Update week! As expected, macOS 14.3, iOS 17.3 and siblings this week were released this week.
This is the first issue of MacAdmins.news using the new service to all subscribers. Thanks to all who helped with testing! Hope you enjoy the new look and feel.
Separating and migrating of the weekly news summary from the Scripting OS X blog took longer than I had originally planned, but I am quite happy with the result. I will be exploring some new features over the next few weeks and see what I and you, the readers, like. Feedback is always welcome.
This is also the 300th email issue of the news summary! It makes me terribly proud and happy to see how it has grown from a careful experiment nearly six years ago to more than 1700 subscribers now! Thank you all who read this every week.
However, most of the credit has to go to all Mac admins who put in the time and effort to write and share their experiences and work with the community. Without all of their work, this community would not be the same and this news summary would not exist. Thank you!
On to 400!
📸 Focus
40 years of Macintosh
Apple introduced the Macintosh forty years ago this week. Much has been written about that this week.
The first Mac that I worked on was a IIci at a friend's house. We were avid D&D players and used their Mac to design our own character sheets and print them on a LaserWriter. (another anniversary: Dungeons and Dragons was published fifty years ago today!) Obviously, I was a big tech fan already, and the Macintosh hooked me in a special way. Teenage-me would not have been surprised, that my career would orbit around the Mac and Apple.
The Mac platform has persisted and adapted over the years, through several major hardware and software changes, Apple's near bankruptcy and resurgence, the rise of the internet and mobile computing. Along the way, the Mac has "inspired" much of the other computing platforms (and, to be fair, learned a lot from them, as well).
The distinctively friendly all-in-one design of the original Macintosh lives on in the iMac. The Mac platform lives on in all the MacBooks, Mac minis, Studios and Pro. Its principles, ideas and values have spread to the iPhones, iPads, and all the other technology it spawned. The iPhone platform with iOS, has far outgrown the Mac. Even so, there are more Macs being sold and used right now, than ever before.
After four decades, the Mac is still going strong and serves many vital roles. I am very much looking forward to experiencing how the Mac continues to develop and adapt over the next decades...
📰 News and Opinion
In last week's issue, I talked (some might say ranted) about Apple's App Store strategies. Last week, we still didn't know how Apple would meet the requirements of the European Digital Markets Act (DMA). This week, we got beta versions of iOS 17.4 and siblings (macOS 14.4 beta is still outstanding as I write this) and Apple has published their solutions.
There are a multitude of changes, that many others have already written about. The new rules are limited to iOS and the 27 countries of the EU, but will have a big impact on developers publishing apps. Most importantly, Apple will allow third parties in the EU to create marketplaces which can distribute apps.
There is a lot to unpack and process here. Apple will require all apps that are distributed through an alternate marketplace to undergo notarization where they are reviewed and checked for obvious bugs and malware. While this sounds like notarization on macOS, the documented requirements are much more stringent. Even with the new rules, there is no easy way for non-developers to sideload apps unless you are going through a marketplace.
In their documentation Apple also includes some fear mongering about how the new systems cannot possibly as secure as the App Stores. This would be more believable if there were better curation of fairly obvious scams on the App Store. Also, macOS has shown that requiring signing and notarization does provide good security.
There are a quite few open questions for Apple device management here, like "can we block alternative marketplaces on managed iPhones with MDM?" We don't know specifics yet, and it is still early in the beta phase, but I would be surprised if we didn't get this (eventually). But further than that, one wonders how this might be used in a constructive way to supplement an MDM solution with apps from an alternative marketplace. Will there be capabilities and entire categories of tools, that weren't possible before?
The new rules and features are quite detailed and complex. Apple has already been designing and working on this for quite some time. While Apple's FUD in the documentation still seems a bit spiteful, the new EU rules still quite the contrast to the implementation of external payment options in the US that sparked my commentary last week.
There are now two major regions with different App Store rules from the rest of the world.
Apple is A/B testing the future of the App Store...
Apple announces changes to iOS, Safari, and the App Store in the European Union
"The changes include more than 600 new APIs, expanded app analytics, functionality for alternative browser engines, and options for processing app payments and distributing iOS apps."
Update on apps distributed in the European Union (Apple Developer)
"These changes create new options for developers, including how they can distribute apps on iOS, process payments, use web browser engines in iOS apps, request interoperability with iPhone and iOS hardware and software features, access data and analytics about their apps, and transfer App Store user data."
⚙️ Apple Updates
macOS
- macOS Sonoma 14.3 (23D56): What's new, Developer Release Notes, Security, Enterprise
- macOS Ventura 13.6.4 (22G513): Enterprise, Security
- macOS Monterey 12.7.3 (21H1015): Security
- Safari 17.3: WebKit Features, Developer Release Notes, Security
iOS and iPadOS
- iOS 17.3: About, Enterprise
- iPadOS 17.3: About, Enterprise
- iOS and iPadOS 17.3: Security
- iOS and iPadOS 16.7.5: Security
- iOS and iPadOS 15.8.1: Security
Other Platforms
- watchOS 10.3: About, Developer Release Notes, Security
- tvOS 17.3: About, Developer Release Notes, Security
- HomePod Software 17.3: About
Latest Apple updates fixes Xsan mounting issue
"The latest updates from Apple have fixed the Xsan mounting regression from the .2 versions."
🔨 Support and Tutorials
DDM Software Update Logs
"Trouble is, that some unprepared users may complain about what they perceive to be forced or unprompted restarts. To stay ahead of this, let's take a dive to see what we could learn about these forced restarts and if they truly were unprompted."
Cisco Secure Client in January 2024
Cisco Secure Client continues to evolve. Here’s a survey of important changes since 5.0.02075 that affect Mac Admins.
Building custom Cisco Secure Client installers
"With each release of Cisco Secure Client (and AnyConnect before that), there has been a cat and mouse game process of discovering the new components and how to exclude them from one’s custom install. We not only need to customize the installation but need to do it reliably and repeatedly as additional default components are added."
Avoiding unintended upgrades to macOS
"If you rely on a product that isn’t yet compatible with Sonoma, then inadvertently upgrading to macOS 14 would be disastrous, leaving you with the lengthy task of wiping your Mac and installing a version of macOS that you can run."
How and Why You Should Audit Your Organization's Tech Stack
"Auditing or evaluating your tech stack means asking many questions. The most essential: What software and services is your organization using?"
Jamf Pro 11.2.0 computer and mobile device enrollment permission changes
"As part of Jamf Pro 11.2.0 and later, Jamf has made a permissions change which affects enrollment."
Jamf Pro 11.2, Management Account, End User Account Creation and Secure Token
"It has been a while since I’ve been talking about FileVault and Secure token. However, with the release of JPRO 11.2 I to bring that topic back to the table and see where we are on things."
♻️ Updates and Releases
What's new in App Installers in Jamf Pro 11.2
"There are environments where additional validation and control over update deployment for some or all software titles is required."
Baseline v2.0 Feature Update
"Baseline has always been capable of more than just initial workstation setup, and these new features aim to make those uses even stronger."
🎧 Listen
Andrew Robinson On Evaluating New Tech
"New tech comes and goes faster than ever. In today’s episode we’ll look at evaluating when it’s time to come to users with plans and/or products to help them either embrace or hold off on it, with Andrew Robinson."
Security is a people problem
Mariia Hryshchenko from Moonlock about the state of cybersecurity for macOS and iOS admins.