iPads purchased through generous and thoughtful third-party support organizations (for instance the Dedication to Special Education group) that can’t be managed via the DEP.

To keep these under my JAMF MDM management umbrella alongside the DEP devices, I must do it the old fashioned way, using Apple Configurator to “supervise” them with an enrollment profile exported from JAMF.

Problem was that after they were “prepared” and “supervised” in Configurator and magically showed up in my JAMF database, certain pieces, like the restriction profiles and the JAMF Self Service application were not showing up on the devices the way the do with the DEP devices.

After struggling awhile, the bug apparently comes down to (can you guess?): Apple IDs!

Under the JAMF Management History there were two types of failures:

• “The app “com.jamfsoftware.selfservice” is already scheduled for management.”
• “The iTunes Store ID of the application could not be validated.”

Turns out that to get the Self Service app on the device, the command to install the app comes from Apple (as requested by the JAMF MDM server) on a push notification, and if you’ve never set up the Apple ID fully in the iTunes App Store on the device, the command fails.

By setting up fully I mean:

• Signing in with the Apple ID and password.
• Changing the “Password Settings” from empty to either “Require Always” or “Require after 15 minutes.” (BTW “Require Always: seems to be Apple’s motto; I get a prompt to log in about every 30 seconds or so on these newly enrolled devices). Also it’s interesting to me that to change the password settings, you have to log in again with your Apple ID and password. Then if you’re lucky and change the password settings, you get access to the “Require Password for Free Downloads” magic slider that lets you opt out of having to sign in to “purchase” free apps (such as the JAMF Self Service).
• Going to the App Store app and accepting the 47 pages of changed Terms and Conditions.
• Saying “Not Now” to Apple’s pestering about setting up Family Sharing. (These are institutional iPads, not family iPads).
• Downloading All of the “Apple Apps” (or saying “Not Now” and hoping that you remember to download them individually later). As of iOS 8.4 these are:
  • Pages
  • Numbers
  • Keynote
  • iMovie
  • GarageBand (shows up only on some iPad models)
  • iTunes U (shows up only on some iPad models)
  • Apple Store (shows up only on some iPad models)
  • Find My Friends (shows up only on some iPad models)
  • Find My iPhone (shows up only on some iPad models)
• Keeping your fingers crossed that the “Install Self Service app” push notification will arrive in time that you don’t have to do this all over again.

Finally I learned how to jump start the process. In JAMF you have to select the device, go to Management, issue an “Update Inventory” command, and then wait.  JAMF will check the device, see that it still needs the Self Service app and issue a Self Service app install command.  Right then you have to all the “setting up fully” steps listed above.  If all is OK you will get a notice that the Self Service app will be installed.