MacTech Groups Agenda
Tue, Feb 14, 2023
2:30 to 4:30 pm
In person Room B16-B Hillsborough Building
or
https://ncsu.zoom.us/j/98050685794?pwd=bU9aQUVqaW5ydU5JS0k1bzA5V0Jqdz09

Announcements – 5 min OIT only supports macOS 11.6.7 or newer after Dec 31, 2022 
NOTE: Many vendors are dropping support for 10.x versions of macOS.  If there is hardware that can not update to macOS 11 or newer, it is time to plan for replacement.
Status page for jamfcloud.com services see http://status.jamfsoftware.com
OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
Slack group ncstateit.slack.com #macintosh
Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com
Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752
Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
Antivirus for university owned devices – go.ncsu.edu/antivirus
Unity MultiUser Workflow uses XCreds with local home directory  See go.ncsu.edu/jamfcheat#xcreds
OIT supports only Apple branded Intel (intel64) and Apple Silicon(arm64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported.
Please remember to verify prices at www.apple.com/education/pricelists/ with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at  help@ncsu.edu Must login to GSX monthly!!
JAMF Pro Enterprise service go.ncsu.edu/jamf,  go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details
Required Jamf Pro Implementation of Endpoint Protection Standard – go.ncsu.edu/jamfeps
JAMF Pro Cheat Sheet at go.ncsu.edu/jamfcheat for details on common configuration management tasksTraining – 5 minVirtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at calendly.com/ncsuegaHands On only:OIT-Managing Apple Devices with Jamf Pro Feb 21, 2023 1:30-4:30 HLB B3
reporter.ncsu.edu/link/courseview?courseID=OIT-JPro01-JPro01&deptName=OIT&instanceID=000010OIT-Jamf Pro Best Practices for Packagers Mar 23, 2023 1:30-4:30 HLB B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro03-JPro03&deptName=OIT&instanceID=000009OIT-Advanced Apple Device Management with Jamf Pro Apr 27, 2022 1:30-4:30 HLB B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro02-JPro02&deptName=OIT&instanceID=000009Local Based Commercial Training – training.computertree.com/course/ JAMF Pro Training – www.jamf.com/training/ Apple Training – training.apple.com/it New Apple training courses that now cover iOS 16, iPadOS 16, and macOS Ventura are live for Certified IT Professional and Certified Support Professional

 

Service Updates – 30 min 

Configuration Management  – Jamf Pro production is currently 10.42.1, test on nccloudtest is 10.43.1, and there is no current beta. 
The update of Jamf Pro production is Feb 22, 2023 after 1800 pending the final vote. This update appears to fix Patch Policy page load speed in testing.
Jamf Pro is the only approved Configuration Management system for macOS, iOS, iPadOS, and tvOS.  See oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/
Discussion

Patch Management – No Change The Jamf App Catalog at docs.jamf.com/jamf-app-catalog/Jamf_App_Catalog.html has 119 titles.

Jamf Connect Updates – the latest version of Jamf Connect, 2.20.0.  See the release notes at
learn.jamf.com/bundle/jamf-connect-documentation-2.20.0/page/Jamf_Connect_Documentation.html
REMINDER https://login.microsoftonline.com/common/.well-known/openid-configuration is no longer supported and “common” must be replaced with our tenant id (see same config profile)
Discussion

XCreds Project – Release version – NCSU-Campus-XCreds_Build-3347_Version-2.2.pkg.
Dev version – PreBeta-XCreds_Build-3358_Version-2.3.pkg
Info: github.com/twocanoes/xcreds/releases/
See go.ncsu.edu/jamfcheat#xcreds and go.ncsu.edu/jamfcheat#jc for implementation details..

Backup for Endpoints – No Change The Crashplan production service is at version 10.4.0.224.
CrashPlan has announced version 11 to be released soon.  Profiles for allowing background agent and full disk access will need to be changed to the new developer id. See the note at the bottom of:
support.crashplan.com/hc/en-us/articles/11427606025997-CrashPlan-app-version-11-0-changes-to-application-and-service-names-
NOTE: All updates to existing clients are pushed from the web service.
For NEW installs only, use the package in JAMF is “NCSU-Campus-Code42_CrashPlan-10.4.0.pkg” The “NCSU-Campus-Install Code42CrashPlan License and Config.pkg” is required in the policy as before for new installs. 

Internet Recovery – No change
https://support.apple.com/en-us/HT204904.
Also see: https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/

Software Packaging
New M1 Autopkg servers are racked and in testing

AntiMalware – No Change
DetectX Swift 1.0983 (universal) is still available. See oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/   
For Sites that have paid for a Crowdstrike Falcon license use NCSU-OIT-Crowdstrike-6.4.155.03.pkg for new installs.  Patching is done directly from the MCNC Crowdstike server.   Note that a PPPC configuration profile is needed for silent installation on devices with non-admin users.  See details at:
help.redcanary.com/hc/en-us/articles/4535994057879-How-to-Manually-Create-a-Jamf-Pro-Configuration-Profile-for-all-CrowdStrike-macOS-Sensor-Versions

Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.

Endpoint Protection Standard  – Required Jamf Pro Implementation of Endpoint Protection Standard is at  go.ncsu.edu/jamfeps  

— 

Deferral dates ending for MacOS 13 – 10 min
Reminder if you are still blocking macOS 13 Ventura via 90 Day MDM deferral profile please pay attention to these date
**March 13, 2023 = 13.1 delta upgrade will show allowing non admin users to upgrade!!
This is a permanent change going forward and everyone should be prepared to support the latest macOS within 90 days of release.  Remember to use an Apple School Manager login at appleseed.apple.com to get the latest test versions of macOS. 
Discussion

Tech Short: Script-B-Gone – Use the Execute Command payload in Jamf Pro – 15 min
For many applications we don’t need to write a full blown unix script to accomplish what we need.  Everett will talk about using The Execute Command field in the Files and Processes option of a Jamf Policy instead.
Discussion

Tech Short: Customization with Jamf Variables- 15 min
Both Jamf and Apple have known variables that can be used in Configuration Profiles to customize the end user experience.  For enrolled devices these variables can be used in any profile for any app not just Jamf related configuration. Limitations: 
1) only a few Jamf Variables are available in the Prestage setup before ASA these are usually hardware related like $SERIALNUMBER
2) Jamf Variables do not implement time travel.  Meaning if an inventory record has not yet been created then variables like $COMPUTERNAME will not have any value until AFTER inventory is complete.  Same is true for $USERNAME early in Prestage.  However that said since are connected to a user directory variables like $FULLNAME and $USERNAME are available and can be used in Enrollment Customization.
A good reference is at:
amsys.co.uk/mdm-configuration-profile-variable-reference
Demonstration use Support.app
Discussion

Q&A – 15 min
You ask we try to answer 

Next meeting:
MacTech – Tue. Mar 14, 2023  In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.