MacTech 12132022

MacTech Groups Agenda
Tue, Dec 13, 2022
2:30 to 4:30 pm
In person Room B16-B Hillsborough Building

Announcements – 5 min 

OIT only supports macOS 11.6.7 or newer after Dec 31, 2022 
NOTE: Many vendors are dropping support for 10.x versions of macOS.  If there is hardware that can not update to macOS 11 or newer, it is time to plan for replacement.
Status page for services see
OIT Macintosh Support Web Site for updates.
Slack group #macintosh
Apple Sales: Paul & Sys Eng: Dave
Vintage and Obsolete Apple Products:
Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
Antivirus for university owned devices –
Unity MultiUser Workflow uses XCreds with local home directory  See
OIT supports only Apple branded Intel (intel64) and Apple Silicon(arm64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported.
Please remember to verify prices at with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at Must login to GSX monthly!!
JAMF Pro Enterprise service, and for details
Required Jamf Pro Implementation of Endpoint Protection Standard –
JAMF Pro Cheat Sheet at for details on common configuration management tasks

Training – 5 min

Virtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at

Hands On only:

OIT-Managing Apple Devices with Jamf Pro Feb 21, 2023 1:30-4:30 HLB B3

OIT-Jamf Pro Best Practices for Packagers Mar 23, 2023 1:30-4:30 HLB B3

OIT-Advanced Apple Device Management with Jamf Pro Apr 27, 2022 1:30-4:30 HLB B3

Local Based Commercial Training – 

JAMF Pro Training – 

Service Updates – 30 min 

Configuration Management  – Jamf Pro production is currently 10.42.1, test on nccloudtest is 10.42.1, and the current beta is 10.43B1.  Jamf Pro is the only approved Configuration Management system for macOS, iOS, iPadOS, and tvOS.  See

Patch Management – No Change The Jamf App Catalog at still has 116 titles.


Jamf Connect Updates – the latest version of Jamf Connect, 2.18.0. Starting Dec 2022 MS is dropping support for the “common” link for authentication to Azure and requiring use of the tenant link.  This will mean the profiles will need change.  See the release notes at

XCreds Project – PreBeta-XCreds_Build-3309_Version-2.1.pkg  of XCreds is now in testing with more logging for issues around File Vault  See:
See and for implementation details.
We are tracking an issue with Twocanoes related to first login after macOS updates failures when FileVault is turned on.

Backup for Endpoints – No Change The Crashplan production service is at version
All updates to existing clients are pushed from the web service. The latest installer from CrashPlan is now fully universal! For NEW installs only, use the package in JAMF is “NCSU-Campus-Code42_CrashPlan-10.4.0.pkg” The “NCSU-Campus-Install Code42CrashPlan License and Config.pkg” is required in the policy as before for new installs.
CrashPlan expects and app name and branding to change in late Jan or early Feb 2023.  This change will include some path names so please be aware if you have documentation or workflows that have “Code42” in them. 

Internet Recovery – No change
Also see:

Software Packaging
New Autopkg servers based in M1 MacMinis are purchased and ready to replace 2012 models in Jan 2023.

AntiMalware – No Change
DetectX Swift 1.0983 (universal) is still available. See   
For Sites that have paid for a Crowdstrike Falcon license use NCSU-OIT-Crowdstrike- for new installs.  Patching is done directly from the MCNC Crowdstike server.   Note that a PPPC configuration profile is needed for silent installation on devices with non-admin users.  See details at:

Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.

Endpoint Protection Standard  – Required Jamf Pro Implementation of Endpoint Protection Standard is at  


XCreds issues update – 10 min
Update on XCreds issues
1) The first new account creation on provisioning/re-provisioning fails until after the first local login. Twocanoes is working on this issue and it is related to FileVault so may be after the holiday break before we see a fix (Must test with hardware not VM)
2) Unable to type in XCreds window after Upgrade to macOS 13.  Twocanoes is aware and working on these.  Maybe fixed by macOS 13.1.

Jamf Connect Changes – 10 min
Jamf is changing the retail version of Jamf Connect product into 2 different levels- Basic and Premium. Basic is just Jamf Connect we are using now with retail cost going down.  Premium will include the Jamf Private Access features with retail cost going up slightly.  However there will be no change in cost or features for the Jamf Connect we get in education.

MS changes to the Azure “Common” URL for configuring Jamf Connect and XCreds – 10 min

The best summary and links for this change is at
Basically the discovery URL
Is being blocked and we must use the link with our tenant id in it.  For XCreds the Jamf Configuration Profile Template already has the correct default value.  Please check your Jamf Connect configuration profiles and update the URL if needed.

White paper on Login Items Background Permissions and Notifications – 10 min

 With macOS 13 Apple has added new permissions and new notifications for login items that run in the background. A new configuration white paper from HCS is available from:
NOTE: Pay special attention to using a new smart group criteria of “com.jamf.servicemanagement.backgroundapps” to avoid installing on older devices which might fail and cause a profile loop.  Also see p 20 on using the Label, Bundle Identifier and Team Identifier. These identifier types will become more commonly used going forward and can be used with PPPC profiles to make  managing access easier.

TechShort: Better way to do Printing Profiles – 30 min

 Currently the Jamf Cheat Sheet recommends setting up printers using the AirPrint payload.  In working with CNR we discovered that “easy” printers like this are created under macOS 13 but do not show up to the end user reliably.  There is another type of profile supported by Jamf under the the domain that works well.  Jamf already has this payload under Printing but they only support adding existing printers that can not be created by Site administrators.  Also there is a custom JSON template that can be used but it is malformed in Github and will appear to work but does not create usable printers.  The best option is to use an unsigned (yes) XML .mobileconfig that covers all the keys.  Get the example preconfigured with all Wolf Print printers from:
NOTE: Don’t forget to change the PayloadUUID using /usr/bin/uuidgen.
Also some tricks on how to provide PPDs from central location.


Q&A – 15 min
You ask we try to answer 

Next meeting:
MacTech – Tue. Jan 10, 2023  In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.