Jamf Pro 10.28.0 and Apple APNs changes

Standard

As forewarned by Apple, Richard Purves and recently one of my dataJAR colleagues Richard Mallion, Apple is making a change to APNs on March 31, 2021.

As detailed within the dataJAR blog post, this change is between MDM servers and Apple and not managed devices.

Since Jamf Pro 10.23.0, there has been a toggle to enable this change to HTTP/2 for APNs communication.

However with Jamf Pro 10.28.0 release earlier this week, Jamf Pro will default to HTTP/2 and if you’re self hosting Jamf Pro this release will flip over the APNs communication to use HTTP/2.

If you’re Jamf Cloud, then this change has already been made for you.

So, this short post is just to bring attention to this change for those that need it.

And if you’d like to know more, for more info see the aforementioned blog post on the dataJAR blog.

iMovie, and the iMovie_27_Sep provisioning profile

Standard

With the recent release of iMovie 10.2.3, an additional surprise item is installed, a provisioning profile.

See below for more information on this provisioning profile, and impact.

Continue reading

Apple Silicon, the softwareupdate binary and password prompts

Standard

With Apple recently releasing macOS 11.0.1, many Mac Admins over at the MacAdmins.org Slack started to see password prompts like the above.

Some digging has revealed that this password prompt is shown when the softwareupdate binary is called, and only on Apple Silicon devices.

Calling the softwareupdate binary is something which we Mac Admins have done for years, and it’s likely folks have workflows in place calling the softwareupdate binary which is then triggering this prompt.

So, what’s the fix? Short term, don’t call the softwareupdate binary on Apple Silicon devices and raise this issue with Apple. 

Longer term? Unsure. There is still documentation around Apple Silicon devices to be posted  by Apple, and until we have documentation we can but guess.

On Managed Software Updates for macOS

Standard

In starting to write a blog post on how to block and delay the latest macOS release, I realised that the subject of delaying updates via Managed Software Updates was probably worthy of its own post.

This its that post, see below the break for details.

Continue reading

Apple Business Manager and School Manager Terms Updates

Standard

Apple has issued updated terms to both Apple Business Manager and School Manager.

Not much has changed here from my prior post on these and the linked post before that on the mechanisms at play here and the impact (though there are no outstanding issues this time around).

The impact of not agreeing these terms are:

In Apple School Manager, Apple Business Manager, and the Device Enrollment Program, you can’t assign new devices to your MDM server, even if you have selected the option to automatically assign new purchases to a specific MDM server.

https://support.apple.com/en-gb/HT203063

However, Jamf Pro has a new alert is shown if you have an Apple School Manager integration with with Jamf Pro for Classroom data, and as such is worth noting when these new terms are released for Apple School Manager:

Lastly, it appears that accepting the new terms seems to take unto an hour to now sync through, instead of the near immediate change it has been prior.

Jamf Pro – No more DEP sync errors

Standard

With the release of Jamf Pro 10.20.0, Jamf has fixed [PI-007508]. This is the PI for DEP Sync failing due to TLS changes being needed for on-prem installs & one which I blogged here.

The fix from Jamf forces TLS1.2 for connections to Apple for DEP/Automated Device Enrollment.

So, if you made a change to your TLS settings as I mentioned in my previous blog post, you can remove those changes.

At dataJAR, we’ve been running all datajar.mobi deployments with no TLS settings enforced via our setenv.sh for a couple of weeks now & all is syncing as expected.

macOS Software Update custom catalog URL deprecation

Standard

At the recent London Apple Admins, I mentioned that with macOS Catalina setting a custom Software Update catalog URL is now noted as deprecated.

This took some folks by surprise, despite setting a custom Software Update catalog URL.

Below is more details on this deprecation.

Continue reading

FossHub & AutoPkg

Standard

A few years ago FossHub’s Terms of Service (read: TOS) did not allow for automated downloads.

This has changed recently, with details on how to now download from FossHub via AutoPkg below.

Continue reading