As forewarned in my prior post, here’s a post detailing methods to block tof macOS Big Sur.
In truth, the majority of this post will be rehashing items mentioned in previous post titled: Blocking macOS Catalina with Jamf Pro.
But there are a couple of amendments, with most not being Jamf Pro specific.
In starting to write a blog post on how to block and delay the latest macOS release, I realised that the subject of delaying updates via Managed Software Updates was probably worthy of its own post.
This its that post, see below the break for details.
James & I recently joined Bradley Chambers on the 9to5mac Apple @ Work podcast to talk about about trends in the enterprise relating to macOS and iOS updates that we see at dataJAR.
The podcast can be found here.
Apple has issued updated terms to both Apple Business Manager and School Manager.
Not much has changed here from my prior post on these and the linked post before that on the mechanisms at play here and the impact (though there are no outstanding issues this time around).
The impact of not agreeing these terms are:
In Apple School Manager, Apple Business Manager, and the Device Enrollment Program, you can’t assign new devices to your MDM server, even if you have selected the option to automatically assign new purchases to a specific MDM server.https://support.apple.com/en-gb/HT203063
However, Jamf Pro has a new alert is shown if you have an Apple School Manager integration with with Jamf Pro for Classroom data, and as such is worth noting when these new terms are released for Apple School Manager:
Lastly, it appears that accepting the new terms seems to take unto an hour to now sync through, instead of the near immediate change it has been prior.
Jamf has a wealth of documentation available for its various products, below is a little tip on how to access the most current documentation, with 99% less click bait.
During lockdown we’ve been busy at dataJAR.
Not only was our website given a complete overhaul, but we also released Notifier.
Notifier is a Swift app which can post macOS alert or banner notifications on 10.10+ clients, & is what’s posted the notifications in the gif at the top of this post.
This project was originally intended for use with jamJAR, & jamJAR will soon have it’s wiki updated detailing the usage with Notifier.
As forewarned in the above email sent to Apple Business Manager administrator accounts on June 2nd, Apple has started to roll out the updated the Terms for Apple Business Manager.
An Administrator account will be prompted to agree these updated Terms when next logging into Apple Business Manager, & until then your MDM will not sync any devices purchased after the Terms were updated.
If you have Jamf Pro, you’ll need to look for the below in you logs this time:
[ntInstanceSyncCommService] - DeviceEnrollmentProgramException[responseCode=403, responseBody='T_C_NOT_SIGNED', message='An error occurred during oauth token refresh']
EDIT: 1.5.1 released, removing the option to not post notifications for items with a category due to the category not always being written to the ManagedInstallReport.plist when installed. A PR to Munki will be needed to resolve, then this can be re-added.
Tonight brings an update to jamJAR. This update adds an option to not post notifications for items with a category & also adds support for the forthcoming dataJAR Notifier.app (to post banner & alert notifications as needed).
This is the last Python 2 release of jamJAR, the next release will utilise Munki’s shipping Python 3 & will also officially support Apple updates via Munki & the new workflows introduced Munki 5.