MacTech 09122023

MacTech Groups Agenda
Tue, Sep12, 2023
3:00 to 4:30 pm
In person Room B16-B Hillsborough Building

Announcements – 5 min OIT only supports macOS 12.x or newer after Dec 31, 2023 
NOTE: Many vendors are dropping support for 10.x versions of macOS.  If there is hardware that can not update to macOS 12 or newer, it is time to plan for replacement.
Status page for services see
OIT Macintosh Support Web Site for updates.
Slack group #macintosh
Apple Sales: Paul & Sys Eng: Dave
Vintage and Obsolete Apple Products:
Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
Antivirus for university owned devices –
Unity MultiUser Workflow uses XCreds with local home directory  See
OIT supports only Apple branded Apple Silicon(arm64) and Intel (intel64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported. NOTE: watchOS and xrOS are best effort with no official support.
Please remember to verify prices at with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at Must login to GSX monthly!!
JAMF Pro Enterprise service, and for details
Required Jamf Pro Implementation of Endpoint Protection Standard –
JAMF Pro Cheat Sheet at for details on common configuration management tasks
JNUC 2023- will be held in Austin, TX- Sep. 19-21, 2023 Several NCSU folks are attending.
UNC CAUSE 2023- will be held in Winston Salem, NC – Oct. 25-27, 2023Training – 5 minVirtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at On only:OIT-Managing Apple Devices with Jamf Pro -Hands On Only Sep 28, 2023  1:30-4:30 HLB B3 Pro Best Practices for Packagers -Hands On Only Oct 24, 2023 HLB B3 Apple Device Management with Jamf Pro -Hands On Only Nov 7, 2023 1:30-4:30 HLB B3 Pro Training – Apple Training –  – Certified IT Professional and Certified Support Professional


Service Updates – 30 min 

Configuration Management  – Jamf Pro production is currently 10.48.1, test on nccloudtest is 10.50.0, and beta is not currently available.  We will skip directly to version 10.50 when we vote to do the production update.  PLEASE TEST 10.50!
We continue to do on-going clean up of unused objects in the Jamf Pro database and are working with Jamf support on several known product issues (PI). Please remove any unused Smart Groups and switch any Smart Groups that are not used in a Scope to an Advanced Report. Please verify that any Configuration Profiles for kernel or system extensions have the correct exclusions based on the processor types they run on. Expect more clean up lists shortly. Jamf Pro is the only approved Configuration Management system for macOS, iOS, iPadOS, and tvOS.  See

Patch Management – The Jamf App Catalog which has 142 titles.

Jamf Connect Updates – the latest version of Jamf Connect, 2.27.0.  See the release notes at
NOTE: Jamf Connect 2.20.0 is last version that supports macOS 10.x

XCreds Project – No change. Latest installer is NCSU-Campus-XCreds-3.1.5084 in Jamf Pro Distribution.
Note: XCreds requires a free, Campus wide, license configuration profile.
The license for XCreds is available for the entire campus use at no cost and will remain so.
See for implementation details.

Backup for Endpoints – CrashPlan version is in production, macOS PPPC see:                                                                                                                          
NOTE: All updates to existing clients are pushed from the web service.
For NEW installs only, use the package in JAMF is “NCSU-Campus-Install_CrashPlan-” The “NCSU-Campus-Install Code42CrashPlan License and Config.pkg” is required in the policy as before for new installs.  An installer for 11.1.0 will be available when we can get it.

Internet Recovery – No change
Also see:

Software Packaging
Any needs?

AntiMalware – No Change
DetectX Swift 1.0983 (universal) is still available. See   
For Sites that have paid for a Crowdstrike Falcon license use NCSU-Campus-Crowdstrike- for new installs.  Patching is done directly from the MCNC Crowdstike server.   Note that a PPPC configuration profile is needed for silent installation on devices with non-admin users.  See details at:

Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.

Endpoint Protection Standard  – Required Jamf Pro Implementation of Endpoint Protection Standard is at  


Apple OS Security Updates – 1 min
Just a reminder that Apple has released security updates that combat known security issues that are in the wild.
All users should be encouraged to do these updates in a timely manner especially on iOS.

***WARNING Jamf LAPS testing on only  – 30 min
BE AWARE that we will turn on the new JAMF LAPS feature globally(only option) on the test server on Thu Sep 14, 2023 after 0900. This means ANY account created in the PreStage with admin permissions will have it’s password rotated 60 min after creation and every week thereafter.   This is for testing with eye to vote on enabling in production sometime after the 10.50 update. THIS CAN ONLY BE TURNED ON GLOBALLY! So everyone will have to use it IF we vote to turn it on.
This is a big, big change for folks still using a local admin account with a static password that everyone has always known.  It means folks will have to look up the admin password before logging into a device for support (like looking up the FileVault key). It also means these accounts will for the first time be reasonably secure.
Jamf has said that a future version “late summer 2023” will have a web interface to look up the password but today that has to be done via the API.  We will not enable this in production until that GUI feature is available. To help with this in testing ONLY we have added the script “Retrieve JAMF LAPS Password.zsh” (see

New Apple OS Updates are upon us – 5 min
With today’s announcements Apple will be releasing updates to macOS14 and iOS/iPadOS 17 in the next few weeks.  If you have not already tested your software workflows it is past time.  Remember you will not be able to prevent updates unless you set a deferral profile and then only for 90 days max.  End users running macOS 13 or better will be able to update  WITHOUT being administrator or elevating permissions. Remember that anyone with a account can login to and download the latest pre-releases and there is a good reference on the Mr. Macintosh web site at:

Apply Profiles for CrowdStrike Before Install – 5 min
We have seen several reports that new installations of CrowdStrike Falcon on macOS 13 and newer are unable to complete and report after install if the configuration profile for the system extension filter is not in place at install time.  These can be safely added to a Jamf Pro PreStage to make sure they are in place.  To create the profiles
Indication that the installs is not is an error from “sudo /Applications/ stats” saying “No such file or directory”.

Apple Announcements at “Wanderlust” event  –  30 min
Recap of today’s “Wanderlust” event and announcements.

Q&A – 15 min
You ask we try to answer 

Next meeting:
MacTech – Tue. Oct 10, 2023  In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.