Is there a way to re-do prestige authenticated enrollment on a MacOS device without removing the .AppleSetupDone file, backing up user home directory, deleting account and then restarting or wiping device to clean installed deployment state.
Reason I am asking is we have experienced a few issues where a device that was enrolled through DEP Prestaged Authenticated gets deleted from JSS and when said device was discovered we wanted to be able to just re-enroll device and hand back to student. However all the policies and config profiles for our student laptops are scoped to a group based on Pre-Stage Enrollment complete. So if the device is just re-enrolled by QuickAdd, Invitation etc. the device doesn't fall back to the student group and therefore does not get proper polices, profiles assigned from previous and of course no longer part of that group won't be there for future stuff. If I remove AppleSetupDone and have student redo without Backing up and removing original account. The authenticated enrollment fails because of existing account, unless you create a different account name and then of course it doesn't enroll properly to the actual assigned username as the MDM user for device.
Any ideas or advice would be greatly appreciated
MBAir 11 inch 2015 El Cap 10.11.5
JSS v9.96
