Mac Tech

MacTech 05122020

By ega

MacTech Groups Agenda

Tuesday, May 12, 2020

2:30 to 4:30 pm 

meet.google.com/aie-ypji-pqd 

Announcements – 5 min 

OIT only supports macOS 10.13.6 or newer

Status page for jamfcloud.com services see http://status.jamfsoftware.com

OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.

Slack group ncstateit.slack.com #macintosh

Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com

macOS versions that shipped with Intel Hardware: support.apple.com/kb/HT1159

Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752

Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.

Antivirus for university owned devices – go.ncsu.edu/antivirus

Unity Macintosh MultiUser Workflow uses NoLoAD configuration with local home directory at /Users/$uid$

OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.

Please remember to verify prices at www.apple.com/education/pricelists/ with NC State Marketplace

Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at  help@ncsu.edu Must login to GSX monthly!!

JAMF Pro Enterprise service go.ncsu.edu/jamf,  go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details

Training – 5 min (any course available via Meet/Zoom upon request) 

OIT-iOS Mobile Device Security  – TBA 

reporter.ncsu.edu/link/courseview?courseID=OIT-iOSMob-Security&deptName=OIT 

OIT-Managing Apple Devices with Jamf Pro – TBA –  

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro01-JPro01&deptName=OIT 

OIT-Jamf Pro Best Practices for Packagers – TBA –  

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro03-JPro03&deptName=OIT 

OIT-Advanced Apple Device  Management with Jamf Pro – TBA 

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro02-JPro02&deptName=OIT 

CrashPlan for Sub-Org Administrators – Request –  

reporter.ncsu.edu/link/courseview?courseID=OIT-CPlan1-CPlan1&deptName=OIT 

Local Based Commercial Training – training.computertree.com/course/ 

JAMF Pro Training – www.jamf.com/training/ 

  

Service Updates – 30 min 

Configuration Management  – Jamf Pro production is 10.19.0 Plan to move to 10.21.0 skipping 10.20.0. Should move 10.21.0 to production around June 3, 2020.

Jamf Pro 10.21.0 in test on nccloudtest.jamfcloud.com. Jamf Pro 10.22b1 is latest beta. 

The Extension Attribute for Spirion Identity Finder (UNC-GA – Identity Finder) was updated to report the version of both the older Identity Finder.app and the newer Spirion.app.  

Jamf Pro is the only approved Configuration Management system for macOS, iOS/iPadOS, and tvOS.  See https://oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/ 

Patch Definition Management – Kinobi Standard no change

Back up for Endpoints – CrashPlan production service is at version 7.7.0. No change

Internet Recovery – No change. https://support.apple.com/en-us/HT204904

Software Packaging – No change.  Will be moving the Autopkg server to new location (DC 1 closing) sometime June 2020.  No impact is expected.

AntiMalware – DetectX Swift is still available and should be installed see oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/    Still no meeting of the OIT AV Steering teams scheduled. NOTE: A campus unit is implementing a different antimalware package and installers may appear in configuration management.  Remember unless you can *prove* you have licenses for any software product do not deploy it!  

Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg waiting for approval for 11.4.

The upgrade to 11.4.x client was put on hold by S&C due to the health quarantine, testing continues. 

Apple School Manager – No changes or updates. 

AppleCare for Enterprise – Still on hold pending Apple being able to add to MarketPlace. 

Endpoint Protection Standard – Phase 2 deadline-Dec 31, 2020.  See Jamf Pro Cheat Sheet at: 

oit.ncsu.edu/help-support/apple/jamf-pro/jamf-pro-policy-cheat-sheet/ 

Testing for automated use of Eduroam continues (need to be on where eduroam is available).  Stake holders met about WolfTech root certificate signing algorithm and a new certificate server will be added to WolfTech where the root certificate will use the more universal signing algorithm. No time frame is set. Because the service will use Jamf ADCS no VPN will be required.

Discussion 

 

The UNC-SO JAMF Template contract is final – 10 min 

Our Jamf Sales Rep Ben Dennis let me know that the Jamf Template contract is signed and finished at UNC-SO.  There is an increase in the per seat price for Jamf Pro to $15.80 macOS and $9.80 for iOS/iPadOS/tvOS.  We believe OIT will continue to pickup this cost for the campus.  Two new products have been added as separate items not tied to Jamf Pro.  The Jamf Connect product is available with min. 25 seat purchase for $3.35 per seat.  The Jamf Protect product also has 25 seat min and will be $18 per seat. Both Connect and Protect can be purchased now without need for a Jamf Pro license.

Discussion 

Personal Signing Certificates available – 10 min 

It is becoming more and more important to sign profiles and packages for delivery to Apple Devices.  To make this easier and more open to Jamf Site admins we are now able to provide signing certificates that can be used with Profile Creator, Jamf Composer, Handcock, etc.  Unlike developer signing certificates these are only useful on devices that have the Jamf Certificate installed (which is all devices managed by Jamf Pro).

Request a signing cert at https://forms.gle/D33BxxKX2vQagen7A

Full details on how this is done at travellingtechguy.eu/signing-packages-and-configuration-profiles-with-the-built-in-jamf-pro-certificate-authority/ 

Discussion 

Enabling FileVault 2 only with Profile– 10 min 

The Endpoint Protection Standard requires that “full disk encryption” be enabled as does security best practice. There are 2 ways to manage FileVault with a configuration profile a) as part of total configuration of the Security & Privacy System Preference panel and b) a custom signed profile to manage only FileVault2 key values.  Everette will show a quick way to make a custom  profile.

Discussion 

Dave Andersen – New Contracts, New Products, and New ASM vendors – 60 min 

Dave will join us to talk about the latest MacBooks (Air&13″Pro), new leasing agreement approved by UNC-SO, AppleCare update, and how to get 3rd party vendors to add your product serial numbers to ASM.

  

Q&A – 15 min 

You ask we try to answer 

  

Next meeting: 

MacTech – Tue. June 9, 2020 in Room B16-B Hillsborough from 2:30-4:30 pm (or virtual). 

MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec 

MacTech does not meet in July. 

Meetings usually held in B16-B Hillsborough Bld. 

Please mark your calendar.