Mac Tech

MacTech 08082023

By ega

MacTech Groups Agenda
Tue, Aug 8, 2023
2:30 to 4:30 pm
In person Room B16-B Hillsborough Building
or
https://ncsu.zoom.us/j/98050685794?pwd=bU9aQUVqaW5ydU5JS0k1bzA5V0Jqdz09

Announcements – 5 min 

  • OIT only supports macOS 12.x or newer after Dec 31, 2023 
    NOTE: Many vendors are dropping support for 10.x versions of macOS.  If there is hardware that can not update to macOS 12 or newer, it is time to plan for replacement.
    Status page for jamfcloud.com services see http://status.jamfsoftware.com
    OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
    Slack group ncstateit.slack.com #macintosh
    Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com
    Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752
    Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
    Antivirus for university owned devices – go.ncsu.edu/antivirus
    Unity MultiUser Workflow uses XCreds with local home directory  See go.ncsu.edu/jamfcheat#xcreds
    OIT supports only Apple branded Apple Silicon(arm64) and Intel (intel64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported. NOTE: watchOS and xrOS are best effort with no official support.
    Please remember to verify prices at www.apple.com/education/pricelists/ with NC State Marketplace
    Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at  help@ncsu.edu Must login to GSX monthly!!
    JAMF Pro Enterprise service go.ncsu.edu/jamf,  go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details
    Required Jamf Pro Implementation of Endpoint Protection Standard – go.ncsu.edu/jamfeps
    JAMF Pro Cheat Sheet at go.ncsu.edu/jamfcheat for details on common configuration management tasks
    JNUC 2023- will be held in Austin, TX- Sep. 19-21, 2023     community.jamf.com/t5/jamf-nation-user-conference/jamf-nation-user-conference-2023-registration-is-open/td-p/283510
    UNC CAUSE 2023- will be held in Winston Salem, NC – Oct. 25-27, 2023
    Everette on leave Aug 14-Sep1 – Use OIT_JAMF group in Service Now

Training – 5 min

Virtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at calendly.com/ncsuega

Hands On only:

OIT-Managing Apple Devices with Jamf Pro -Hands On Only Sep 28, 2023  1:30-4:30 HLB B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro01-JPro01&deptName=OIT&instanceID=000012

OIT-Jamf Pro Best Practices for Packagers -Hands On Only Oct 24, 2023 HLB B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro03-JPro03&deptName=OIT&instanceID=000010

OIT-Advanced Apple Device Management with Jamf Pro -Hands On Only Aug 10, 2023 1:30-4:30 HLB B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro02-JPro02&deptName=OIT&instanceID=000011

OIT-Advanced Apple Device Management with Jamf Pro -Hands On Only Nov 7, 2023 1:30-4:30 HLB B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro02-JPro02&deptName=OIT&instanceID=000011

JAMF Pro Training – www.jamf.com/training/ 

Apple Training – training.apple.com/it  – Certified IT Professional and Certified Support Professional

 

Service Updates – 30 min 

Configuration Management  – Jamf Pro production is currently 10.48.1, test on nccloudtest is 10.48.1, and beta is 10.49.0B1.  We are doing on-going clean up of unused objects in the Jamf Pro database and working with Jamf support on several known product issues (PI). Please remove any unused Smart Groups and switch any Smart Groups that are not used in a Scope to an Advanced Report.
Jamf Pro is the only approved Configuration Management system for macOS, iOS, iPadOS, and tvOS.  See oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/
Discussion

Patch Management – The Jamf App Catalog which has 129 titles.
learn.jamf.com/bundle/jamf-app-catalog/page/Release_History_App_Installers.html

Jamf Connect Updates – the latest version of Jamf Connect, 2.25.0.  See the release notes at
learn.jamf.com/bundle/jamf-connect-documentation-current/page/Release_History.html
NOTE: Jamf Connect 2.20.0 is last version that supports macOS 10.x
Discussion

XCreds Project – Release version -NCSU-Campus-XCreds-3.0.3607.pkg.
We are seeing 2 issues sporadically on a few devices:
Note: XCreds requires a free, Campus wide, license configuration profile.
The license for XCreds is available for the entire campus use at no cost and will remain so.
See go.ncsu.edu/jamfcheat#xcreds for implementation details.

Backup for Endpoints – CrashPlan version 11.1.1.2 is in production, macOS PPPC see:
support.crashplan.com/hc/en-us/articles/8695023896845-Grant-CrashPlan-permissions-to-macOS-devices                                                                                                                          
NOTE: All updates to existing clients are pushed from the web service.
For NEW installs only, use the package in JAMF is “NCSU-Campus-Install_CrashPlan-11.1.1.2.pkg” The “NCSU-Campus-Install Code42CrashPlan License and Config.pkg” is required in the policy as before for new installs.  An installer for 11.1.0 will be available when we can get it.

Internet Recovery – No change
https://support.apple.com/en-us/HT204904.
Also see: https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/

Software Packaging
Any needs?

AntiMalware – No Change
 DetectX Swift 1.0983 (universal) is still available. See oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/   
For Sites that have paid for a Crowdstrike Falcon license use NCSU-Campus-Crowdstrike-6.49.162.01.pkg for new installs.  Patching is done directly from the MCNC Crowdstike server.   Note that a PPPC configuration profile is needed for silent installation on devices with non-admin users.  See details at:
help.redcanary.com/hc/en-us/articles/4535994057879-How-to-Manually-Create-a-Jamf-Pro-Configuration-Profile-for-all-CrowdStrike-macOS-Sensor-Versions

Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.

Endpoint Protection Standard  – Required Jamf Pro Implementation of Endpoint Protection Standard is at  go.ncsu.edu/jamfeps  

— 

macOS 14 and iOS/iPadOS 17 testing – 10 min
If you are not testing your Apple Management workflows with the latest beta releases from appleseed.apple.com please start now. Anyone with a school.apple.com account can login to appleseed.  Also there are direct downloads at https://mrmacintosh.com/macos-sonoma-full-installer-database-download-directly-from-apple/
Support for new macOS and iOS at Zero day is becoming the norm and if there is vendor lag for app support you need to know that before the public update is released.  Remember that starting in macOs 13 updated can no longer be deferred beyond 90 days  and non-admin users can update macOS and iOS regardless.
Discussion

Jamf Issues and updates – 30 min
Variety of Jamf Pro issues we are following.  None are widespread but be aware:
a) clean up on Smart Groups, Poorly Scoped Configuration Profiles and Unused Packages continues.  Expect more emails on clean up
b) New PI112111 where too many Configuration Profiles are delivered too quickly and ADE fails during or at the end of setup assist.  Jamf is aware and it is scheduled to fix (no timeline) only seen 4 devices across the entire system so far.  Changing networks like moving to a hot spot or slower network seems to help in  some cases. Also some devices can recover by removing from PreStage, doing consumer setup assistant, then putting  back in prestage and doing:
sudo profiles renew -type enrollment
c) We discovered that on about Aug 1, 2023 the new JAMF LAPS feature had been enabled on nc.jamfcloud.com. No logs could be found by the UWCA Team or Jamf Support/Jamf Hosting to say who turned this on or exactly when.  Good news is the feature works.  We turned the feature off about 1000 on Fri Aug 4, 2023.   The side effect is that an unknown number of local admin accounts (uid 501) have had their password security rotated.  If this is an issue for anyone see this web page on how to use the API to find credentials
(https://community.jamf.com/t5/tech-thoughts/how-to-securely-manage-local-admin-passwords-with-jamf-pro-and/ba-p/289969) or simply run a policy with the standard password change payload option.
Discussion

Jamf Pro Clean up of Smart Groups and Configuration Profiles – 10 min
We need to continue to clean up Nested Smart Groups – Jamf Support has sent another list that Everette will get out.   We continue to battle a known issue with profiles that are scoped to either the wrong processor type (kernel extensions on ASi) or settings that can’t work on  User Approved MDM (ie must be ADE) . Jamf support also has another list that I am working thru to get associated with Sites and will send out when I can.
Discussion

Autopkg clean up update  –  5 min
The autopkg clean up automation is on hold until Jamf can tell us if packages scoped to Patch Titles can safely be removed.  Clean up of unused packages based on recommendations from the Jamf Health Check is part of phase 3 of the unused object clean up we began in late July 2023. Please clean up any unused packages, Smart Groups and Configuration Profiles as soon as you can.
Discussion

Q&A – 15 min
You ask we try to answer 

Next meeting:
MacTech – Tue. Sep 12, 2023  In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.