Users may be prompted to Update the enrollment of an MDM Enrolled device occasionally. This generally happens when MDM is no longer communicating properly, and the automatic renewal process is not able to properly update.
Note: Users should not be prompted to update any Addigy/MDM certificates, this process should happen automatically in most cases.
Identification
This can occurs when the device shows `MDM Client Stuck` fact as true. In general, it happens when MDM connectivity has an underlying issue or the process is not responding properly, as discussed in this article (https://support.addigy.com/hc/en-us/articles/15377306352275).
Overall, if a device has its MDM stuck, there is a chance that the certificates will not automatically renew when the expiration date is nearing.
Remediation
- We will automatically install our MDM Watchdog on devices, which should help handle this scenario.
- If the MDM Watchdog does not restore the MDM communication, you can also try using the "Install MDM" tool located on the Devices page:
- If neither #1 nor #2 helps, the last option would be to reinstall MDM on the affected device(s).
For steps on removing MDM from a device, but not removing it from Addigy, follow this guide. Removing a Device From Addigy
For steps on approving the MDM installation once it is removed, follow this guide. How To: Manually Enroll macOS into Addigy's MDM
FAQ:
What happens if the certificate expires? Am I still able to renew it?
Yes. If the certificates expire and become unverified, they can still be renewed by using the above workflows. More details on this here: Addigy MDM SSL Certificate Profile Signing Renewal
How do I know if it has been properly renewed?
You can view the certificate renewal date on the device's GoLive > Security page. If it's still out of date, it's possible that the device information hasn't been updated yet. In this case, try to perform a device audit using the "Refresh Data" button also in the GoLive page and/or the agent audit command: https://docs.addigy.com/agent/auditor.html#auditor-commands