Sponsor
This issue of MacAdmins.news is brought to you by SimpleMDM, a powerful Apple MDM.
SimpleMDM is the ultimate mobile device management solution for managing and securing Apple devices at scale. With powerful configuration options and advanced features, including a hosted Munki integration and developer API, IT teams can achieve deep customization and workflow automation for real-time fleet visibility. Start your free 30-day trial today to unleash the full potential of your Apple devices.
Holiday Break!
As mentioned before, this is the last issue of the MacAdmins.news summary of 2024.
This year I have published 45 issues. Since traveling is a thing again, issues were posted from at least seven different countries — some of them from trains, airports, hotels, coffee places and on two quite memorable occasions, while sitting on a beach. (Separate occasions and different beaches.) There was only one issue that slipped to Saturday because of technical issues. Though because time zones are a thing, some issues were published at unusual times.
The number of subscribers has grown by an amazing 25%. I know that attention is a very limited resource these days and I am honored that you spend some of it here.
Please keep recommending this news summary, there will be people you know for whom it will also be valuable.
Many thanks also to all the sponsors, for supporting this endeavor!
After the holiday break, the next issue will be published on January 10, 2025.
I hope all of you will get some well-deserved break, as well. Happy Holidays and all the best for 2025!
📰 News and Opinion
A New Home for ProfileManifests
We are thrilled to share news with the Apple device management community today regarding the ProfileManifests open-source project.
⚙️ Apple Updates
Using the Applications & Custom Settings payload in Jamf Pro to manage the ChatGPT integration with Apple Intelligence
Now that macOS 15.2 and iOS 18.2 are out the door, organizations may be finding themselves in a position to limit the use of ChatGPT in conjunction with Apple Intelligence. Arguably the simplest way to achieve this with Jamf Pro is to use the Applications & Custom Settings payload for macOS configuration profiles and add the organizationally-defined controls that way.
- Apple Platform Security: Welcome, Revision history
🔐 Security and Privacy
Restoring Reflective Code Loading on macOS
Patrick Wardle on Objective-See's Blog:
we’ll first revisit traditional methods for reflective code loading on macOS and examine specific examples of malware that have leveraged, and in some cases continue to leverage, these now-obsolete and ineffective approaches.
🔨 Support and Tutorials
Jamf Pro 11.12 API testing page now accepts both password authentication and API client authentication
Rich Trouton on DerFlounder
Copy as Pathname in Sequoia
In macOS Sequoia, there is a change…
This first post from Anthony missed getting into last week's news summary by a few hours, so this week you get this and the follow-up:
Paste Escaped Text
Apparently there is more to know about inserting paths and existing Terminal features. So a follow-up to my blog post on Copy as Pathname is in order.
Major macOS deferrals may rollback security fixes
Organizations should immediately reduce their major deferral to match their minor deferral.
This is a weird side-effect when the major deferral limit expires. Since you probably want the users to move directly to 15.2, rather than have to perform two updates in succession, you need to adjust the number in the major deferral setting when it expires.
Management profile settings and OS upgrade implications
Rich Trouton on DerFlounder
If it’s a brand new setting where the introduction is on macOS NewVersion, you’ll need to wait until the Mac is running macOS NewVersion before deploying a profile to manage that setting.
This behavior is unfortunately typical for configuration profiles for Apple system services. So this description and warning is warranted.
With many other settings and third party apps, it generally works well to have the configuration profile installed before the app or update is installed. As always, test, test, test...
BBEdit for Log Analysis
But there is a specific use that BBEdit can’t be topped for on the Mac – log file analysis. It’s like BBEdit was made specifically for it.
🤖 Scripting and Automation
Building Zoom Rooms Mac minis with Jamf Setup Manager
Automating the provisioning of a Mac mini for use with Zoom Rooms is our most complex process as it has a number of limitations.
Automate Jamf Management Framework Redeployment with an Azure Runbook
Rob J Schroeder on Jamf Tech Thoughts
Previously, I have used Microsoft’s Power Automate platform to receive webhooks from Jamf Pro, have the webhook data parsed, and then use the Jamf Pro API to perform some sort of action on the devices included in the webhook data. While thinking about how I can make this process more robust, I wanted to begin moving my Power Automate workflows over to Azure Runbooks.
♻️ Updates and Releases
- Support 2.6.1
- swiftDialog 2.5.5
- macOS Security Compliance Project
🎧 Listen
Jamf Apple Device Management. Mac iPad iPhone TV Apple MDM
Matt Benyo (Manager, AI Initiatives) and David Pryce-Compson (Director, Data Sciences) discuss Jamf’s AI program and strategy.
Caught in the Cloud: Backup Battles and Cyber Scams
the hosts delve into various technical and customer service issues they have encountered recently.
Mac enterprise growth continues to surge
Weldon Dodd about Kandji's new survey about how IT professionals are thinking about Apple in the enterprise.
Michael & Mark on Entra ID
Entra ID is the current inheritor of the mantle of Active Directory. No, don’t be afraid, we’re not going to do any binding on this show. We’re going to give you the brass tacks for what Microsoft is using Entra for, how Mac Admins should think about it, and how it fits into the modern world for Mac Admins.