10.12.4 gives us a new option to recheck enrollment via DEP! You can now use the -N flag to recheck a DEP configuration and, if a computer is not enrolled in the correct listing, move the enrollment. This should makes of r an ability to move devices between server, change the URL string in an enrollment profile, and recheck for the removal of an enrollment profile.
To use the option, simply run profiles with the -N option (with elevated privileges):
sudo profiles -N
For the Mac, there are a lot of ways to programmatically handle enrollment, so this is a nice new feature, but not a game changer. But, while not yet available in iOS, if the same functionality could be had with, say, a MDM command, then you would be able to migrate iOS devices between MDMs, provided you already put the data in place so policies ran as expected.
krypted April 18th, 2017
Posted In: Mac OS X, Mac OS X Server, Mac Security