Sponsor
This issue of MacAdmins.news is exclusively brought to you by Mosyle, where High-Quality Apple Management & Security is made Surprisingly Accessible.
After helping thousands of organizations to migrate from other solutions to Mosyle, we've gained a unique perspective of all the concerns companies face when evaluating the migration of their Apple Management & Security solution. Based on this extensive knowledge, we've created the most comprehensive Migration Program in the Apple’s Management & Security market, addressing the most critical technical, financial, and strategic considerations involved in this pivotal decision. Check our website for more details!
📸 Focus
Introducing Apple Creator Studio, an inspiring collection of creative apps
Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage — plus new AI features and premium content in Keynote, Pages, and Numbers — come together in a single subscription
The subscription price is really good if you use any of the Pro apps and the education price is mind-blowing.
The standalone apps will remain available for the one-time purchase price and continue to receive updates, with the exception of the "Pixelmator" (no Pro) app for iOS and iPad, which will be discontinued and the new "Pixelmator Pro" for iPad, which may be exclusive to the subscription? (the release is unclear here) Some new features will be exclusive to the subscription versions; this includes the iWork apps.
As someone who doesn't have a need (or skill) for the Pro apps, this subscription isn't for me, which is fair. But locking away new features for the currently free (or included with the purchase of your Apple device) iWork apps sets a concerning precedence.
Organizations who need managed deployment of the apps are also restricted to the non-subscription versions, since Apple still doesn't provide any solutions to purchase and deploy subscriptions or in-App purchases at volume.
The icons for the new versions will adopt the Liquid Glass style and look.
See also Micheal Tsai's summary.
📰 News and Opinion
Mac Admins Foundation Announces New Board Member to Fill Vacant Seat
The Mac Admins Foundation (MAF) is pleased to announce the appointment of Scott Blake as a member of its Board of Directors.
MacPaw Pulls Plug on Setapp Mobile iOS Store
MacPaw said Setapp Mobile is being closed because of app marketplaces' "still-evolving and complex business terms that don't fit Setapp's current business model," suggesting it was not profitable for the company.
See also Micheal Tsai's summary.
The Personal Price of AI (so far)
In the last few months, I have been on the receiving end of the carnage brought about by the rush to allow statistical models to make decisions.
Wish List: SSH keys in Passwords
Just as Apple eventually supported (or at least didn’t actively hinder) Touch ID for sudo on the command line, it’d be great to see Passwords embrace SSH key management for those of us who need it.
🔐 Security and Privacy
Predator iOS Spyware: Undocumented Anti-Analysis Techniques
while conducting independent reverse engineering of a Predator sample, Jamf Threat Labs discovered several undocumented mechanisms that reveal how sophisticated this spyware's anti-analysis capabilities truly are.
Analyzing the MonetaStealer macOS Threat
Portfolio_Review.exe is an unsigned Mach-O binary that uses a deceptive .exe extension to mislead macOS users. This naming convention exploits a common misconception that Windows executables are harmless to Mac systems.
AI-coded malware arrives on the Mac through fake Grok AI app
The attack spreads through a fake website posing as the Grok AI app and tricks users into downloading a malicious macOS installer.
🔨 Support and Tutorials
Configure Custom USB Drive Restrictions with Notifications
This guide will walk you through configuring Jamf Pro and Jamf Protect to create a list of approved USB drives by hardware vendor and model number.
Managed Service Configurations with Blueprints in Jamf Pro
This guide will focus on two key workflows: customizing sudo access by modifying the sudoers file, and enabling Touch ID authentication for sudo through a Pluggable Authentication Module (PAM) file.
Pass Tap for iPad
We have been working on an iPad app for authenticating users to apps and websites using RFID cards and tags.
Managed Apple Accounts - The Adventure Continues
Jordy Thery on Jamf Tech Thoughts:
Before you get started with this, please know your why. Currently there are not that many reasons why you would absolutely - need - Managed Apple Accounts. […] That being said we do advise any customer to verify and lock their domains to prevent issues in the future.
Additional roles in Apple Business Manager or Apple School Manager with option to administer AppleSeed for IT program
Rich Trouton:
there are two other roles which can administer the AppleSeed for IT program for an organization.
Turning Platform SSO Registration from “Optional” into “Operational”
Tony Young:
A quick dive into P.S.E.U.D.O., a new open-source tool from Kevin White that helps admins and engineers effectively enforce macOS Platform SSO registration, improving Entra ID and Okta device compliance and Conditional Access deployments more reliably.
Local LLMs on Spare Apple Silicon: A Cautionary Tale
If local LLMs interest you, I absolutely recommend experimenting with them. Just keep your expectations realistic.
🤖 Scripting and Automation
Deploy Box Tools at Scale: Automating a User-Interactive DMG Installer in Jamf Pro
Because Box Tools is delivered as a DMG containing a custom installer app rather than a standard Apple-signed .pkg it increases the operational overhead for MacAdmins who need to deploy and support it at scale.
Capture the flag (files): Turning deployment chaos into organised victory
Philip Ross:
Once a flag file is created, you can make use of an extension attribute (EA) to report the status of it across your macOS fleet, and build that EA into smart groups to use for scoping components.
Adding a new platform to Fleet's Well Known MDM list
However if an MDM is not in Fleet’s hardcoded list it will show up as “Unknown” in the Fleet UI. […] Thankfully this is easy to fix with a simple PR since Fleet is open source.
PowerShell function return foolishness
John C. Welch:
While working on an update to Set-PowerShellSig, I noticed something weird.
Apple Content Caching statistics in Home Assistant
There isn’t a built-in [Home Assistant] integration for Apple Content Caching, however with a custom sensor and a LaunchDaemon it is easy to get the data reporting in and visualized.
Nice home project from Kevin. While I am quite sure that most of the readers here are enjoying the benefits of a Apple Content Caching Mac running at home, I always find it a shame that this isn't something that Apple provides in a more consumer friendly way. This always leads to me remembering how disappointed I was—and still am—that Apple discontinued the line of Airport devices.
♻️ Updates and Releases
🎧 Listen
Enshittification is ruining everything online
we speak with Doctorow about enshittification’s fast damage across the internet, how to fight back, and where it all started.
Just Us – 2026 Predictions
Lets look forwards and no backwards and talk about what we have in hope for the year.
Assessing the most exciting features for IT with Apple's recent software ugprades
Weldon Dodd joins the show to talk about Kandji becoming Iru, what he's looking forward to this year from Apple, and our "dream" features for IT admins from Apple.
Secure and Manage Homebrew in the Enterprise
Learn how Workbrew's platform provides visibility, control and seamless integration with Jamf to transform developer tools from a risk into a secure, manageable asset.