MacTech 05122020

MacTech Groups Agenda

Tuesday, May 12, 2020

2:30 to 4:30 pm 

Announcements – 5 min 

OIT only supports macOS 10.13.6 or newer

Status page for services see

OIT Macintosh Support Web Site for updates.

Slack group #macintosh

Apple Sales: Paul & Sys Eng: Dave

macOS versions that shipped with Intel Hardware:

Vintage and Obsolete Apple Products:

Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.

Antivirus for university owned devices –

Unity Macintosh MultiUser Workflow uses NoLoAD configuration with local home directory at /Users/$uid$

OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.

Please remember to verify prices at with NC State Marketplace

Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at Must login to GSX monthly!!

JAMF Pro Enterprise service, and for details

Training – 5 min (any course available via Meet/Zoom upon request) 

OIT-iOS Mobile Device Security  – TBA 

OIT-Managing Apple Devices with Jamf Pro – TBA – 

OIT-Jamf Pro Best Practices for Packagers – TBA – 

OIT-Advanced Apple Device  Management with Jamf Pro – TBA 

CrashPlan for Sub-Org Administrators – Request – 

Local Based Commercial Training – 

JAMF Pro Training – 


Service Updates – 30 min 

Configuration Management  – Jamf Pro production is 10.19.0 Plan to move to 10.21.0 skipping 10.20.0. Should move 10.21.0 to production around June 3, 2020.

Jamf Pro 10.21.0 in test on Jamf Pro 10.22b1 is latest beta. 

The Extension Attribute for Spirion Identity Finder (UNC-GA – Identity Finder) was updated to report the version of both the older Identity and the newer  

Jamf Pro is the only approved Configuration Management system for macOS, iOS/iPadOS, and tvOS.  See 

Patch Definition Management – Kinobi Standard no change

Back up for Endpoints – CrashPlan production service is at version 7.7.0. No change

Internet Recovery – No change.

Software Packaging – No change.  Will be moving the Autopkg server to new location (DC 1 closing) sometime June 2020.  No impact is expected.

AntiMalware – DetectX Swift is still available and should be installed see    Still no meeting of the OIT AV Steering teams scheduled. NOTE: A campus unit is implementing a different antimalware package and installers may appear in configuration management.  Remember unless you can *prove* you have licenses for any software product do not deploy it!  

Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg waiting for approval for 11.4.

The upgrade to 11.4.x client was put on hold by S&C due to the health quarantine, testing continues. 

Apple School Manager – No changes or updates. 

AppleCare for Enterprise – Still on hold pending Apple being able to add to MarketPlace. 

Endpoint Protection Standard – Phase 2 deadline-Dec 31, 2020.  See Jamf Pro Cheat Sheet at: 

Testing for automated use of Eduroam continues (need to be on where eduroam is available).  Stake holders met about WolfTech root certificate signing algorithm and a new certificate server will be added to WolfTech where the root certificate will use the more universal signing algorithm. No time frame is set. Because the service will use Jamf ADCS no VPN will be required.



The UNC-SO JAMF Template contract is final – 10 min 

Our Jamf Sales Rep Ben Dennis let me know that the Jamf Template contract is signed and finished at UNC-SO.  There is an increase in the per seat price for Jamf Pro to $15.80 macOS and $9.80 for iOS/iPadOS/tvOS.  We believe OIT will continue to pickup this cost for the campus.  Two new products have been added as separate items not tied to Jamf Pro.  The Jamf Connect product is available with min. 25 seat purchase for $3.35 per seat.  The Jamf Protect product also has 25 seat min and will be $18 per seat. Both Connect and Protect can be purchased now without need for a Jamf Pro license.


Personal Signing Certificates available – 10 min 

It is becoming more and more important to sign profiles and packages for delivery to Apple Devices.  To make this easier and more open to Jamf Site admins we are now able to provide signing certificates that can be used with Profile Creator, Jamf Composer, Handcock, etc.  Unlike developer signing certificates these are only useful on devices that have the Jamf Certificate installed (which is all devices managed by Jamf Pro).

Request a signing cert at

Full details on how this is done at 


Enabling FileVault 2 only with Profile– 10 min 

The Endpoint Protection Standard requires that “full disk encryption” be enabled as does security best practice. There are 2 ways to manage FileVault with a configuration profile a) as part of total configuration of the Security & Privacy System Preference panel and b) a custom signed profile to manage only FileVault2 key values.  Everette will show a quick way to make a custom  profile.


Dave Andersen – New Contracts, New Products, and New ASM vendors – 60 min 

Dave will join us to talk about the latest MacBooks (Air&13″Pro), new leasing agreement approved by UNC-SO, AppleCare update, and how to get 3rd party vendors to add your product serial numbers to ASM.


Q&A – 15 min 

You ask we try to answer 


Next meeting: 

MacTech – Tue. June 9, 2020 in Room B16-B Hillsborough from 2:30-4:30 pm (or virtual). 

MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec 

MacTech does not meet in July. 

Meetings usually held in B16-B Hillsborough Bld. 

Please mark your calendar.