Automated MDM Enrolment and VMWare Fusion.

Configure a virtual machine to behave like one of your “DEP” devices, or “Automated MDM Enrolment” – VMware Fusion

Print Friendly, PDF & Email

Hi folks, I’m back! The past two weeks our new born son claimed all my time and energy, so no way I could focus on any tech related matter 🙂

To get back into the blogging activity, let’s start with something easy, yet very handy for those who are regularly testing MDM deployments.

Automated MDM Enrolment and VMWare Fusion: configure a virtual machine to behave like one of your “DEP” devices. This is nothing new, but from time to time I talk to people who are not aware of the possibility, so let’s have a look at how to do this.

Note: Apple recently changed the name of what we all know as “DEP” to “automated MDM enrolment”, so let’s start to embrace this name change.

For this blog I’ll limit this tutorial to VMWare Fusion. The idea behind this workflow for Parallels Desktop is similar, but a bit different in view of how Parallels works. I’ll confirm my workflow with Parallels and add another post with the Parallels workflow later.

Pre-reqs:

  • Serial number of a device which is listed in your Apple School/Business Manager: e.g. C02N49ZVXXXX
  • Model number of the device: e.g. MacBookAir6,1
  • VM Ware Fusion installed on your Mac. (I’m currently using Fusion 11, but I’ve been using v10 with the same workflow before)
  • App Store download of the macOS installer (Mojave OK)
  • VMware Fusion: Download the trial here.

So, let’s go! First we’ll create our VM:

Select “install from disc or image” and click Continue

Select the “Install macOS…” installer previously downloaded from the App Store, and hit Continue.

DO NOT hit “Finish” right now! Go via “Customise Settings” to avoid launching the VM immediately. We need to change some items in the .vmx file before the first boot of the VM. (Clicking “Finish” here would start the VM immediately, which we want to avoid).

Give your VM a name and store it at your desired location.

Wait until the initial installation process is finished.

DO NOT START THE VM YET !

Before starting the VM for the first time, we need to tweak the .vmx file of the virtual machine. Navigate to the location where you saved the VM and ctrl-click on the VMWare file. Choose “Show Package Contents”.

Locate the .vmx file and open it in your preferred text editor.

Ctrl-click… open in… your preferred text editor.

Add the following lines to the .vmx file. Change the serial number with the actual serial number of a physical device (test device listed in your Apple School/Business Manager), as well as the model number.

! Make sure not to make any typo's and don't leave any empty lines. (VMWare will change the order of the lines on next boot, hence empty lines will break the config file.) !

serialNumber.reflectHost = "FALSE"
serialNumber = "C02N49ZVXXXX"
hw.model.reflectHost = "FALSE"
hw.model = "MacBookAir6,1"
smbios.reflectHost = "FALSE"

Save the file and start your VM:

Your VM will boot like a normal Mac in recovery mode.

Next, install macOS as usual:

Choose your language.

Select “Install macOS” and hit continue.

Install macOS… grab a coffee!

After installing macOS, when you are presented with the “Welcome” screen, you need to power off / shutdown the virtual machine. This is necessary to keep the serial number in the configuration.

After shutting down the VM, you can prepare your MDM to handle the “Automated MDM Enrolment”. For Jamf Pro: create a “prestage enrollment” and add the serial number to the scope.

Note: before starting your virtual machine again, create a snapshot! This will allow you to quickly, and efficiently, test your enrolment workflows over and over again, without re-installing macOS (or creating new VM's).

MDM (Jamf Pro Prestage), and snapshot ready? Launch your VM again!

Tadaaa! Magic!

Have fun testing your enrolment workflows, even when on the go, without the need of a physical test device! Deploy, test, restore, change!

That’s all folks! I’ll now test and confirm my Parallels Desktop workflow and share similar steps asap!

grtz,
TTG

Print Friendly, PDF & Email

6 thoughts on “Automated MDM Enrolment and VMWare Fusion.”

  1. Hi,
    It is me again Peder – quite funny you just have some stuff written that I am struggling with at the moment
    I followed the exact description. The VM has the serial and hardware model of my other machines, so everything looks correct(and removed my other machine from JAMF mdm if there is any conflict that is already exist. But when trying to enroll the device it just show up “profile installation failed” MDMresponsestatus 500 error

    I have found various description on how to solve this but not yet managed to get this working even the hardware and serial number is recognized as a real mac

    1. Hi Peder! What VM software are you using? Parallels? Fusion? And which version?

      Have you checked if there is a [NO Name] device appearing in the inventory of MOBILE devices in Jamf Pro?

  2. Hi,

    Thank you so much!!. I removed the “no name” devices in mobile devices and now it works. I have not seen anyone mention this as it for me also sounds a bit strange it is placed in “mobile device” and not computers.

    1. Awesome! Yeah, the fact that the devices tried to enroll as mobile device might have been due to one of your previous test where the serial number and model might not have been recognized correctly. Hence it tries to enroll as mobile device which confused Jamf Pro. Once those are removed and the VM is correctly recognized as Mac it works.

Leave a Reply

Your email address will not be published. Required fields are marked *