MacTech 01142020

MacTech Groups Agenda
Tuesday, Jan 14, 2020
2:30 to 4:30 pm
B16-B Hillsborough Bld.

Announcements – 5 min

OIT only supports macOS 10.13.6 or newer

Status page for services see

OIT Macintosh Support Web Site for updates.

Slack group #macintosh

Apple Sales: Paul & Sys Eng: Dave

macOS versions that shipped with Intel Hardware:

Vintage and Obsolete Apple Products:

Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.

Antivirus for university owned devices –

Unity Macintosh Workflow uses Active Directory configuration with local home directory at /Users/$uid$

OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.

Please remember to check prices at to verify best price with NC State Marketplace

Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at Must login to GSX monthly!!

UNC Combined Pricing Initiative (CPI)

JAMF Pro Enterprise service, and for details


Training – 5 min

OIT-iOS Mobile Device Security  – TBA

OIT-Managing Apple Devices with Jamf Pro – Feb 12, 2020 –

OIT-Jamf Pro Best Practices for Packagers – Mar 05, 2020 –

OIT-Advanced Apple Device  Management with Jamf Pro – Apr 7, 2020

CrashPlan for Sub-Org Administrators – Request –

Local Based Commercial Training –

JAMF Pro Training –


Service Updates – 15 min

Configuration Management  – Jamf Pro 10.17.1 is production.
Jamf Pro 10.18.0 is now available for test on  The target is to update production around the middle of Feb 2020 if testing goes well.

Patch Definition Management – Community Patch No change.

CrashPlan – Production service is now fully hosted, version 7.4.0, uses AzureAD SSO and requires Duo. All installers are for NEW installs ONLY as existing clients update automatically from the server as NCSU releases them. The macOS install in Jamf Pro has 2 installers that must be used in the policy: 1) NCSU-Campus-Install Code42CrashPlan License and Config.pkg and 2)NCSU-Campus-Install Code42 CrashPlan740.pkg (For 10.12.x use NCSU-Campus-Install Code42 CrashPlan720.pkg)

Testing a silent, unattended install but requires the HUGE assumption that the local device username installing the software matches the directory user.

Internet Recovery – Command-Option-R to install latest version for hardware or Command-R to install currently installed version.

Software Packaging –Still waiting on 64-Bit Alertus Package to become official.

AntiMalware– MSSCEP and Kaspersky should be removed!!  DetectX Swift is available and should be installed see

Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg

Investigating Jamf Protect but still no EDU pricing and waiting for others to get deployments for feedback.

Apple School Manager – No changes or updates.

AppleCare for Enterprise update –on hold pending Apple being able to add to MarketPlace

Endpoint Protection Standard – Phase 2 deadline is Dec 31, 2020.  See Jamf Pro Cheat Sheet at:

Update: Signals form OIT S&C that they want to work on EPS on mobile platforms this summer of 2020.


Jamf Pro 10.18.0 and BootStrap Tokens– 30 min

This the piece we have been waiting for to finally and effectively implement FileVault2 storage encryption with multiuser device deployment on macOS.  The release notes for Jamf Pro 10.18.0 say:

Support for Bootstrap Token Functionality

Jamf Pro can now automatically escrow Bootstrap Tokens sent by computers with macOS 10.15 or later enrolled using a PreStage enrollment that has been configured with the local user account on the computer as the administrator. Bootstrap Token eliminates the need to request additional authentication information when a network user logs in to a computer with a mobile account and the account does not have a SecureToken associated with it.  After the Bootstrap Token is escrowed, it is requested from Jamf Pro each time an eligible mobile account logs in to a computer. The computer then automatically generates a SecureToken for the mobile account. After the user is issued a SecureToken, their account can be used for macOS services that require cryptographic privileges, such as FileVault authentication.

In addition, if a PreStage enrollment is configured to create an additional local administrator account during enrollment in the Account Settings payload of the PreStage, that account is also eligible to receive the Bootstrap Token when it logs in to a computer.’s_New.html

DRAFT Blueprint for Apple Mobile Device Endpoint Protection– 30 min

As of this meeting we have 2,357 Apple mobile devices in Jamf Pro.  In order to help with compliance, Everette has create a draft document for meeting the EPS on iOS, iPadOS, and tvOs devices. I need help reviewing it. Please use the commenting feature of Google Docs.  Comment at 


Software Needs of Sp2020 – 10 min

What software do folks need in Jamf Pro for Spring 2020?


Q&A – 15 min

You ask we try to answer


Next meeting:

MacTech – Tue. Feb 11, 2020 in Room B16-B Hillsborough from 2:30-4:30 pm.

MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec

MacTech dos not meet in July.

Meetings usually held in B16-B Hillsborough Bld.

Please mark your calendar.