Matt Bayless

Searching by groups of asset tags in Jamf Pro

Introduction

Each summer, my organization resets all student-assigned devices for a fresh start of the new school year. K-2 students are each assigned an iPad managed using Jamf Pro. Jamf has (finally) acknowledged that group actions targeting over 500 devices will fail, which means we cannot target our entire set of ~3500 iPads at once. Additionally, we do not want to wipe any devices that are not confirmed to have been turned in or are being used for summer programs. In order to meet these criteria, I ask the on-site techs to each send in their list of confirmed ready-to-wipe iPads and target accordingly.

This method assumes a list formatted like so:

12345
12346
12347
12348

Method

We will be using a regular expression (RegEx) to match the provided list of asset tags. The pipe character "|" in this usage means "or". I wrote a PowerShell one-liner to translate a provided list into a regex string which we will then use to query Jamf for the matching devices.

List in a CSV or TXT file
(Get-Content C:\Path\To\File.csv) -Join "|" | Set-Clipboard -PassThru
List on your clipboard
(Get-Clipboard) -Join "|" | Set-Clipboard -PassThru

This will copy the string to your clipboard and output the string to the terminal for a spot check before proceeding. I generally prefer to copy the list of asset tags rather than pathing to the file, but occasionally it is required.

Go to Jamf and click the "+ New" button located on the Advanced Mobile Device Searches header. Select the "Criteria" tab and click the "+ Add" button. Click the "Choose" button for the "Asset Tag" criteria. Change the operator to "matches RegEx" and paste into the value box.

NOTE: if your asset tag list had a blank line at the end, your RegEx string may end in a pipe (|). Be sure to delete the pipe from the end or your RegEx will match all devices.

Click "Search". Spot-check the results, especially that the number of devices returned is the same or less than the amount in the list. Click "Action", choose "Send Remote Commands", then click "Next". Select Wipe Device, then scroll to the bottom of the page to confirm the number of devices you are wiping by typing it in the text box. If the correct number is not entered, the page will reload for you to try again but the error will only show at the bottom of the page, which may be off your screen.

If a device has already been wiped, it is in an Unmanaged state and as such cannot receive commands from Jamf. This means you may see the correct number of results in your search, but fewer are available to actually send remote commands to.

Once you click next, you will see a confirmation page that your commands have sent.


Thanks for reading! Whether you found this useful or would like me to not go near a computer ever again, I'd love to hear from you - mb@ this domain.

- 1 toast