Sponsor

Keep your apps up to date and your Macs secure with Alectrona Patch
With Alectrona Patch you can install or upgrade over 500 Mac apps automatically to keep your users protected with the latest security updates. Alectrona Patch works with your existing MDM by simply deploying a package and a configuration profile for ongoing management. It’s cloud-native, so no server or package hosting is required, and the latest updates are delivered directly from the software vendor. You control which apps are installed or updated, so you deploy only what you need. Alectrona Patch is customizable to ensure your users can update without interruption, so you can keep your security team and your end users happy.
The Australian X World and /dev/world conferences have updated their pages. I have also updated my list of Mac Admin conferences.
📸 Focus
Surveying the Mood
Today is the submission deadline for the SixColors Apple in the Enterprise report. I have decided to not submit responses this year.
There was a brief moment where I felt motivated to spend some time on it. I opened my notes and comments from last year. I have been burnt often enough by unstable networks, sites, and browsers to enter and edit large amounts of text in a browser window. Also, it feels useful to refer to my own notes of the previous year.
I know and appreciate that Jason Snell and the other people involved put a lot of effort into gathering and processing the data. I have heard that "certain people at Apple" read the results diligently. Nevertheless, my brief enthusiasm for the questionnaire was quenched quickly.
As an example: my response for last year's survey to the first question "Enterprise Programs" was:
Apple is cautiously expanding the scope and functionality of Declarative Device Management. The progress is encouraging, but the limited scope does not yet address most of the challenges with current MDM protocol. Apple Business Essentials and the attached services of expanded iCloud and AppleCare are still limited to US only. MacAdmins can still not manage subscriptions and in-App-Purchases from the App Store. The direction the Apple is moving is encouraging, and the caution is definitely warranted, but it is still too early to be excited.
You can compare that to my response in the 2023 report card and my 2022 response. They all read very similar. The other questions show a similar progress, or lack thereof.
I do not actually blame Apple for moving slow on Enterprise features. Many professionals working in the Apple eco-sphere agree that moving slower and more deliberate in introducing changes would be beneficial for all Apple platforms. Even though there are definitely areas that Apple has neglected for years and no progress is in sight (App Store, VPP), there are areas that Apple is actively improving and building on.
If my replies don't change by much over years, then the problem is with the questions. The topics are vague and overlapping and the wall of responses shows that respondees all have widely different interpretations of each topic. Individuals answer to specific issues in different topics. The stated goal is to intentionally keep the topics vague, because their meaning will shift over the years. But this just muddles and waters down the responses and scores.
Fewer and more clearly defined topics would be an improvement. Instead, the survey has increased the number of questions.
In addition, since Jason Snell is not an expert in the field of using Apple devices in the Enterprise (and doesn't claim to be), he opens up the survey to the public. This results in fairly large number of responses (128 responses in 2024, compared to the "hand selected" group of 59 for Six Colors' general Apple Report Card, a huge, un-curated, wall of text for the responses and the scores rarely change by more than one or two decimals.
With the report card now in its fifth year, the data yields trends and I can see how they might be useful. But I believe there has to be a better way for "certain people at Apple" to gage the consensus among professionals deploying Apple devices on scale. There are so many channels of, well, "feedback" they want us to use, and this is the one that carries weight?
Like, they totally should read this news summary! (If you know someone at Apple or elsewhere, please tell them to subscribe...)
Or maybe I am just rationalizing not participating...
(Ok, now I feel bad... I'll go and at least fill out the scores...)
📰 News and Opinion
2025 Community and Conference Grant for MacAdmins Conference hosted at Penn State University
The Mac Admins Foundation is pleased to announce the second grant of 2025, supporting attendance at the MacAdmins Conference hosted at Penn State University.
Reflections on My MacAdmin Journey
Tony Young on Patch Notes and Progress
If you’re interested in performing a career audit of your own, I’ve made my personal template available on GitHub.
Jamf Heroes: Applications open through May 2
Now we’re ready to take it to the next level and relaunch the Heroes program with a refreshed vision
⚙️ Apple Updates
- macOS Sequoia 15.4.1, 24E263: What's new, Security, Enterprise, App Store, IPSW, PKG installer
- iOS 18.4.1, iPadOS 18.4.1, Security
- tvOS 18.4.1: About, Security
- visionOS 2.4.1: About, Security
- HomePod Software 18.4.1: About ("performance and stability improvements")
Apple has released macOS Sequoia 15.4.1 update
Apple has just released an urgent security update to macOS Sequoia to bring it to version 15.4.1. There are no matching security updates for Sonoma or Ventura.
Apple patches security vulnerabilities in iOS and iPadOS
What could have happened here is that the attacker was able to use that ample space to create a pointer that was able to bypass the Pointer Authentication and use this ability to point from a legitimate application to their malicious code.
🔐 Security and Privacy
PasivRobber: Chinese Spyware or Security Tool?
The threat capabilities we observed indicate a deep understanding of macOS. Although there is a version check for systems under 14.4.1, we believe this suite of applications is actively developed and is designed to capture data from macOS systems - more specifically from communication applications commonly used in China.
Making Compliance Work: How Security Benchmarks Affect Real People
If you manage Apple devices in a business or enterprise, you’ve probably heard the word “compliance” thrown around a lot. But what does it actually mean for the people using those devices?
🔨 Support and Tutorials
Disabling Notification Center notifications for the Tips app on macOS Sequoia
Rich Trouton on DerFlounder
Why this is important is in the context of blocking Notification Center notifications from the Tips app, as a colleague was asked to do for their workplace and then shared their story of what they needed to do.
Zen and the Art of Jamf SSO
Jamf is changing how all this works. Instead of an integration per app, they are replacing everything with one OIDC connection from your IdP to their Jamf Account page.
Accessing SSL certificate details in Safari 18.4 and later
Rich Trouton on DerFlounder
In Safari 18.4 and later, [the] process [to see the connection security details] has changed.
Jamf MSP Co-Management With Jamf Account
This post will go over the steps to properly set this up co-management to solve these issues and grant both the MSP and customer access to a single instance.
Mobile accounts and saving User Homes
Our clients are generally still tied to a directory service for permissions management across their Xsan volumes. They also take advantage of this to remote into beefy systems in the server room to do their editing on fibre connected Macs. On these Macs we make sure the users have a mobile account so that the permissions work as expected.
🤖 Scripting and Automation
Computer Compliance (0.0.17)
Provide your users a “heads-up display” of critical computer compliance information via swiftDialog
cloud-autopkg-runner
Scott Blake on GitHub
A Python library designed to level-up your AutoPkg automations with a focus on CI/CD performance.
manicmachine/jpass
Corey Oliphant on GitHub
JPass is a Swift-based CLI tool that makes managing Jamf Pro's LAPS fast, secure, and scriptable. Effortlessly retrieve, set, or rotate local admin passwords — all from your terminal.
User Initiated Scoping
Steve Dagley on Jamf Tech Thoughts
There will probably come a point in a Jamf Pro admin’s duties when they find themselves with the need to provide a mechanism for users to add or exclude their Mac to the scope of a Configuration Profile or Policy via Self Service.
♻️ Updates and Releases
Jamf Blueprints: Declarative Device Management for Jamf School
Jamf blueprints help schools reach toward the future of Apple device management with Declarative Device Management.
Compliance Benchmarks Now Available in Jamf Pro
This release transforms how your organization manage compliance across Apple devices, making compliance validation and enforcement simpler than ever before.
🎧 Listen
Turning Frameworks into Functionality
Selina Ali, Senior Product Manager at Addigy is back on the podcast today to talk about what it’s like to wrap your head around MDM, DDM, Application Management and other frameworks in order to deliver them as workflows in a device management solution.
Inside the World of IT: Daily Challenges and Unlikely Solutions
In this episode of Command Control Power, the hosts discuss several interesting and challenging situations they’ve encountered.