The podcast can be found here.
Apple has issued updated terms to both Apple Business Manager and School Manager.
The impact of not agreeing these terms are:
In Apple School Manager, Apple Business Manager, and the Device Enrollment Program, you can’t assign new devices to your MDM server, even if you have selected the option to automatically assign new purchases to a specific MDM server.https://support.apple.com/en-gb/HT203063
However, Jamf Pro has a new alert is shown if you have an Apple School Manager integration with with Jamf Pro for Classroom data, and as such is worth noting when these new terms are released for Apple School Manager:
Lastly, it appears that accepting the new terms seems to take unto an hour to now sync through, instead of the near immediate change it has been prior.
Jamf has a wealth of documentation available for its various products, below is a little tip on how to access the most current documentation, with 99% less click bait.
During lockdown we’ve been busy at dataJAR.
Not only was our website given a complete overhaul, but we also released Notifier.
Notifier is a Swift app which can post macOS alert or banner notifications on 10.10+ clients, & is what’s posted the notifications in the gif at the top of this post.
As forewarned in the above email sent to Apple Business Manager administrator accounts on June 2nd, Apple has started to roll out the updated the Terms for Apple Business Manager.
An Administrator account will be prompted to agree these updated Terms when next logging into Apple Business Manager, & until then your MDM will not sync any devices purchased after the Terms were updated.
If you have Jamf Pro, you’ll need to look for the below in you logs this time:
[ntInstanceSyncCommService] - DeviceEnrollmentProgramException[responseCode=403, responseBody='T_C_NOT_SIGNED', message='An error occurred during oauth token refresh']
EDIT: 1.5.1 released, removing the option to not post notifications for items with a category due to the category not always being written to the ManagedInstallReport.plist when installed. A PR to Munki will be needed to resolve, then this can be re-added.
Tonight brings an update to jamJAR. This update adds an option to not post notifications for items with a category & also adds support for the forthcoming dataJAR Notifier.app (to post banner & alert notifications as needed).
Below is some more details, as well as a proposed fix for at least the short term.
However, with everything setup, we were presented with the message “Error <kCFErrorDomainCFNetwork:303>” whenever trying to load any of the defined PreStage Panes.
I reached out to Jamf Support, but they hadn’t see this issue & searching the macadmins Slack didn’t bring up anything either.
Long story short (& in an attempt to not create my own DenverCoder9 moment), we discovered the issue to be down to the environments ingress controller being configured with HTTP/2 support by default.
As soon as we disabled HTTP/2, everything worked as expected.
Hope this helps someone else too.
This update strips /?failover from a JPS URL when writing to the com.jamfsoftware.jss.plist for the Jamf Applications, but keeps /?failover when opening Safari.
1.1 is available now, & Jamf Switcher should prompt for the update when launched or can be installed via the “Check for updates” menu from within Jamf Switcher itself or manually downloaded from here.
The fix from Jamf forces TLS1.2 for connections to Apple for DEP/Automated Device Enrollment.
So, if you made a change to your TLS settings as I mentioned in my previous blog post, you can remove those changes.