Hello community. First, the foundation. Google is our IdP and Apple School Manager (ASM) is connected via Federation and Sync. Teachers are designated as the role Instructor and Students are designated as role student. Jamf Pro is the MDM and the Apple Education Support section (Settings > Global) is set to "Enable Apple Education Support" and "Enable Apple School Manager Integration." We are actively syncing with a last sync (at time of writing) 9 minutes ago.
We have Macs enrolled via automated device enrollment (supervised) and we use Jamf Connect to allow students and instructors to establish local accounts based on the IdP account. Once the account is created, they sign into the Apple ID using the institution's Managed Apple ID. So far, so good. Teachers can create classes and they appear in ASM. Teachers can assign students to the classes and the students auto-join.
Here is where we are having a problem. I teacher is able to use 8 of the 10 options in the Actions palette. "View Screen" and "Log Out" are both disabled (first screenshot). View Screen is the feature we want the most. So I am frustrated that this seems to be the function missing. Following Apple's guidelines here:
https://support.apple.com/guide/classroom/view-and-lock-screens-cla36eee3ee2/web
And then here:
I have a Restrictions profile delivered via Jamf to the machine that has the required components enabled (second screenshot). These are:
- Allow use of Camera
- Allow screenshots and screen recording (macOS 10.14.4 or later)
- Allow AirPlay, View Screen by Classroom, and Screen Sharing (macOS 10.14.4 or later, enrolled via a PreStage enrollment)
- Allow Classroom to perform AirPlay and View Screen without prompting (macOS 10.14.4 or later, enrolled via a PreStage enrollment)
- Bypass screen capture alert (macOS 15.1 or later)
- Allow Classroom to lock the device without prompting (macOS 10.14.4 or later, enrolled via a PreStage enrollment)
- Require teacher permission to leave Classroom unmanaged classes (macOS 10.14.4 or later, enrolled via a PreStage enrollment)
- Automatically join Classroom classes without prompting (macOS 10.14.4 or later, enrolled via a PreStage enrollment)
But, I've also REMOVED the restrictions profile from the device and there is no difference. View Screen remains grayed out. Thus, I don't believe this is an issue of the Restrictions profile. What is an issue is that even when the Restrictions profile is removed, the Classroom panel in System Settings shows that the settings are managed by a profile.
I've reviewed all the profiles that I've created and there is no overlap of a restrictions profile.
A few other notes:
• Both the teacher device and the student device are on the same wireless network and even connected to the same AP.
• Both devices have Bluetooth enabled and the devices are within 2 feet of each other during testing.
• I was concerned that Jamf's Remote Support was causing issues so I disabled the feature and rebuilt the student device (full wipe).
• I thought that maybe Apple Remote Desktop (Remote Management) may play a role so I enabled that on the student device (I could not find this as a requirement in any of the documentation so I am going to believe this was a false path)
• The teacher device is running Sequoia and the student device is running Tahoe and Sonoma. I will standardize everything tomorrow.
Can anyone give guidance on what I am missing? This seems like something that should "just work," yet I continually am blocked.
Attach up to 5 files which will be available for other members to download.