MacTech Groups Agenda
Tuesday, May 12, 2020
2:30 to 4:30 pm
meet.google.com/aie-ypji-pqd
Announcements – 5 min
OIT only supports macOS 10.13.6 or newer
Status page for jamfcloud.com services see http://status.jamfsoftware.com
OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
Slack group ncstateit.slack.com #macintosh
Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com
macOS versions that shipped with Intel Hardware: support.apple.com/kb/HT1159
Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752
Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.
Antivirus for university owned devices – go.ncsu.edu/antivirus
Unity Macintosh MultiUser Workflow uses NoLoAD configuration with local home directory at /Users/$uid$
OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.
Please remember to verify prices at www.apple.com/education/pricelists/ with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at help@ncsu.edu Must login to GSX monthly!!
JAMF Pro Enterprise service go.ncsu.edu/jamf, go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details
Training – 5 min (any course available via Meet/Zoom upon request)
OIT-iOS Mobile Device Security – TBA
reporter.ncsu.edu/link/courseview?courseID=OIT-iOSMob-Security&deptName=OIT
OIT-Managing Apple Devices with Jamf Pro – TBA –
reporter.ncsu.edu/link/courseview?courseID=OIT-JPro01-JPro01&deptName=OIT
OIT-Jamf Pro Best Practices for Packagers – TBA –
reporter.ncsu.edu/link/courseview?courseID=OIT-JPro03-JPro03&deptName=OIT
OIT-Advanced Apple Device Management with Jamf Pro – TBA
reporter.ncsu.edu/link/courseview?courseID=OIT-JPro02-JPro02&deptName=OIT
CrashPlan for Sub-Org Administrators – Request –
reporter.ncsu.edu/link/courseview?courseID=OIT-CPlan1-CPlan1&deptName=OIT
Local Based Commercial Training – training.computertree.com/course/
JAMF Pro Training – www.jamf.com/training/
Service Updates – 30 min
Configuration Management – Jamf Pro production is 10.19.0 Plan to move to 10.21.0 skipping 10.20.0. Should move 10.21.0 to production around June 3, 2020.
Jamf Pro 10.21.0 in test on nccloudtest.jamfcloud.com. Jamf Pro 10.22b1 is latest beta.
The Extension Attribute for Spirion Identity Finder (UNC-GA – Identity Finder) was updated to report the version of both the older Identity Finder.app and the newer Spirion.app.
Jamf Pro is the only approved Configuration Management system for macOS, iOS/iPadOS, and tvOS. See https://oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/
Patch Definition Management – Kinobi Standard no change
Back up for Endpoints – CrashPlan production service is at version 7.7.0. No change
Internet Recovery – No change. https://support.apple.com/en-us/HT204904
Software Packaging – No change. Will be moving the Autopkg server to new location (DC 1 closing) sometime June 2020. No impact is expected.
AntiMalware – DetectX Swift is still available and should be installed see oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/ Still no meeting of the OIT AV Steering teams scheduled. NOTE: A campus unit is implementing a different antimalware package and installers may appear in configuration management. Remember unless you can *prove* you have licenses for any software product do not deploy it!
Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg waiting for approval for 11.4.
The upgrade to 11.4.x client was put on hold by S&C due to the health quarantine, testing continues.
Apple School Manager – No changes or updates.
AppleCare for Enterprise – Still on hold pending Apple being able to add to MarketPlace.
Endpoint Protection Standard – Phase 2 deadline-Dec 31, 2020. See Jamf Pro Cheat Sheet at:
oit.ncsu.edu/help-support/apple/jamf-pro/jamf-pro-policy-cheat-sheet/
Testing for automated use of Eduroam continues (need to be on where eduroam is available). Stake holders met about WolfTech root certificate signing algorithm and a new certificate server will be added to WolfTech where the root certificate will use the more universal signing algorithm. No time frame is set. Because the service will use Jamf ADCS no VPN will be required.
Discussion
—
The UNC-SO JAMF Template contract is final – 10 min
Our Jamf Sales Rep Ben Dennis let me know that the Jamf Template contract is signed and finished at UNC-SO. There is an increase in the per seat price for Jamf Pro to $15.80 macOS and $9.80 for iOS/iPadOS/tvOS. We believe OIT will continue to pickup this cost for the campus. Two new products have been added as separate items not tied to Jamf Pro. The Jamf Connect product is available with min. 25 seat purchase for $3.35 per seat. The Jamf Protect product also has 25 seat min and will be $18 per seat. Both Connect and Protect can be purchased now without need for a Jamf Pro license.
Discussion
Personal Signing Certificates available – 10 min
It is becoming more and more important to sign profiles and packages for delivery to Apple Devices. To make this easier and more open to Jamf Site admins we are now able to provide signing certificates that can be used with Profile Creator, Jamf Composer, Handcock, etc. Unlike developer signing certificates these are only useful on devices that have the Jamf Certificate installed (which is all devices managed by Jamf Pro).
Request a signing cert at https://forms.gle/D33BxxKX2vQagen7A
Full details on how this is done at travellingtechguy.eu/signing-packages-and-configuration-profiles-with-the-built-in-jamf-pro-certificate-authority/
Discussion
Enabling FileVault 2 only with Profile– 10 min
The Endpoint Protection Standard requires that “full disk encryption” be enabled as does security best practice. There are 2 ways to manage FileVault with a configuration profile a) as part of total configuration of the Security & Privacy System Preference panel and b) a custom signed profile to manage only FileVault2 key values. Everette will show a quick way to make a custom profile.
Discussion
Dave Andersen – New Contracts, New Products, and New ASM vendors – 60 min
Dave will join us to talk about the latest MacBooks (Air&13″Pro), new leasing agreement approved by UNC-SO, AppleCare update, and how to get 3rd party vendors to add your product serial numbers to ASM.
Q&A – 15 min
You ask we try to answer
Next meeting:
MacTech – Tue. June 9, 2020 in Room B16-B Hillsborough from 2:30-4:30 pm (or virtual).
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.