MacTech Groups Agenda
Tuesday, Feb 11, 2020
2:30 to 4:30 pm
B16-B Hillsborough Bld.

Announcements – 5 min

OIT only supports macOS 10.13.6 or newer

Status page for jamfcloud.com services see http://status.jamfsoftware.com

OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.

Slack group ncstateit.slack.com #macintosh

Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com

macOS versions that shipped with Intel Hardware: support.apple.com/kb/HT1159

Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752

Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.

Antivirus for university owned devices – go.ncsu.edu/antivirus

Unity Macintosh Workflow uses Active Directory configuration with local home directory at /Users/$uid$

OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.

Please remember to check prices at www.apple.com/education/pricelists/ to verify best price with NC State Marketplace

Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at  help@ncsu.edu Must login to GSX monthly!!

UNC Combined Pricing Initiative (CPI) oit.ncsu.edu/campus-it/it-purchasing/unc-combined-pricing-initiative-cpi-program-at-nc-state/

JAMF Pro Enterprise service go.ncsu.edu/jamf,  go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details

Training – 5 min

OIT-iOS Mobile Device Security  – TBA

reporter.ncsu.edu/link/courseview?courseID=OIT-iOSMob-Security&deptName=OIT

OIT-Managing Apple Devices with Jamf Pro – Feb 12, 2020 – 

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro01-JPro01&deptName=OIT (4 seats left!)

OIT-Jamf Pro Best Practices for Packagers – Mar 05, 2020 – 

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro03-JPro03&deptName=OIT

OIT-Advanced Apple Device  Management with Jamf Pro – Apr 7, 2020

reporter.ncsu.edu/link/courseview?courseID=OIT-JPro02-JPro02&deptName=OIT

CrashPlan for Sub-Org Administrators – Request – 

reporter.ncsu.edu/link/courseview?courseID=OIT-CPlan1-CPlan1&deptName=OIT

Local Based Commercial Training – training.computertree.com/course/

JAMF Pro Training – www.jamf.com/training/

Service Updates – 15 min

Configuration Management  – Jamf Pro production moves to 10.18.0 Wed Feb 12 after 1830. (https://docs.jamf.com/10.18.0/jamf-pro/release-notes/What’s_New.html)
Jamf Pro 10.19.0 in test on nccloudtest.jamfcloud.com. Jamf will update their standard cloud on Feb 21.  Please test as we will want to move quickly to 10.19.0 for the additional bootstrap support.
Tentatively Jamf will move nc.jamfcloud.com to latest virtual infrastructure on Feb 26, 2020 after 1800

The UNC-SO Template contract is up end of April and will be renegotiated at SO.  Expect an increase in price which could be up to $1.00 per seat (it looks like OIT will still pay for campus).

Also please note that Jamf Pro is now approved as an official Configuration Management system for macOS, iOS, iPadOS, and tvOS per the MacTech request from January 2020.  See https://oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/

Patch Definition Management – OIT had an internal meeting on patch management and issues around notification of available patches for all OSs.  Everyone was interested in notification  but there was no human or budgetary resources for the project.  Kinobi.io is now a full service cost is  ~$1800 per year for patch definitions only and ~$6,000 per year for patch definitions and packages (retain cost, includes custom packages). Kinobi.io is tracking about 1,500 patches (about 300 apps) however the Pro version only covers 50 installers and 10 installer customizations (patch definitions are unlimited at both levels). If folks are interested I can see what we would need to do to get the service?

CrashPlan – Production service moves to version 7.7.0 after 2000 on Feb 11, 2020.  Clients will be release on Feb 12 after 0800 if testing works out. This release schedule is dictated by Code42 but we have an automatic 7 day global delay to try and avoid the issue we had with incompatible clients released to devices running older/unsupported OSs. Both license installers will remain compatible for new installs with7.7.0 but will not be needed for update since the updates will happen automatically from the CrashPlan web service as clients check in.  

Internet Recovery – https://support.apple.com/en-us/HT204904 Command-Option-R to install latest version for hardware or Command-R to install currently installed version.

Software Packaging –Still waiting on 64 bit Spirion packages as a server upgrade is required.  The latest 64 bit Alertus package is available in Jamf Pro as NCSU-Campus-AlertusDesktopClient211021760.pkg (https://nc.jamfcloud.com/packages.html?id=7544)

AntiMalware– WebEX Demo of Jamf Protect Thursday Feb 13, 2020 at 1400.  https://jamf.webex.com/jamf/j.php?MTID=mb049ea7dd39fbca8ebe595443294a6a6. Meeting number (access code): 806 683 111

Meeting password: Tw5cpc85

DetectX Swift is still available and should be installed see oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/

Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg

https://nc.jamfcloud.com/packages.html?id=6679

Apple School Manager – No changes or updates.

AppleCare for Enterprise update – on hold pending Apple being able to add to MarketPlace

Endpoint Protection Standard – Phase 2 deadline is Dec 31, 2020.  See Jamf Pro Cheat Sheet at:

oit.ncsu.edu/help-support/apple/jamf-pro/jamf-pro-policy-cheat-sheet/

Discussion

—

JAMF Pro Changes Changes for next Contract Cycle – 30 min

Jamf is moving our production instance to a new service level they call Premium Cloud( tentatively on Feb 26, 2020.  There will be a 6-8 hour outage where no inventory will be collected and no policies will run. This environment matches the service we have always had.  However, there will be a significant price increase for this level of service ($1+ per seat)at our next renewal (Oct 2020).  The only real differences in Premium Cloud and Standard Cloud are Premium allows us to choose when we want to upgrade and we are guaranteed not to share a virtual server. Feelings about moving to Standard (no price increase we think but will not know until May 2020).  The new UNC-SO template contract is in process of being updated and will be available some time in May 2020 to purchase from (our current purchase is good thru Oct 2020) In May Jamf Connect will available for $3.35 per seat with 25 seat min and can be purchased independently of Jamf Pro.  We believe that Jamf Protect will also be available but Edu/contract pricing has not been set and we are waiting  for more technical details about how Jamf Protect would be setup with Sites. Join the WebEx already mentioned for more information.
Discussion

Legacy Same Site Cookie Behavior Enabled and Friends – 15 min

As of Chrome version 80 and future versions of other browsers the behavior of cookies will change in such a way that some we sites, including ordering from NCSU Marketplace, will break.  A good explanation is at 

https://web.dev/samesite-cookies-explained/

For Chrome a macOS configuration profile that manages the Enterprise Policy List can turn off this behavior or restrict it to certain sites.

See: https://cloud.google.com/docs/chrome-enterprise/policies/?policy=LegacySameSiteCookieBehaviorEnabled

I filed and received a GitHub enhancement for the Chrome template in Profile Creator.app that allows GUI creation of these settings.  These are a) the global Enable legacy SameSite cookie behavior which “Allows you to revert all cookies to legacy SameSite behavior.” and b) the more restrictive Enable legacy SameSite cookie behavior for list of domains which lets “Cookies set for domains matching these patterns will revert to legacy SameSite behavior. For cookies on domains not covered by the patterns specified here, or for all cookies if this policy is not set, the global default value will be used either from the LegacySameSiteCookieBehaviorEnabled policy, if it is set, or the user’s personal configuration otherwise.” I have done only limited testing but it looks like setting “Enable legacy SameSite cookie behavior for list of domains” to [*.].ncsu.edu should fix the Market Place issue without opening up the browser to cross site attacks.  If anyone sees different please post. The SysNew post at sysnews.ncsu.edu/news/5e399653 indicates FireFox as a replacement.  However, this should be regarded as a temporary fix since Firefox and basically all browsers have announced intension to enforce the same behavior.  NOTE: for Safari version 12(macOS 10.14.x) and Mobile Safari on iOS 12 there is a separate bug where WebKit does not correctly handle   see bugs.webkit.org/show_bug.cgi?id=196375 This issue is fixed in Safari 13/iOS13.
Discussion

Bulk discounts after the CPI Bulk Buy is gone – 10 min

There has been some discussion about bulk purchase discounts from Apple now that the quarterly “CPI” bulk buys are gone.  Here is the response I got from our Apple Sales Rep Paul Petrogeorge:

“Anyone at the university can contact myself or Christine Young (who has taken over for Mike Garcia) to request a discount on a purchase over 10 computers. There is no longer a window or range of dates that folks need to place their orders in, offering greater flexibility. Discounts are applied on a case by case basis. If there are orders that exceed 100 Macs those can also be reviewed for further discounts. I do see referenced below 8-10% discounts. These are historical numbers that have gone away many years ago as pricing has changed across the product lines.

Discussion

Q&A – 15 min

You ask we try to answer

Next meeting:

MacTech – Tue. Mar 10, 2020 in Room B16-B Hillsborough from 2:30-4:30 pm.

MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec

MacTech dos not meet in July.

Meetings usually held in B16-B Hillsborough Bld.

Please mark your calendar.