Mactaba ITMactaba IT
← Back to Blog
Jamf5 min read

5 Things to Set Up in Jamf Before Your First Device Enrollment

Before you enroll a single device in Jamf, there are five things you should configure first. Get these right and everything else becomes much easier.

Mactaba IT·15 August 2025

One of the most common mistakes when getting started with Jamf is rushing to enroll devices before the environment is properly configured. You end up with devices in Jamf that don't have the right policies, apps, or groups — and fixing it afterwards is messy.

Here are the five things to set up in Jamf before your first device enrolls.

1. Define Your Categories and Smart Groups

Smart Groups are one of Jamf's most powerful features — they let you automatically group devices based on criteria like OS version, department, location, or device type. Policies and app deployments are then scoped to these groups.

Before you enroll anything, think about how your organisation is structured:

  • Do you have different departments (Finance, Engineering, Sales)?
  • Do you have different device types (MacBooks for staff, iPads for field workers)?
  • Do you need to separate test devices from production?

Set up your Smart Groups first. Enrolling devices into a well-organised structure from day one is far easier than reorganising 50 devices later.

2. Configure Your Enrollment Profile

Your enrollment profile defines what happens when a device checks in with Jamf for the first time. At minimum, configure:

  • MDM profile name — use your company name so employees recognise it
  • User affiliation — decide whether devices are user-assigned or shared
  • Department and building fields — useful for reporting later

If you're using Automated Device Enrollment (ADE) via Apple Business Manager, also configure your PreStage Enrollment — this controls the Setup Assistant experience on brand new devices.

3. Set Up a Security Baseline Policy

Before any device goes to a user, it should meet a minimum security standard. Create a policy that runs at enrollment and configures:

  • FileVault enabled (Mac)
  • Screen lock timer (5 minutes or less)
  • Minimum passcode requirements
  • Automatic login disabled

Scope this policy to all devices so it applies the moment anything enrolls — no exceptions.

4. Deploy Your Core Apps

Decide which apps every device needs regardless of role — things like your company VPN client, password manager, communication tools, or endpoint security software.

Set these up as managed installs in Jamf (not self-service) so they install silently and automatically on every device at enrollment. Users shouldn't have to install core tools manually.

5. Test With One Device First

Before rolling out to your entire fleet, enroll a single test device — ideally a spare Mac or an old iPhone — and verify that:

  • The enrollment completes successfully
  • Your security baseline policy applies
  • Core apps install automatically
  • Smart Groups pick up the device correctly

Fix any issues at this stage. Discovering a misconfigured policy after 30 devices have enrolled is a much bigger headache.

A Solid Foundation Pays Off

Getting Jamf configured correctly before your first enrollment saves hours of cleanup later. If you'd like help setting up your Jamf environment from scratch or reviewing an existing setup, get in touch — we can walk you through it.

Need help with Apple device management?

We specialise in Jamf-based MDM for Gulf businesses. Get in touch for a free consultation.

Contact Mactaba IT