Sponsor
This issue of MacAdmins.news is exclusively brought to you by Mosyle, the only Apple Unified Platform.
Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work . Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple .
📸 Focus
The Apple Vision Pro is on sale today in the US, and there were plenty of reviews this week already as soon as the embargo dropped. My favorite is from Nilay Patel at The Verge, but there are many others worth watching if you are curious.
Last week's issue had a confluence on multiple major topics: 300th issue, new newsletter service, forty years of Macintosh, Apple's reaction to the DMA. Don't worry, I am not planning to rant quite as much in every issue.
Nevertheless, there have been interesting follow-up articles and discussions on the major topics since then. I was planning short summaries for all these topics, but then realized it is much easier to refer you to the amazing summaries of Michael Tsai:
📰 News and Opinion
The Next 40
"This isn’t a sustainable situation for the next 40 years. Without some low-level structural changes in visionOS, it will never thrive as a developer platform. Just as the iPad has not."
macOS Sonoma: Did It Meet Expectations?
“Looking back at my last post, before the initial release of macOS 14, I’m amazed by how many of the wishes came true, or will come true at least in a future update…”
⚙️ Apple Updates
- visionOS 1.0.2: Security
- Apple Vision Pro User Guide
AirPods 6A324 for AirPods Max: Firmware updates
Apple Platform Deployment: Welcome, Document revision history
- Apple Business Manager release notes
- Apple School Manager release notes
The January 2024 updates for Apple Business Manager and Apple School Manager adds documentation for federating and syncing users to an identity provider using SCIM, which was promised at WWDC. However, the table of contents or Document revision history for the Apple Business Manager and Apple School Manager Guides do not show these new additions (yet), so follow the links in the release notes.
🔐 Security and Privacy
CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS
"Interestingly, patches for the flaw were released on December 13, 2022, with the release of iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2, although it was only publicly disclosed more than a year later on January 9, 2024."
Backdoor Activator Malware Running Rife Through Torrents of macOS Apps
“macOS.Bkdr.Activator is concerning because its objective appears to be to infect macOS users on a massive scale, potentially for the purpose of creating a macOS botnet or delivering other malware at scale.”
macOS AUHelperService Full TCC Bypass
"Last year, I discovered a full user TCC bypass issue in the macOS Sonoma beta version. "
🔨 Support and Tutorials
Add a Mac Computer to Apple Business Manager or Apple School Manager Without Erasing it First
"Traditionally, to manually add a Mac to Apple Business Manager or Apple School Manager, you would need to erase all content and settings on the Mac to re-run Setup Assistant and utilize Apple Configurator for iPhone. This guide will break down the process to add the Mac to Apple Business Manager or Apple School Manager without the need to erase the Mac."
Follow-up: Upcoming change will enforce LAPS on Prestage admin accounts
As a response to Ryan Stasel's post on the changes to LAPS prestage, Jamf explains how they will roll out this feature.
Preserving the evidence: what to do when something serious goes wrong
"A week or two later, when we’re trying to explain what happened, there are no logs, no screenshots, only our fading memories. They make it difficult if not impossible to discover what actually went wrong."
🤖 Scripting and Automation
"Negative Trust" Jamf Pro Inventory Health Check
"Leverage a client-side LaunchDaemon, script and .plist trio to determine computer health, based on the Mac’s ability to execute an inventory update policy"
Setup Your Mac : Using enrollmentComplete
"Custom method of leveraging Jamf Pro’s enrollmentComplete trigger to run the Setup Your Mac script without the need of a Pre-Stage package."
Username and Password vs. Bearer Token and "API Roles and Client" for Jamf Pro API
“More importantly, it forces us to be more thoughtful about how we grant permissions.”
Using AutoPkg to build a Cisco Secure Client installer
“It’s possible to replicate this packaging workflow, including generating an installer choices XML file, using AutoPkg.”
♻️ Updates and Releases
📺 Watch
MacSysAdmin 2024 videos now available on YouTube
The session recordings from last year's MacSysAdmin in Gothenburg have been available on their website since, well, a few hours after each session was over. But now, you can also watch them on their very own YouTube channel. For example, you can watch my closing session on "MacAdmin Tools."
🎧 Listen
- Shyam Bhojwani on Workato – Mac Admins Podcast
- Triumphs, Twists, and Unexpected Joys – Command, Control, Power
- Apple Vision Pro at work? – Apple@Work, 9to5Mac
- Broadcom & VMWare Acquisition: What Migrating To Jamf Could Look Like & What Organizations Need to Consider – Jamf After Dark
- Bruce Schneier predicts a future of AI-powered mass spying – Lock and Code (post with transcript)
🎈Just for Fun
Starfield Wallpapers
"The inspiration behind these designs is that I wanted something that resembled a supernova, the ionized particles exploding out into space & emitting a brilliant pattern of light & radiation."