MacTech Groups Agenda
Tuesday, Jan 14, 2020
2:30 to 4:30 pm
B16-B Hillsborough Bld.
Announcements – 5 min
OIT only supports macOS 10.13.6 or newer
Status page for jamfcloud.com services see http://status.jamfsoftware.com
OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
Slack group ncstateit.slack.com #macintosh
Apple Sales: Paul Petrogeorgefirstname.lastname@example.org & Sys Eng: Dave Andersenemail@example.com
macOS versions that shipped with Intel Hardware: support.apple.com/kb/HT1159
Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752
Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.
Antivirus for university owned devices – go.ncsu.edu/antivirus
Unity Macintosh Workflow uses Active Directory configuration with local home directory at /Users/$uid$
OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.
Please remember to check prices at www.apple.com/education/pricelists/ to verify best price with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at firstname.lastname@example.org Must login to GSX monthly!!
UNC Combined Pricing Initiative (CPI) oit.ncsu.edu/campus-it/it-purchasing/unc-combined-pricing-initiative-cpi-program-at-nc-state/
JAMF Pro Enterprise service go.ncsu.edu/jamf, go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details
Training – 5 min
OIT-iOS Mobile Device Security – TBA
OIT-Managing Apple Devices with Jamf Pro – Feb 12, 2020 –
OIT-Jamf Pro Best Practices for Packagers – Mar 05, 2020 –
OIT-Advanced Apple Device Management with Jamf Pro – Apr 7, 2020
CrashPlan for Sub-Org Administrators – Request –
Local Based Commercial Training – training.computertree.com/course/
JAMF Pro Training – www.jamf.com/training/
Service Updates – 15 min
Configuration Management – Jamf Pro 10.17.1 is production.
Jamf Pro 10.18.0 is now available for test on nccloudtest.jamfcloud.com. The target is to update production around the middle of Feb 2020 if testing goes well.
Patch Definition Management – Community Patch No change.
CrashPlan – Production service is now fully hosted, version 7.4.0, uses AzureAD SSO and requires Duo. All installers are for NEW installs ONLY as existing clients update automatically from the server as NCSU releases them. The macOS install in Jamf Pro has 2 installers that must be used in the policy: 1) NCSU-Campus-Install Code42CrashPlan License and Config.pkg and 2)NCSU-Campus-Install Code42 CrashPlan740.pkg (For 10.12.x use NCSU-Campus-Install Code42 CrashPlan720.pkg)
Testing a silent, unattended install but requires the HUGE assumption that the local device username installing the software matches the directory user.
Internet Recovery – https://support.apple.com/en-us/HT204904 Command-Option-R to install latest version for hardware or Command-R to install currently installed version.
Software Packaging –Still waiting on 64-Bit Alertus Package to become official.
AntiMalware– MSSCEP and Kaspersky should be removed!! DetectX Swift is available and should be installed see oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/
Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg
Investigating Jamf Protect but still no EDU pricing and waiting for others to get deployments for feedback.
Apple School Manager – No changes or updates.
AppleCare for Enterprise update –on hold pending Apple being able to add to MarketPlace
Endpoint Protection Standard – Phase 2 deadline is Dec 31, 2020. See Jamf Pro Cheat Sheet at:
Update: Signals form OIT S&C that they want to work on EPS on mobile platforms this summer of 2020.
Jamf Pro 10.18.0 and BootStrap Tokens– 30 min
This the piece we have been waiting for to finally and effectively implement FileVault2 storage encryption with multiuser device deployment on macOS. The release notes for Jamf Pro 10.18.0 say:
Support for Bootstrap Token Functionality
Jamf Pro can now automatically escrow Bootstrap Tokens sent by computers with macOS 10.15 or later enrolled using a PreStage enrollment that has been configured with the local user account on the computer as the administrator. Bootstrap Token eliminates the need to request additional authentication information when a network user logs in to a computer with a mobile account and the account does not have a SecureToken associated with it. After the Bootstrap Token is escrowed, it is requested from Jamf Pro each time an eligible mobile account logs in to a computer. The computer then automatically generates a SecureToken for the mobile account. After the user is issued a SecureToken, their account can be used for macOS services that require cryptographic privileges, such as FileVault authentication.
In addition, if a PreStage enrollment is configured to create an additional local administrator account during enrollment in the Account Settings payload of the PreStage, that account is also eligible to receive the Bootstrap Token when it logs in to a computer.
DRAFT Blueprint for Apple Mobile Device Endpoint Protection– 30 min
As of this meeting we have 2,357 Apple mobile devices in Jamf Pro. In order to help with compliance, Everette has create a draft document for meeting the EPS on iOS, iPadOS, and tvOs devices. I need help reviewing it. Please use the commenting feature of Google Docs. Comment at https://docs.google.com/document/d/1cMpphp7aR7MjW37L-pgaqo22XglmxaSa3MmJkdX2BBg/edit?usp=sharing
Software Needs of Sp2020 – 10 min
What software do folks need in Jamf Pro for Spring 2020?
Q&A – 15 min
You ask we try to answer
MacTech – Tue. Feb 11, 2020 in Room B16-B Hillsborough from 2:30-4:30 pm.
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech dos not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.