Sponsor
Keep your apps up to date and your Macs secure with Alectrona Patch
IT teams and MSPs love Alectrona Patch because it takes patch management off their plate entirely. With proactive compliance and automation built in, teams can secure their Mac fleets without manual effort or user disruption. Stop chasing vulnerabilities—fix them automatically with Alectrona Patch. Install and update over 650 Mac applications automatically to keep your users protected with the latest security updates. Learn more and set up a free trial at alectrona.com/patch.
Happy Holidays!
The holidays are approaching, or looming, depending on your point of view. You can tell that many are trying to get things finished and published. Including Apple, who released the 26.2 updates last Friday, after my last issue was posted.
Many other releases and posts and some end-of-year thoughts this week.
MacAdmins.news will also be on holiday/winter break. This is the last issue for this year. The first issue of 2026 will be published January 9.
I wish you all happy holidays, however you celebrate, and that you get to enjoy some quiet time! Until next year!
📰 News and Opinion
Apple in the enterprise — industry execs on what works, what they want in '26
What’s driven Apple’s progress this year — and what should we expect from the company in the year ahead?
MAF Expands Charles Edge Speaker Grant to MacAD.UK 2026
For the first time, the grant will support travel overseas for the MacAD.UK conference in Brighton, England!
AI is wiping out entry-level tech jobs, leaving graduates stranded
Over the last three years, the number of fresh graduates hired by big tech companies globally has declined by more than 50%
Why Finishing the Year Strong Matters
MusicCityMac on Jamf Tech Thoughts:
This quieter stretch creates one of the best opportunities to build new skills, strengthen existing ones, and earn certifications that keep you growing.
Compromised Apple Gift Card Saga Ends Well, but Risks Remain
Although everyone must make their own risk decisions, I recommend avoiding Apple gift cards, particularly those that can only be redeemed into an Apple Account balance for digital purchases.
From MCX to DDM: The End of User-Level MDM
If you’ve ever wondered why user-level MDM for macOS feels clunky—or worse, completely irrelevant—in today’s Mac management world, the answer lies deep in the history of how macOS used to handle users, groups, and computers.
Stop Working Before Everything Is Finished
Not because unfinished work is bad, but because how you leave work unfinished matters.
Your 2026 Mac Admin Open Source Journey: From Beneficiary to Jedi-Ninja Maintainer
A five-question self-assessment to help you plan your 2026 Mac Admin open source contributions
⚙️ Apple Updates
Apple Platform Updates: 26.2
Last week I was wondering when the 26.2 updates would arrive and Apple released just a few hours after I published the issue. This is an unusual Friday night (for those east of the Atlantic) release which sent some fellow Mac Admins into late night or week-end testing procedures to make sure the release was ok to go on Monday, especially since the 26.0 90-day deferral ended on Sunday. Apple had gotten itself and the admin community into a corner by pushing against that limit. Releasing on Monday would have had other downsides.
As usual, I gathered the links to the various release documents on my blog.
What has changed in macOS Tahoe 26.2?
The update from macOS Tahoe 26.1 to 26.2 is fairly large, but appears to be largely routine maintenance, together with some important security updates.
PPPC device management settings visible in System Settings on macOS Tahoe 26.2.0
Rich Trouton:
up until macOS Tahoe 26.2, there was no way to see in the Privacy & Security section of System Settings which applications had which permissions granted via PPPC management profiles.
Reading DDM-managed Apple Software Update settings from the command line on macOS Tahoe 26.2.0
Rich Trouton
One of the challenges with reporting on DDM settings is that as of macOS Tahoe 26.2.0 there aren’t currently command line tools available which can report back on settings which are managed via DDM declarations.
Apple is forcing iPhones to update to iOS 26 to patch security holes
Numerous iPhone users have reported that if your iPhone is capable of running iOS 26 but you’re still back on iOS 18, you won’t be offered iOS 18.7.3. Instead, the only update option you’ll be given is iOS 26.2.
🔐 Security and Privacy
How to recognise a genuine password request
One of the primary aims of most malware is to trick you into giving it your password.
DirtyDict: Escaping the macOS Sandbox and wrecking havoc
Imagine a vulnerability on macOS that would allow a local attacker to read and write to any file on disk, even from within the App Sandbox.
🔨 Support and Tutorials
Apple MDM to DDM: Rethinking macOS Updates
Apple is pushing Mac admins toward a very different future for software updates, and the shift sits squarely at the intersection of Apple MDM and DDM. The tools and workflows that used to work are being deprecated, and organizations that stay on old patterns will find themselves scrambling when those levers finally disappear.
How to DFU/IPSW Restore an iOS/iPadOS Devices to Specific OS
how to use Device Firmware Updates (DFU) and IPSW restores to put any compatible iOS or iPadOS device on a specific, signed OS build so you can accelerate testing, reduce risk, and ship with confidence.
Standard users can upgrade macOS
It’s a simple question: which users can upgrade macOS?
This is more commonly known among Mac Admins, but it does bear repeating.
Upgrading from Munki 6 to Munki 7—don't be scared!
while there are things to consider and steps you should take when upgrading, the upgrade itself is fairly seamless.
The Day I Unmanaged a Mac Into a Corner
That single choice turned a routine offboarding into a weird, escalating puzzle box.
🤖 Scripting and Automation
Community Projects: Part 1
It worked beautifully—but only if you had Jamf Pro. That’s where the community stepped in.
Community Projects: Part 2
What started as a straightforward 515-line bash script in October 2022 has evolved into a, uh, slightly more complicated, 1,125-line “enterprise-grade” encryption enforcement system.
Updating management status in Jamf Pro computer inventory records using the Jamf Pro API
Rich Trouton:
I decided to not only update my existing script for setting the management status in Jamf Pro computer inventory records to be managed but also write a second script for setting the management status to be unmanaged.
M.A.C.E. (Mac Advanced Compliance Editor)
M.A.C.E. (Mac Advanced Compliance Editor) is a modern macOS app to simplify compliance baseline creation, auditing, and management using NIST's mSCP 2.0
detaartenfabriek
A local-first web interface for managing Tart VMs on Apple Silicon macOS.motionbug/detaartenfabriek: A local-first web interface for managing Tart VMs on Apple Silicon macOS.
icongrabber
A fast, lightweight command-line tool to extract high-quality icons from macOS applications
♻️ Updates and Releases
🎧 Listen
Device lifecycle management and buyback with Rippling
Rippling IT, who are working on a novel solution for full lifecycle management related to the devices that their platform enables.
AI workflows and the Mac Mini
Eric Bickford from MacWeb joins the show to talk about their new US-East rollout, Apple's hardware for AI workloads, and much more.
Pig butchering is the next “humanitarian global crisis”
Erin West, founder of Operation Shamrock and former Deputy District Attorney of Santa Clara County, about pig butchering scams, the failures of major platforms like Meta to stop them, and why this global crisis represents far more than just a few lost dollars.
🎈Just for Fun
1.5 TB of VRAM on Mac Studio - RDMA over Thunderbolt 5
Not really Mac Admin related yet, but imagine we will have to help setup and manage quadruple Mac Studio clusters going forward?