MacTech Groups Agenda
Tue, Dec 13, 2022
2:30 to 4:30 pm
In person Room B16-B Hillsborough Building
Announcements – 5 min
OIT only supports macOS 11.6.7 or newer after Dec 31, 2022
NOTE: Many vendors are dropping support for 10.x versions of macOS. If there is hardware that can not update to macOS 11 or newer, it is time to plan for replacement.
Status page for jamfcloud.com services see http://status.jamfsoftware.com
OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
Slack group ncstateit.slack.com #macintosh
Apple Sales: Paul Petrogeorgeemail@example.com & Sys Eng: Dave Andersenfirstname.lastname@example.org
Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752
Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
Antivirus for university owned devices – go.ncsu.edu/antivirus
Unity MultiUser Workflow uses XCreds with local home directory See go.ncsu.edu/jamfcheat#xcreds
OIT supports only Apple branded Intel (intel64) and Apple Silicon(arm64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported.
Please remember to verify prices at www.apple.com/education/pricelists/ with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at email@example.com Must login to GSX monthly!!
JAMF Pro Enterprise service go.ncsu.edu/jamf, go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details
Required Jamf Pro Implementation of Endpoint Protection Standard – go.ncsu.edu/jamfeps
JAMF Pro Cheat Sheet at go.ncsu.edu/jamfcheat for details on common configuration management tasks
Training – 5 min
Virtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at calendly.com/ncsuega
Hands On only:
OIT-Managing Apple Devices with Jamf Pro Feb 21, 2023 1:30-4:30 HLB B3
OIT-Jamf Pro Best Practices for Packagers Mar 23, 2023 1:30-4:30 HLB B3
OIT-Advanced Apple Device Management with Jamf Pro Apr 27, 2022 1:30-4:30 HLB B3
Local Based Commercial Training – training.computertree.com/course/
JAMF Pro Training – www.jamf.com/training/
Service Updates – 30 min
Configuration Management – Jamf Pro production is currently 10.42.1, test on nccloudtest is 10.42.1, and the current beta is 10.43B1. Jamf Pro is the only approved Configuration Management system for macOS, iOS, iPadOS, and tvOS. See oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/
Patch Management – No Change The Jamf App Catalog at docs.jamf.com/jamf-app-catalog/Jamf_App_Catalog.html still has 116 titles.
Jamf Connect Updates – the latest version of Jamf Connect, 2.18.0. Starting Dec 2022 MS is dropping support for the “common” link for authentication to Azure and requiring use of the tenant link. This will mean the profiles will need change. See the release notes at
XCreds Project – PreBeta-XCreds_Build-3309_Version-2.1.pkg of XCreds is now in testing with more logging for issues around File Vault See: github.com/twocanoes/xcreds/releases/
See go.ncsu.edu/jamfcheat#xcreds and go.ncsu.edu/jamfcheat#jc for implementation details.
We are tracking an issue with Twocanoes related to first login after macOS updates failures when FileVault is turned on.
Backup for Endpoints – No Change The Crashplan production service is at version 10.4.0.224.
All updates to existing clients are pushed from the web service. The latest installer from CrashPlan is now fully universal! For NEW installs only, use the package in JAMF is “NCSU-Campus-Code42_CrashPlan-10.4.0.pkg” The “NCSU-Campus-Install Code42CrashPlan License and Config.pkg” is required in the policy as before for new installs.
CrashPlan expects and app name and branding to change in late Jan or early Feb 2023. This change will include some path names so please be aware if you have documentation or workflows that have “Code42” in them.
Internet Recovery – No change
Also see: https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/
New Autopkg servers based in M1 MacMinis are purchased and ready to replace 2012 models in Jan 2023.
AntiMalware – No Change
DetectX Swift 1.0983 (universal) is still available. See oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/
For Sites that have paid for a Crowdstrike Falcon license use NCSU-OIT-Crowdstrike-6.4.155.03.pkg for new installs. Patching is done directly from the MCNC Crowdstike server. Note that a PPPC configuration profile is needed for silent installation on devices with non-admin users. See details at:
Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.
Endpoint Protection Standard – Required Jamf Pro Implementation of Endpoint Protection Standard is at go.ncsu.edu/jamfeps
XCreds issues update – 10 min
Update on XCreds issues
1) The first new account creation on provisioning/re-provisioning fails until after the first local login. Twocanoes is working on this issue and it is related to FileVault so may be after the holiday break before we see a fix (Must test with hardware not VM)
2) Unable to type in XCreds window after Upgrade to macOS 13. Twocanoes is aware and working on these. Maybe fixed by macOS 13.1.
Jamf Connect Changes – 10 min
Jamf is changing the retail version of Jamf Connect product into 2 different levels- Basic and Premium. Basic is just Jamf Connect we are using now with retail cost going down. Premium will include the Jamf Private Access features with retail cost going up slightly. However there will be no change in cost or features for the Jamf Connect we get in education.
MS changes to the Azure “Common” URL for configuring Jamf Connect and XCreds – 10 min
The best summary and links for this change is at
Basically the discovery URL
Is being blocked and we must use the link with our tenant id in it. For XCreds the Jamf Configuration Profile Template already has the correct default value. Please check your Jamf Connect configuration profiles and update the URL if needed.
White paper on Login Items Background Permissions and Notifications – 10 min
With macOS 13 Apple has added new permissions and new notifications for login items that run in the background. A new configuration white paper from HCS is available from:
NOTE: Pay special attention to using a new smart group criteria of “com.jamf.servicemanagement.backgroundapps” to avoid installing on older devices which might fail and cause a profile loop. Also see p 20 on using the Label, Bundle Identifier and Team Identifier. These identifier types will become more commonly used going forward and can be used with PPPC profiles to make managing access easier.
TechShort: Better way to do Printing Profiles – 30 min
Currently the Jamf Cheat Sheet recommends setting up printers using the AirPrint payload. In working with CNR we discovered that “easy” printers like this are created under macOS 13 but do not show up to the end user reliably. There is another type of profile supported by Jamf under the the com.apple.mcxprinting domain that works well. Jamf already has this payload under Printing but they only support adding existing printers that can not be created by Site administrators. Also there is a custom JSON template that can be used but it is malformed in Github and will appear to work but does not create usable printers. The best option is to use an unsigned (yes) XML .mobileconfig that covers all the keys. Get the example preconfigured with all Wolf Print printers from:
NOTE: Don’t forget to change the PayloadUUID using /usr/bin/uuidgen.
Also some tricks on how to provide PPDs from central location.
Q&A – 15 min
You ask we try to answer
MacTech – Tue. Jan 10, 2023 In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.