MacTech Groups Agenda
Tue, Oct 11, 2022
2:30 to 4:30 pm
In person Room B16-B Hillsborough Building
or
https://ncsu.zoom.us/j/98050685794?pwd=bU9aQUVqaW5ydU5JS0k1bzA5V0Jqdz09

Announcements – 5 min 

OIT only supports macOS 11.6.7 or newer after Dec 31, 2022 
Status page for jamfcloud.com services see http://status.jamfsoftware.com
OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
Slack group ncstateit.slack.com #macintosh
Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com
Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752
Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
Antivirus for university owned devices – go.ncsu.edu/antivirus
Unity MultiUser Workflow uses XCreds with local home directory  See go.ncsu.edu/jamfcheat#xcreds
OIT supports only Apple branded Intel (intel64) and Apple Silicon(arm64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported.
Please remember to verify prices at www.apple.com/education/pricelists/ with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at  help@ncsu.edu Must login to GSX monthly!!
JAMF Pro Enterprise service go.ncsu.edu/jamf,  go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details
Required Jamf Pro Implementation of Endpoint Protection Standard – go.ncsu.edu/jamfeps
JAMF Pro Cheat Sheet at go.ncsu.edu/jamfcheat for details on common configuration management tasks

Training – 5 min

Virtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at calendly.com/ncsuega

Hands On only:

OIT-Jamf Pro Best Practices for Packagers – TBA reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro03-JPro03&deptName=OIT&instanceID=000008

OIT-Managing Apple Devices with Jamf Pro – 10/27/2022 2:30-4:30 pm
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro01-JPro01&deptName=OIT&instanceID=000009

OIT-Advanced Apple Device  Management with Jamf Pro – 11/22/2022 2:00-5:00pm
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro02-JPro02&deptName=OIT&instanceID=000008 

Local Based Commercial Training – training.computertree.com/course/ 

JAMF Pro Training – www.jamf.com/training/ 

Service Updates – 30 min 

Configuration Management  – Jamf Pro production is currently 10.40.1, test on nccloudtest is 10.41.0, and there is no current beta.   Please test 10.41 for a late Sep update to production.
Jamf Pro is the only approved Configuration Management system for macOS, iOS/iPadOS, and tvOS.  See oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/
Discussion

Patch Management – The Jamf App Catalog at docs.jamf.com/jamf-app-catalog/Jamf_App_Catalog.html now has 105 titles and should be used to install and patch on macOS.
Jamf Pro 10.42 now in Beta 2 will fix a long-standing issue where some Config profiles will loop thousands of times trying to install and cause Jamf to be unreliable for app store apps and Jamf Catalog apps. 

XCreds Project – Version 2.1 of XCreds is now in testing for support at release of macOS 13.  See: https://twocanoes.com/products/mac/xcreds/
All Sites should move away from NoLoAD as it will require an update to work beyond macOS 13 and is no longer in development. Use either XCreds(free) or Jamf Connect (buy licenses from UNC SO contract).
See go.ncsu.edu/jamfcheat#xcreds and go.ncsu.edu/jamfcheat#jc for implementation details.

Backup for Endpoints – No Change The Crashplan production service is at version 10.2.1.16.
For NEW installs only, use the package in JAMF is “NCSU-Campus-Code42_Crashplan-10.2.0-univ.pkg” The “NCSU-Campus-Install Code42CrashPlan License and Config.pkg” is required in the policy as before for new installs. (Note this universal installer is one we fabricated by wrapping the 2 installers Crashplan provides with a postinstall that figures out the right one to use by hardware type.

Internet Recovery – No change
https://support.apple.com/en-us/HT204904.
Also see: https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/
No change

Software Packaging
Autopkg server is now using JamfUploader and JSSImporter will be removed by Oct 20, 2022.
New package for MatLab 2022B should be available by Oct 14, 2022 at 1700.

AntiMalware – No Change
DetectX Swift 1.0983 (universal) is still available. See oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/   
For Sites that have paid for a Crowdstrike Falcon license use NCSU-OIT-Crowdstrike-6.4.155.03.pkg for new installs.  Patching is done directly from the MCNC Crowdstike server.   Note that a PPPC configuration profile is needed for silent installation on devices with non-admin users.  See details at:
help.redcanary.com/hc/en-us/articles/4535994057879-How-to-Manually-Create-a-Jamf-Pro-Configuration-Profile-for-all-CrowdStrike-macOS-Sensor-Versions

Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.

Endpoint Protection Standard  – Required Jamf Pro Implementation of Endpoint Protection Standard is at  go.ncsu.edu/jamfeps  

— 

JNUC 2022 Update – 30 min
Everette will recap news from JNUC 2022 and talk about a few sessions that had good information.
Announcements included 1) Self Service for Jamf Catalog apps and 2) Remote session from device record with only the Jamf agent.  A good summary of all announcements is at
9to5mac.com/2022/09/27/jnuc-2022/
Session videos will be available after Nov 30, 2022 at www.youtube.com/user/JAMFMedia/featured
JNUC 2023 September 19-21, 2023, Austin, Texas, USA
Discussion

Known issues with macOS – 10 min

 We are still seeing a few issues with macOS to be on the lookout for:
– macOS gets self assigned IP address suddenly during use macOS 10.15-125.  Reboot cures the issue.  Try setting IPv6 to Link Local Only, update to macOS 12.6.

-Multiple Network Filters enabled causes Safari and other apps to fail. Seen esp. on 10.15 with Cisco AnyConnect and Crowdstrike Falcon Filters enabled.  Both vendors are working on the issue.  Work-around is to disable the filter for the software not  in use.

– Be aware that all current versions of NoLoAD, XCreds, and Jamf Connect (or any loginwindow replacement) will pause macOS upgrades to require login before the minor or major update can complete regardless if FileVault is on or not. There is no remote solution to get past this. Consider disabling these with the authchanger or XCreds script before updating.

Discussion

Q&A – 15 min
You ask we try to answer 

Next meeting:
MacTech – Tue. Nov 8, 2022  In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.