MacTech Groups Agenda
Tue, Dec 14, 2021
2:30 to 4:30 pm
Hillsborough B16-B  &
https://ncsu.zoom.us/j/98050685794?pwd=bU9aQUVqaW5ydU5JS0k1bzA5V0Jqdz09

Announcements – 5 min 

OIT only supports macOS 10.15.7 or newer after Dec 31, 2021
Status page for jamfcloud.com services see http://status.jamfsoftware.com
OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
Slack group ncstateit.slack.com #macintosh
Apple Sales: Paul Petrogeorge-paulpetro@apple.com & Sys Eng: Dave Andersen-andersen1@apple.com
macOS versions that shipped with Intel Hardware: support.apple.com/kb/HT1159
Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752
Apple Education Support Line 800-800-2775 use this number only. Always verify Applecare Coverage.
Antivirus for university owned devices – go.ncsu.edu/antivirus
Unity Macintosh MultiUser Workflow uses NoLoAD configuration with local home directory at /Users/$uid$
OIT supports only Apple branded Intel (intel64) and Apple Silicon(arm64) hardware for macOS and software. Only unmodified iOS/iPadOS/tvOS is supported.
Please remember to verify prices at www.apple.com/education/pricelists/ with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request an invitation by opening a help desk ticket at  help@ncsu.edu Must login to GSX monthly!!
JAMF Pro Enterprise service go.ncsu.edu/jamf,  go.ncsu.edu/jamfinfo and go.ncsu.edu/uwc for details
JAMF Pro Cheat Sheet at go.ncsu.edu/jamfcheat for details on common configuration management tasks

Training – 5 min

Virtual Quick Start Jamf Pro at NCSU course – 1 Hour – available by scheduling Everette at calendly.com/ncsuega

Hands On only:

OIT-Managing Apple Devices with Jamf Pro – Feb 24 – 1:30-4:30 pm Hillsborough B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro01-JPro01&deptName=OIT&instanceID=000007

OIT-Jamf Pro Best Practices for Packagers – Mar 15 – 1:30-4:30 pm Hillsborough B3 reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro03-JPro03&deptName=OIT&instanceID=000006 

OIT-Advanced Apple Device  Management with Jamf Pro – Apr 19 – 1:30-4:30 pm Hillsborough B3
reporter.ncsu.edu/link/instanceview?courseID=OIT-JPro02-JPro02&deptName=OIT&instanceID=000006 

CrashPlan for Sub-Org Administrators – Request –  reporter.ncsu.edu/link/courseview?courseID=OIT-CPlan1-CPlan1&deptName=OIT 

Local Based Commercial Training – training.computertree.com/course/ 

JAMF Pro Training – www.jamf.com/training/ 

Service Updates – 20 min 

Configuration Management  -Jamf Pro production is currently 10.33.0, test on nccloudtest is 10.34.0, and current beta is 10.35.0B1.  Date for the production update to 10.34.0 is Wed Dec 15, 2021. Note: All cloud deployments of Jamf Pro that are patched for Log4j still show as 10.34.0 including nc.jamfcloud.com and nccloudtest.jamfcloud.com.
Jamf Pro is the only approved Configuration Management system for macOS, iOS/iPadOS, and tvOS. 
See oit.ncsu.edu/it-security/eps-implementation/config-mgt-systems/
Discussion

Patch Definition Management –
No change.  Waiting for Jamf to release App Management.

Backup for Endpoints – The Code42  production service is at version 8.8.0.
Code42 has mitigated their cloud deployment for Log4j see details at https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents
Existing clients are automatically updated from the cloud server.  For NEW installs only the package in JAMF is “NCSU-Campus-Install Code42-871.pkg”(will be updated when 8.8.0 is available). The “NCSU-Campus-Install Code42CrashPlan License and Config.pkg” is required in the policy as before for new installs.  

Internet Recovery – https://support.apple.com/en-us/HT204904.
Also see: https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/
Apple Silicon devices running macOS are more like iPads now and have several recovery options including:
macOS Recovery
System Recovery – Will boot automatically if macOS Recovery is unavailable
macOS Big Sur USB Installer Drive – External boot for macOS Installers is enabled by default on ASi
Apple Configurator 2 REVIVE – reinstalls macOS Recovery retaining user data on the drive
Apple Configurator 2 RESTORE – reinstalls macOS Recovery, ERASES drive!! and reinstalls macOS

Software Packaging – no change

AntiMalware – No change.  DetectX Swift (intel) is still available and should be installed see oit.ncsu.edu/help-support/apple/jamf-pro/detectx-setup-in-jamf-pro/  
The Jamf Pro Extension Attribute “DetectX Issues” is being rewritten in zsh and should be available by Dec 20, 2021 since the python2 version will be disabled on Dec 15, 2021.

Apple School Manager – No change. REMINDER Make sure you *unassign* any devices you have sent to surplus.

Endpoint Protection Standard  – Phase 2 deadline- Was Dec 31, 2020.
See Required Jamf Pro Implementation of Endpoint Protection Standard at:  go.ncsu.edu/jamfeps  

— 

Adobe Quarterly Updates – 10 min
OIT is releasing the quarterly updates for Adobe products.  In Jamf Pro these are the installers with names that include 2022 like NCSU-Campus-Adobe_NNN_2022_mac-vvvvv.pkg.zip Where NNN is the product name and vvvvv is the version number of the product.  Also recall that _mac means for Apple Intel devices and _amac is for Apple Silicon devices. Most of the major products are already in Jamf and we are working on a few that had packaging issues.  All Apple installers should be available by close of business on Dec 17, 2021 in Jamf Pro.
Discussion

Required Jamf Pro  Implementation of Endpoint Protection Standard- OIT S&C  – 10 min
OIT S&C is requiring a baseline implementation of policies for the Endpoint Protection Standard.  Most Jamf Site Administrators are already meeting these standards.  See go.ncsu.edu/jamfeps
Discussion

macOS 12.1 and other updates – 15 min
Apple has released macOS 12.1 see summary at:

https://mrmacintosh.com/macos-monterey-12-1-21c52-is-live-whats-new/
and security details at:
https://support.apple.com/en-us/HT212978
Updates were also released for macOS 11- Big Sur 11.6.2 (20G313) and macOS 10.15.7 

Recommend that updates be made according to the Patch Standard.
Discussion

Apple configurator on iPhone – 10 min
Apple configurator on iPhone is to enroll macOS devices  not in ASM for ADE.  This will get macOS devices that were not bought from a vendor that automatically adds to ASM into ADE and they will show up in Jamf PreStage.  Device must be running macOS 12.x.  It should be possible to add back released macOS devices to ASM but I have not tested this. This App is available to download on iPhone/iPad. https://apps.apple.com/us/app/apple-configurator/id1588794674
Discussion

New FileVault features in macOS 12 on Apple Silicon- 20 min
Starting in macOS 12 on Apple Silicon it is now possible to use the personal recovery key without changing a user’s password.  When booting to FileVault login on Apple Silicon, hold down Options Shift  and press Return to get a prompt to enter the personal recovery key.  This will decrypt the volume and leave on at either the macOS loginwindow, NoLoAD login dialog, or Jamf Connect loginwindow. This would allow an account that does not exist but is allowed by NoLoAD or Jamf Connect setting (directory group, etc) as an admin if so configured. This should be the preferred configuration going forward since it is the most secure. See the Jamf Webinar “How to Manage FileVault” at  https://www.youtube.com/watch?v=5zQEQwoRoDA  for more details.  Also see Apple’s Enterprise Deployment Guide section on FileVault at
https://support.apple.com/guide/deployment/manage-filevault-mobile-device-management-dep0a2cb7686/1/web/1.0
Also note that Apple fixed the issue with rotating FileVault recovery keys silently in macOS 12.1.
Discussion.

Q&A – 15 min
You ask we try to answer 

Next meeting: 

MacTech – Tue. Jan 11, 2021  In person/Zoom hybrid
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.