MacTech Groups Agenda
Tuesday, Jan 14, 2020
2:30 to 4:30 pm
B16-B Hillsborough Bld.

Announcements – 5 min

OIT only supports macOS 10.13.6 or newer

Status page for jamfcloud.com services see http://status.jamfsoftware.com

OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.

Slack group ncstateit.slack.com #macintosh

Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com

macOS versions that shipped with Intel Hardware: support.apple.com/kb/HT1159

Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752

Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.

Antivirus for university owned devices – go.ncsu.edu/antivirus

Unity Macintosh Workflow uses Active Directory configuration with local home directory at /Users/$uid$

OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.

Please remember to check prices at www.apple.com/education/pricelists/ to verify best price with NC State Marketplace

Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at  help@ncsu.edu Must login to GSX monthly!!

UNC Combined Pricing Initiative (CPI) oit.ncsu.edu/campus-it/it-purchasing/unc-combined-pricing-initiative-cpi-program-at-nc-state/

JAMF Pro Enterprise service go.ncsu.edu/jamf,  go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details

 

Training – 5 min

OIT-iOS Mobile Device Security  – TBA

reporter.ncsu.edu/link/courseview?courseID=OIT-iOSMob-Security&deptName=OIT

OIT-Managing Apple Devices with Jamf Pro – Feb 12, 2020 – 

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro01-JPro01&deptName=OIT

OIT-Jamf Pro Best Practices for Packagers – Mar 05, 2020 – 

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro03-JPro03&deptName=OIT

OIT-Advanced Apple Device  Management with Jamf Pro – Apr 7, 2020

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro02-JPro02&deptName=OIT

CrashPlan for Sub-Org Administrators – Request – 

reporter.ncsu.edu/link/courseview?courseID=OIT-CPlan1-CPlan1&deptName=OIT

Local Based Commercial Training – training.computertree.com/course/

JAMF Pro Training – www.jamf.com/training/

 

Service Updates – 15 min

Configuration Management  – Jamf Pro 10.17.1 is production.
Jamf Pro 10.18.0 is now available for test on nccloudtest.jamfcloud.com.  The target is to update production around the middle of Feb 2020 if testing goes well.

Patch Definition Management – Community Patch No change.

CrashPlan – Production service is now fully hosted, version 7.4.0, uses AzureAD SSO and requires Duo. All installers are for NEW installs ONLY as existing clients update automatically from the server as NCSU releases them. The macOS install in Jamf Pro has 2 installers that must be used in the policy: 1) NCSU-Campus-Install Code42CrashPlan License and Config.pkg and 2)NCSU-Campus-Install Code42 CrashPlan740.pkg (For 10.12.x use NCSU-Campus-Install Code42 CrashPlan720.pkg)

Testing a silent, unattended install but requires the HUGE assumption that the local device username installing the software matches the directory user.

Internet Recovery – https://support.apple.com/en-us/HT204904 Command-Option-R to install latest version for hardware or Command-R to install currently installed version.

Software Packaging –Still waiting on 64-Bit Alertus Package to become official.

AntiMalware– MSSCEP and Kaspersky should be removed!!  DetectX Swift is available and should be installed see oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/

Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg

https://nc.jamfcloud.com/packages.html?id=6679

Investigating Jamf Protect but still no EDU pricing and waiting for others to get deployments for feedback.

Apple School Manager – No changes or updates.

AppleCare for Enterprise update –on hold pending Apple being able to add to MarketPlace

Endpoint Protection Standard – Phase 2 deadline is Dec 31, 2020.  See Jamf Pro Cheat Sheet at:

Update: Signals form OIT S&C that they want to work on EPS on mobile platforms this summer of 2020.

Discussion

—

Jamf Pro 10.18.0 and BootStrap Tokens– 30 min

This the piece we have been waiting for to finally and effectively implement FileVault2 storage encryption with multiuser device deployment on macOS.  The release notes for Jamf Pro 10.18.0 say:

Support for Bootstrap Token Functionality

Jamf Pro can now automatically escrow Bootstrap Tokens sent by computers with macOS 10.15 or later enrolled using a PreStage enrollment that has been configured with the local user account on the computer as the administrator. Bootstrap Token eliminates the need to request additional authentication information when a network user logs in to a computer with a mobile account and the account does not have a SecureToken associated with it.  After the Bootstrap Token is escrowed, it is requested from Jamf Pro each time an eligible mobile account logs in to a computer. The computer then automatically generates a SecureToken for the mobile account. After the user is issued a SecureToken, their account can be used for macOS services that require cryptographic privileges, such as FileVault authentication.

In addition, if a PreStage enrollment is configured to create an additional local administrator account during enrollment in the Account Settings payload of the PreStage, that account is also eligible to receive the Bootstrap Token when it logs in to a computer.

https://docs.jamf.com/10.18.0/jamf-pro/release-notes/What’s_New.html

https://support.apple.com/guide/deployment-reference-macos/using-bootstrap-token-apda5cd41b67/1/web/1

https://support.apple.com/guide/deployment-reference-macos/using-command-line-tools-apdf028a757b/1/web/1

https://support.apple.com/guide/deployment-reference-macos/when-a-mac-is-provisioned-by-an-organization-apdef58dd7b5/1/web/1
Discussion

DRAFT Blueprint for Apple Mobile Device Endpoint Protection– 30 min

As of this meeting we have 2,357 Apple mobile devices in Jamf Pro.  In order to help with compliance, Everette has create a draft document for meeting the EPS on iOS, iPadOS, and tvOs devices. I need help reviewing it. Please use the commenting feature of Google Docs.  Comment at https://docs.google.com/document/d/1cMpphp7aR7MjW37L-pgaqo22XglmxaSa3MmJkdX2BBg/edit?usp=sharing 

Discussion

Software Needs of Sp2020 – 10 min

What software do folks need in Jamf Pro for Spring 2020?

Discussion

Q&A – 15 min

You ask we try to answer

 

Next meeting:

MacTech – Tue. Feb 11, 2020 in Room B16-B Hillsborough from 2:30-4:30 pm.

MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec

MacTech dos not meet in July.

Meetings usually held in B16-B Hillsborough Bld.

Please mark your calendar.