#325  

No summer break for Mac Admins…

So, I took a summer break last week, but it sure seems like hardly anyone else in the Apple and wider tech industry did.

Apple reported their quarterly results (reactions, shipped not just one, but two updates (macOS 14.6 and 14.6.1, iOS 17.6 and 17.6.1, etc.) and not just one, but two betas for the Fall releases (a first beta for iOS 18.1 and macOS 15.1 with Apple Intelligence (where available) and the fifth beta for for the .0 releases). The next episode of Apple/EU DMA saga was released (reactions), and Google Search was found to have abused their monopoly, which will have far reaching consequences for the entire tech industry.

There are some changes in macOS 15 that admins and users may not be so happy about. The process of installing apps and pkgs that are not signed or notarized is getting more complicated and apps that require screen recording privileges (which are necessary for screen sharing, or other functionality such as color pickers) will require frequent re-approvals. (reactions)

Please test these changes in your environments with your current betas and provide feedback where necessary! There is still a window to influence these decisions.

📰 News and Opinion

Existential thoughts about Apple’s reliance on Services revenue

In the most recent financial quarter, Apple generated $24.4 billion in revenue from Services. The Mac, iPad, and wearables categories together generated just $22.3 billion. Only the iPhone is more important to Apple’s top line than Services.

sixcolors.com

Updates to runtime protection in macOS Sequoia

In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized. They’ll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run.

apple.com

macOS Sequoia adds weekly permission prompt for screenshot and screen recording apps

Apple is rolling out a change that will require you to give explicit permission on a weekly basis to these types of apps, and every time you reboot your Mac.

9to5mac.com

Apple’s permissions features are out of balance

Here’s Apple’s problem: Apps that track your location, record the contents of your screen, or access your video camera or microphone have the potential to be deeply invasive and violate your privacy in innumerable ways. Since those features are also useful, Apple has built a system of permissions that Apps must request, and then users are prompted to be sure that an app should be granted that kind of access.

sixcolors.com

ICANN approves use of .internal domain for your network

The Internet Corporation for Assigned Names and Numbers (ICANN) has agreed to reserve the .internal top-level domain

Better late than never. Now that most orgs are moving their identity services to the cloud, and Active Directory integration is far less common, we have to worry less about .local domains. But it is finally good to have an official alternative.

theregister.com

Apple Intelligence: What Mac Admins Need to Know

Apple will likely give MDM solutions like Kandji the ability to restrict access to Apple Intelligence; we’re still waiting for full details on that.

kandji.io

⚙️ Apple Updates

macOS

iOS and iPadOS

Other Platforms

Guides

What has changed in macOS Sonoma 14.6

eclecticlight.co

Sonoma 14.6.1 Update! Everything You Need to Know!

mrmacintosh.com

🔐 Security and Privacy

macOS stealer posing as Loom may be linked to Crazy Evil group

we’ve recently uncovered a sophisticated and alarming threat spreading through Google-sponsored URLs. The threat, a stealer malware targeting macOS, poses as the popular application Loom, a widely used screen recording tool.

moonlock.com

Beware of Fake Apple Updates: Fake iOS Update Research

Jamf Threat Labs explores how bad actors use fake iOS updates to maintain persistence on compromised devices.

jamf.com

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

We wanted to take a close look at […] the stealer’s dropper, which is written in Swift and leverages APIs not seen in other recent stealers to capture and verify the user’s password.

kandji.io

🔨 Support and Tutorials

Empowering secure and seamless learning: Multifactor authentication without a smartphone

Traditional MFA processes are unrealistic for students, as institutions from primary schools to universities cannot expect every student to have a phone or device to deploy legacy MFA options.

microsoft.com

MacOS and Certificate Bases Authentication

we’ll cover the Intune configuration for deploying root and SCEP certificates on macOS. Additionally, we’ll discuss how these settings impact the user experience.

cloudflow.be

Building a Strong macOS Foundation: A Guide for MDM Administrators

This guide provides an in-depth look at the basics of macOS, from its file system and user management to its security features and troubleshooting tips.

ampproject.org

Blocking Apple Account login access in System Settings on macOS Sonoma

The scenario discussed was a computer lab, where the lab admin wanted to make sure that folks using the lab weren’t able to sign into their personal Apple Accounts on lab machines.

wordpress.com

How long does Apple support Mac firmware?

But for how long does [Apple] support the firmware in each model?

eclecticlight.co

Xsan Ventura & Sonoma upgrade failures and a workaround using profile “Magic”

We just discovered a way to get these updates and upgrades to work.

rskgroup.org

Apple Remote Desktop constant resizing

we run into a problem when connecting to a remove system via ARD where the window wildly resizes itself and eventually errors out

rskgroup.org

🤖 Scripting and Automation

Providing GlobalProtect portal address via macOS configuration profile on macOS Sonoma

with some work, it is possible to use a profile to provide the portal address information to the GlobalProtect VPN client. For more details, please see below the jump.

wordpress.com

How to issue Restart Mobile Device command en masse and on predefined schedule leveraging Jamf Pro API

Have you ever been tasked with restarting your mobile device fleet on a schedule? Do you set yourself task reminders and issue the command using the Jamf Pro admin console?

linkedin.com

Launching the macOS Tips app using URL links on macOS Sonoma

a custom URL scheme, which allows the Tips app to be opened by calling a particular URL

wordpress.com

BeyondTrust EPM: Flexibilities

Easily assign macOS computers to a BeyondTrust Endpoint Privilege Management High, Medium or Low Workstyle Flexibility via a Jamf Pro Script Parameter

Also see the follow-ups: BeyondTrust EPM: Inspector and [BeyondTrust EPM: Racing Stripes(https://snelson.us/2024/08/beyondtrust-epm-racing-stripes/)

snelson.us

Using the Jamf Pro agent to set computer name to match the Mac's hardware serial number on macOS Sonoma

In a number of environments, Mac admins have chosen to use the Mac’s hardware serial number when naming the computer’s hostname (otherwise referred to as the computer name.)

Naming devices is one of those things that gets more complex the longer you think about it. I have some concerns with using the full serial number as the computer name, which I elaborated in my MacADUK presentation earlier this year, with solutions to those concerns.

wordpress.com

Homebrew Version Extension Attribute

Yet another Jamf Pro Extension Attribute which returns the installed version of Homebrew

snelson.us

Understanding Jamf Pro API Roles And Clients

For Jamf Pro admins who currently automate the setting up of users and groups in new instances using the Jamf Pro API, I have demonstrated how we can instead manage the setting up of API Roles and Clients.

jamf.com

UPDATE: Using PowerShell with Jamf Pro API

with recent changes with Jamf Pro, the script that was posted in that article was no longer working to get a bearer token

techitout.xyz

♻️ Updates and Releases

Installomator Mate

Installomator Mate provides a graphical interface for searching available labels, configure settings and either copy the code to memory or export as a script to use in your workflows.

hennig.nu
MacAdmins.news

🎧 Listen

SIEM is not storage, with Jess Dodson

In the world of business cybersecurity, the powerful technology known as “Security Information and Event Management” is sometimes thwarted by the most unexpected actors—the very people setting it up.

malwarebytes.com

The inside story of Y2K panic and the greatest cooperative effort ever

Nancy James about her upcoming book, Year 2000 - The Inside Story of Y2K Panic and the Greatest Cooperative Effort Ever

9to5mac.com

Managing Macs at MSPs with Ross Matsuda

Ross Matsuda joins the Podcast from Ntiva, where he manages a ton of Macs in a ton of different systems and ways.

macadmins.org

Tech Upgrades, MFA Madness and More!

Sam talks about his recent trip to Las Vegas to see Dead & Co at The Sphere

commandcontrolpower.com

Positivity and Practical Tips: Navigating Tech Challenges with New Insights

In this episode, we discuss a range of topics from VPN configuration issues with the UniFi system, to the advanced security features of iCloud.

commandcontrolpower.com

MacStadium and Orka, with Chris Chapman

Chris Chapman joins us from MacStadium, […] to tell us all about Orka Desktop, help us understand VMs that can be defined in code, and how we can all have more performant and better testing environments!

macadmins.org

It works 93% of the time

Rogers Sands from Wyebot about their new (Digital Experience Monitoring) software solution.

9to5mac.com

All You Need To Know About JNUC 2024

Our co-hosts and guests discuss what is staying the same with the conference, what is changing, and what is brand new.

libsyn.com

🎈Just for Fun

Mac OS X Racho Cucamonga: Twilight

A year later, I wanted to return to Rancho and create an updated variation of the wallpaper.

basicappleguy.com

No spam, ever. We'll never share your email address and you can opt out at any time.