MacTech 10102023


MacTech Groups Agenda
Tue, Oct 10, 2023
2:30 to 4:30 pm
In person Room B16-B Hillsborough Building

Announcements – 5 min 

OIT only supports macOS 12.x or newer after Dec 31, 2023 
NOTE: Many vendors are dropping support for 10.x versions of macOS.  If there is hardware that can not update to macOS 12 or newer, it is time to plan for replacement.
Status page for services see
OIT Macintosh Support Web Site for updates.
Slack group #macintosh
Apple Sales: Paul & Sys Eng: Dave
Vintage and Obsolete Apple Products:
Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
Antivirus for university owned devices –
Unity MultiUser Workflow uses XCreds with local home directory  See
OIT supports only Apple branded Apple Silicon(arm64) and Intel (intel64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported. NOTE: watchOS and xrOS are best effort with no official support.
Please remember to verify prices at with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at Must login to GSX monthly!!
JAMF Pro Enterprise service, and for details
Required Jamf Pro Implementation of Endpoint Protection Standard –
JAMF Pro Cheat Sheet at for details on common configuration management tasks
JNUC 2023- will be held in Austin, TX- Sep. 19-21, 2023 Several NCSU folks are attending.
UNC CAUSE 2023- will be held in Winston Salem, NC – Oct. 25-27, 2023
— Everette will co-host the Apple Managers SIG at UNC CAUSE OCT 25 @ 1645
Brooks Person from ECU will give a talk on “ECU School of Dental Medicine’s Journey with Jamf Protect & macOS
  Security Compliance” at UNC CAUSE Oct 27 @ 1100

Training – 5 min

Virtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at

Hands On only:

OIT-Managing Apple Devices with Jamf Pro -Hands On Only TBA

OIT-Jamf Pro Best Practices for Packagers -Hands On Only Oct 24, 2023 HLB B3

OIT-Advanced Apple Device Management with Jamf Pro -Hands On Only Nov 7, 2023 1:30-4:30 HLB B3

JAMF Pro Training – 

Apple Training –  – Certified IT Professional and Certified Support Professional


Service Updates – 30 min 

Configuration Management  – Jamf Pro production is currently 10.50, test on nccloudtest is 10.50.0, and beta 11.0B1.  We continue to do on-going clean up of unused objects in the Jamf Pro database and are working with Jamf support on several known product issues (PI). Please remove any unused Smart Groups and switch any Smart Groups that are not used in a Scope to an Advanced Report. Please verify that any Configuration Profiles for kernel or system extensions have the correct exclusions based on the processor types they run on. Expect more clean up lists shortly. Jamf Pro is the only approved Configuration Management system for macOS, iOS, iPadOS, and tvOS.  See

Patch Management – The Jamf App Catalog which has 145 titles.

Jamf Connect Updates – the latest version of Jamf Connect, 2.28.0.  See the release notes at
NOTE: Jamf Connect 2.20.0 is last version that supports macOS 10.x

XCreds Project – No change. Latest installer is NCSU-Campus-XCreds-3.1.5084 in Jamf Pro Distribution.
Note: XCreds requires a free, Campus wide, license configuration profile.
The license for XCreds is available for the entire campus use at no cost and will remain so.
See for implementation details.

Backup for Endpoints – CrashPlan version is in production, macOS PPPC see:                                                                                                                          
NOTE: All updates to existing clients are pushed from the web service.
For NEW installs only, use the package in JAMF is “NCSU-Campus-Install_CrashPlan-” The “NCSU-Campus-CrashPlan License.pkg” is required in the policy as before for new installs. 
The license package for CrashPlan has been updated to reflect the new service URL along with the SSO configuration of the service.  This was needed due to the final transfer of resources from Code42 to CrashPlan.

Internet Recovery – No change
Also see:

Software Packaging
NCSU-Campus-Matlab_2023b.pkg and NCSU-Campus-AlertusDesktopClientInstaller_v2.12.03.1810.pkg were added to the Jamf Distribution service along with the updated Crashplan License installer.
Are there other needs?

AntiMalware – No Change
DetectX Swift 1.0983 (universal) is still available. See   
For Sites that have paid for a Crowdstrike Falcon license use NCSU-Campus-Crowdstrike- for new installs.  Patching is done directly from the MCNC Crowdstike server.   Note that a PPPC configuration profile is needed for silent installation on devices with non-admin users.  See details at:

Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.

Endpoint Protection Standard  – Required Jamf Pro Implementation of Endpoint Protection Standard is at  


Apple OS Security Updates – 1 min
Just a reminder that Apple has released even more security updates that combat known security issues that are in the wild.   There are now 3 dot releases of iPadOS and iOS. All users should be encouraged to do these updates in a timely manner especially on iOS.

Understanding Jamf LAPS testing on – 30 min
Jamf controlled MDM LAPS is now on for testing in Here is a slide showing the conditions that enforce both kinds of LAPS.  The “macadd” account will ALWAYS be subject to the Jamf LAPS (JLAPS) regardless from now on. This does not matter to 99.9% of the world.  The admin account configured in PreStage will always be under Apple’s MDM LAPS when created if we turn it on like we have in nccloudtest.  Admin accounts created by a policy will NOT be under any LAPS(Everette tested this). Today there is no web GUI to get the MDM LAPS password escrowed, only the API. Use the script,“Retrieve JAMF LAPS Password.zsh” (see for testing. 
We will not turn MDM LAPS on in production until there is a web GUI to view the escrowed passwords.
Currently the settings on nccloudtest are 1) rotate the password 60 minutes after it is viewed (ie retrieved with API) and 2) rotate the password every 90 days from last rotation.
Currently we have control to enable this or not. However Jamf documentation says:
“MDM LAPS is disabled by default. In a future release of Jamf Pro,
automatic password randomization for this account(Prestage Admin) will be enabled.”

Apple OS Updates – 5 min
Apple has released updates for macOS14 and iOS/iPadOS 17.  If you have not already tested your software workflows it is past time.  Remember you will not be able to prevent updates unless you set a deferral profile and then only for 90 days max.  End users running macOS 13 or better will be able to update  WITHOUT being administrator or elevating permissions. Remember that anyone with a account can login to and download the latest pre-releases and there is a good reference on the Mr. Macintosh web site at:

Apple Managed Software Updates in Jamf Pro – 5 min
On Wed Oct 11, 2023 about 0900 we will enable the “new” managed Apple Software updates tab in Jamf Pro.  This should work with macOS 10.15 and newer including macOS 14.0.  In testing this has been a more reliable way to update macOS.  HOWEVER, please remember 1) the download is still 12+ gig and the updates will not take place until the download is complete however long that takes on your network, 2) Jamf has not yet implemented all the features of MDM Software Updates so getting the status of updates in progress is not yet available, 3) Works with computers with macOS 10.15 or later, supervised or enrolled via a PreStage enrollment in Jamf Pro and 4)To have the update for computers with Apple silicon (i.e., M1 chip) installed automatically without user interaction, a Bootstrap Token for target computers must be escrowed with Jamf Pro.


Q&A – 15 min
You ask we try to answer 

Next meeting:
MacTech – Tue. Nov 14, 2023  In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.