So we have just been advised the KB article regarding user level mdm, which is needed to deploy VPP apps to lab machines or local users. https://www.jamf.com/jamf-nation/articles/372/enabling-mdm-for-local-user-accounts
Will break DEP enrolment on Macs.
As we have found out now 10.13.4 has been released and we need to Profiles for KEXT Approval.
To be fair to JAMF they did update the KB article to state the following.
Note: For computers with macOS 10.13.2 and later, this workflow for enabling MDM for local user accounts will reset any previous User Approved MDM Enrollments. If you use this as a part of existing ongoing workflows, you should evaluate the impact of these changes.
However not having looked at the KB article for some time. I would have loved to see more about this in release notes
On the latest 10.3 version of the JSS they added an inventory collection item Enrolled via DEP:
this is populated by running the command
profiles status -type enrollment
However if you have at any point run the command jamf mdm -userLeveMdm
This will set your machine back to the equivalent of user based enrolment.
Which means if you try and deploy a profile that requires user approved or DEP. it will fail