MacTech 08112020

MacTech Groups Agenda
Tuesday, Aug 11, 2020
2:30 to 4:30 pm 

Announcements – 5 min 

OIT only supports macOS 10.14.6 or newer
Status page for services see
OIT Macintosh Support Web Site for updates.
Slack group #macintosh
Apple Sales: Paul & Sys Eng: Dave
macOS versions that shipped with Intel Hardware:
Vintage and Obsolete Apple Products:
Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.
Antivirus for university owned devices –
Unity Macintosh MultiUser Workflow uses NoLoAD configuration with local home directory at /Users/$uid$
OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.
Please remember to verify prices at with NC State Marketplace
Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at Must login to GSX monthly!!
JAMF Pro Enterprise service, and for details
JNUC 2020 is virtual and free –
UNC CAUSE 2020 virtual – October 6-8 , 13-15, and 20-22 –


Training – 5 min (any course available via Meet/Zoom upon request) 

OIT-iOS Mobile Device Security  – TBA 

OIT-Managing Apple Devices with Jamf Pro – Request – 

OIT-Jamf Pro Best Practices for Packagers – Request – 

OIT-Advanced Apple Device  Management with Jamf Pro – Request 

CrashPlan for Sub-Org Administrators – Request – 

Local Based Commercial Training – 

JAMF Pro Training – 

Service Updates – 30 min 

Configuration Management  – Jamf Pro production is 10.22.1 Jamf Pro 10.23.0 in test on Jamf Pro 10.24b1 is the latest beta.  

Jamf Pro is the only approved Configuration Management system for macOS, iOS/iPadOS, and tvOS.  See 

The USWCA Team will turn on automatic installation of Self Aug 12, 2020 about 0800.  If you are currently delivering Self to iPad/iPhone/iTouch devices you will need to remove the AppStore/VPP configuration to avoid delivering the app twice.

Patch Definition Management – Kinobi Standard no change

Backup for Endpoints – The vendor has renamed CrashPlan to Code42.
Code42  production service is at version 8.2.2. Automatic update from Cloud for server and clients.  Use the NCSU-Campus-Install_Code42-822.pkg for new installs which should autoupdate (7.2 for 10.12 or less will not update to 8.x  but will continue to work). The NCSU-Campus-Install Code42CrashPlan License and Config.pkg is still required in the policy as before.  The 7.x clients are compatible with 8.x server.

Internet Recovery – No change.

Software Packaging – No change.  Will be moving the Autopkg server to a new location (DC 1 closing) sometime June 2020.  No impact is expected.

AntiMalware – DetectX Swift is still available and should be installed see   Still no meeting of the OIT AV Steering teams scheduled.  

Sensitive Data Discovery – NCSU-Campus-Spirion10800.pkg waiting for approval for 11.4.

Apple School Manager – No changes or updates. 

AppleCare for Enterprise – Still on hold pending Apple being able to add to MarketPlace. 

Endpoint Protection Standard – Phase 2 deadline-Dec 31, 2020.  Several updates have been added to the  Jamf Pro Cheat Sheet at:  


Automated device enrollment in Eduroam Available – 10 min 

The project for use of Eduroam with automated device enrollment is complete and the service is in production.  See  to configure.  The use of device certificates to access Eduroam at other institutions when traveling has been confirmed working.  Discussion

Move to Duo MFA for Jamf Pro login on Sep 15, 2020 – 15 min 

In order to better secure our approved Apple configuration management system OIT will begin requiring Duo MFA for Jamf Pro beginning Sep 15, 2020. In preparation for the Apple School Manager federation with Azure we are working on, the username format will change to on the same date. NOTE: This is not Single Sign On (SSO) as Jamf does not allow SSO on a per Site basis.  This will secure Jamf Pro from a known issue where a stolen account could enroll in our configuration management process without permissions. See  We have taken all the other steps needed to secure the CMS from the other attacks known.  The impact of this is that clients using Self Service Login,  the Over the Air Enrollment url (, and Jamf Site administrators using the web console ( will be prompted for Duo MFA after logging in with

There are 2 additional impacts with this change:

  1. Just clients logging in will not see a DUO dialog during the login process but will be prompted for DUO MFA on their registered device. This is similar to the way or VPN client works.
  2. Web Console users only including Site admins will have to respond 2 times to a DUO prompt.  This additional burden is due to an known issue with Jamf Pro where it logs in 2 times once to verify the user and the second time to lookup authorization groups for the user.  Users of Self Service login and OTA enrollment will only be prompted 1 time.

Apple Silicon and other WWDC Enterprise Announcements – 20 min
OIT has tested several of the current configuration profiles for EPS delivered from Jamf Pro with macOS 11 Big Sur Beta and found them working. Jamf Pro 10.24 should have full support.  We were not able to get developer pre-release Apple Silicon hardware but will request testing units as soon as production models are available (rumor of  MacBook Air in Dec?).  Of great concern is vendor lag as Apple strictly enforces move from kernel extensions to system extensions.  We have several products including Cisco VPN, Spirion, OpenAFS, and all antimalware(SCEP for mac, Malware Bytes which require kernel extensions (Detect X does not require kernel extensions or system extensions).  In general most 64 bit software is reported to run just fine on Apple Silicon due to Rosetta 2. 

Q&A – 15 min
You ask we try to answer 

Next meeting: 

MacTech – NO JULY MEETING Tue. Sep 8, 2020  Virtual via Google Meet.
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacTech does not meet in July.
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.