motionbug
commented
5 years ago @macnotes that is true... you want to change your API endpoint to /advancedcomputersearches/id/ and use the ID of the search for unmanaged devices. You could create this group with the API as well with a little XML within your powershell script
If a user self-enrolls via web and then removes mdm profile, they will go to unmanaged state if they are online and iOS notifies MDM. Jamf Smart Groups cannot contain unmanaged devices. Therefore, the criteria for revoking cert might be more appropriately managed with an Advanced Search.
E.g., Device is unmanaged -or- Last inventory > 90 days, etc.
Also, this is brilliant. Thank you.