How can a configuration profile be removed from a single computer Jamf

We have been seeing the same thing for a while now and have found if you delete the profile before ensuring all clients have the profile removed correctly it will just continually fail.
I have even attempted to rebuild the profile and remove it but it will continue to show failures...

In general, we have been making sure the profile is not pending for any devices before deletion.

I have resorted to doing a failed command flush on lab devices where we were using our 8021x profile in question through the API.

see below, you will need to change the base64 encrypted string for your environment but I would suggest making sure you don't want to see the failed policies as it will clear them all. this is fine for us due to them just being labs. We run this on labs once per day.

#!/bin/bash idtype=computers status=Failed jssurl=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) #get the serialnumber sn=$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $4}') #get the jamf pro id based off serialnumber id=$(curl -ks --header 'authorization: Basic #################' -H "accept: text/xml" "$jssurl"JSSResource/computers/serialnumber/$sn | xmllint --xpath "computer/general/id/text()" -) # force individual computer by replacing ID here and uncomment # id=2641 #Delete pending & failed commands for the mac curl -ks --header 'authorization: Basic #########################' -H "content-type: text/xml" "$jssurl"JSSResource/commandflush/computers/id/$id/status/$status -X DELETE

Configuration profiles are XML files (.mobileconfig) that provide an easy way to define settings and restrictions for devices, computers, and users.

You can use Jamf Pro to create a configuration profile or you can upload a configuration profile that was created using third-party software, for example, Apple's Profile Manager or Apple Configurator.

Before creating a configuration profile, you should have basic knowledge of configuration profile payloads and settings. For more information, see the following Apple documentation:

Mobile Device Management Settings
Profile-Specific Payload Keys

Some configuration profile payloads and settings available in Jamf Pro may differ from their implementation in Apple’s tools. For more information on these settings, see the Configuration Profile Payload Settings Specific to Jamf Pro Knowledge Base article.

When you create a computer configuration profile, you must specify the level at which to apply the profile—computer level or user level. Each level has a unique set of payloads and a few that are common to both.

There are two different ways to distribute a configuration profile: install it automatically (requires no interaction from the user) or make it available in Self Service. You can also specify the computers and users to which the profile should be applied (called “scope”).

Note: Removing a computer from the scope of a computer-level profile prompts Jamf Pro to remove the settings applied by the profile the next time the computer checks in with Jamf Pro. Removing a computer from the scope of a user-level profile prompts Jamf Pro to remove the settings applied by the profile the next time the computer checks in with Jamf Pro while that user is logged in.

There are several payload variables that you can use to populate settings in a configuration profile with attribute values stored in Jamf Pro. This allows you to create payloads containing information about each mobile device, computer, and user to which you are distributing the profile.

To use a payload variable, enter the variable into any text field when creating a configuration profile in Jamf Pro. When the profile is installed, the variable is replaced with the value of the corresponding attribute in Jamf Pro.

Variable	Inventory Information
$COMPUTERNAME	Computer Name
$SITENAME	Site Name
$SITEID	Site ID
$UDID	UDID
$SERIALNUMBER	Serial Number
$USERNAME	Username associated with the computer in Jamf Pro (computer-level profiles only) Username of the user logging in to the computer (user-level profiles only)
$FULLNAME or $REALNAME	Full Name
$EMAIL	Email Address
$PHONE	Phone Number
$POSITION	Position
$DEPARTMENTNAME	Department Name
$DEPARTMENTID	Department ID
$BUILDINGNAME	Building Name
$BUILDINGID	Building ID
$ROOM	Room
$MACADDRESS	MAC Address
$JSSID	Jamf Pro ID
$PROFILEJSSID	Jamf Pro ID of the Configuration Profile
$EXTENSIONATTRIBUTE_#	Extension Attribute ID Number Note: The ID number is found in the extension attribute URL. In the example URL below, "id=2" indicates the extension attribute ID number: https://instancename.jamfcloud.com/computerExtensionAttributes.html?id=2&o=r For more information, see Computer Extension Attributes.

To install a configuration profile on a computer, you need:

A push certificate in Jamf Pro. For more information, see Push Certificates.
The Enable certificate-based authentication and Enable push notifications settings configured in Jamf Pro. For more information, see Security Settings.
(User-level profiles only) Computers that are bound to a directory service or local user accounts that have been MDM-enabled. For information, see Directory Bindings and MDM-Enabled Local User Accounts.

You can create a configuration profile using Jamf Pro.

Beginning with Jamf Pro 10.17.0, you can configure some payloads using a redesigned flow. Use switches to include the settings that will be sent to deployment targets. In the summary view, only the included or configured settings are displayed in the Jamf Pro interface. The operating system manages settings on the computer level. Some enforced settings that do not change default values will not be visible on the computer. For more information on the default settings, see this documentation from the Apple Developer website.

Note: When upgrading to Jamf Pro 10.17.0 or later, any previously configured payloads that have been redesigned are automatically migrated. Review the settings in the Jamf Pro user interface. The migrated payloads are not redeployed to deployment targets.

Log in to Jamf Pro.
Click Computers at the top of the page.
Click Configuration Profiles.
Click New
.
Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.Only payloads and settings that apply to the selected level are displayed for the profile.
To distribute the profile during enrollment using a computer PreStage enrollment, ensure you create a computer-level configuration profile.