In case you’re using DEP and haven’t noticed this, you need to accept the latest terms of service in the Apple license agreement for DEP if you’re going to continue using the service. I don’t usually post emails I get from Apple, but I can easily see orgs using accounts that don’t have email flowing to anyone that is capable of responding, so I strongly recommend you go in and accept the latest and greatest agreements so your stuff doesn’t break!
Here’s the email I got from Apple:
Apple Deployment Programs
Thank you for participating in the Device Enrollment Program. On September 13 Apple will release updated software license agreements. Your Program Agent must go to the deployment website and accept the following agreements to continue to use the program:
Note: If you’re using Casper, then the errors you’ll see will be something along the lines of:
For more information please see this support article:https://support.apple.com/kb/HT203063.
- iOS 10 Software License Agreement
- Software License Agreement for macOS Sierra
Unable to Contact https://mdmenrollment.apple.com
krypted September 12th, 2016
Posted In: iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast
Accept, DEP Logs, device enrollment program, errors, license agreements, not working
Casper 9.93 is now available, with a host of new features. These include:
- Fixed a lot (and I mean a lot) of product issues!
- Added Single Sign-On (SSO) with SAML 2.0: Logging into the JSS without clicking on anything is just awesome.
- Added Webhooks: Scripted, triggered access to the events API.
- LDAP Proxy Server: Can run on our new Infrastructure Manager service on Linux and creates a tunnel between a customer location and a JSS if the JSS doesn’t have LAN access to a directory service.
- Patch Reporting for Computers: Now, Casper includes automatically generated reports for some common third-party OS X software packages, so you can better scope policies around machines with out-of-date software packages. These can be exported into a variety of formats.
- Self Service Mobile for iOS: Automatically remove apps that are installed option.
- New Localization options for French, German, Japanese, and Chinese. Enhanced Language Support in Self Service
- Import multiple classes from Apple School Manager.
- OS X Configuration Profiles: Added IKEv2, Disable Apple ID setup during login, enabling proxies in the Proxies payload.
- iOS Configuration Profile Enhancements: Added Allow screenshots and screen recording, Allow voice dialing while device is locked, Allow Apple Music, Allow Radio, Accept Cookies, Google Accounts, and OS X Server Accounts.
- Smart group and advanced search criteria were added for iOS 9.3 lost mode status, length of time a device has been in lost mode, and applications in the catalog for patch management.
And of course, there’s moar scalability! 🙂
For more, see https://jamfnation.jamfsoftware.com/featureRequests.html?releaseID=138
Congrats to everyone involved in this one, it’s a pretty massive update and required a lot of work!
krypted August 2nd, 2016
Posted In: JAMF
Casper 9.93, LDAP, single sign-on
There’s a new JSS companion tool, called JSS MUT, which allows you to perform mass actions based on a CSV. Basically, set fields and enforce mobile device names (becoming a very common need out there). If you’re a JSS admin, it’s a nice tool, and a big should out to Michael Levenick for making it free!
Official website is at http://jssmut.weebly.com
Hat tip to Trey Howell for clueing us in! 🙂
krypted July 18th, 2016
Posted In: JAMF
csv, device type, importer, JAMF, JSS, serial
Looks like Sal et al posted a suite of Automator Actions to link the Casper Suite to Apple Configurator at https://configautomation.com/jamf-actions.html
. In my limited tests so far they work pretty darn well!
Some pretty cool things here, like having the JSS rename a mobile device when managed through Apple Configurator, having Apple Configurator instruct the JSS to remove a device from a group, clear passcodes, update inventory, and other common tasks involved in workflows when leveraging Apple Configurator for en masse device management. Good stuff!
krypted July 14th, 2016
Posted In: Apple Configurator, iPhone, JAMF
Apple Configurator, device groups, ios, iPad, iPhone, remove, Rename
The JSS has the ability to upload multiple .vpptokens, and using those, you can upload separate tokens for sites and then provide App Store apps to different sites based on each having some autonomy by having their own token. This is a pretty cool feature. And using the GUI, you can see when each token expires. You can also see a list of tokens using the API. To see a full list of all the tokens, we’ll just use a basic curl command here:
curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts
This provides an array of output that has the number of tokens in <size> and the id of each along with their name in <id> and <name> respectively, as follows
<?xml version="1.0" encoding="UTF-8"?><vpp_accounts><size>2</size><vpp_account><id>2</id><name>test</name></vpp_account><vpp_account><id>3</id><name>test2</name></vpp_account></vpp_accounts>
Once you know the id of a token, you can pull a bunch of information about that token using the following command:
curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2
The output would be as follows, with the expiration_date indicated:
<?xml version="1.0" encoding="UTF-8"?><vpp_account><id>2</id><name>test</name><contact/><service_token>xxxxxxxxxxyyyyyyyyyyyzzzzzzzzzaaaaaaaabbbbbbbbbbccccccc</service_token><account_name>krypted</account_name><expiration_date>2017/06/30</expiration_date><country>US</country><apple_id/><site><id>-1</id><name>None</name></site><populate_catalog_from_vpp_content>true</populate_catalog_from_vpp_content><notify_disassociation>true</notify_disassociation></vpp_account>
Or to limit the output to just the expiration date of the token, we’ll use sed to constrain:
curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2 | sed -n -e 's/.*<expiration_date>\(.*\)<\/expiration_date>.*/\1/p'
The output should just be a standard date, as follows:
You can then loop through the output of the vppaccounts, build an IFS array, and display the dates for each, listing sites that are about to expire. For anyone that has a lot of sites with individual tokens, this might come in handy. Enjoy.
Hat tip: I thought I’d have to do this using a database query, but it turns out that the field where the stoken is stored contains encrypted data different than the initially encoded base64, which I showed how to decrypt at What’s Really In A VPP Token File from Apple’s VPP?. This is to keep that data private. Instead, hat tip to Christian Dooley, who figured out that this is actually available in the API instead, and therefore I didn’t have to hit the database directly to write this article.
krypted June 30th, 2016
Posted In: JAMF
API, Casper, expiration date, mdm, site, token, vpp
An hour into my first Reddit AMA with some super-excellent JAMFs!
AMA w/ Charles Edge and the Apple management experts at JAMF Software from macsysadmin
krypted June 24th, 2016
Posted In: Apple Configurator, Articles and Books, Business, iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment
JAMF, reddit AMA
I’ve worked with a lot of organizations switching between Mobile Device Management (MDM) solutions in my career. And I’ve seen the migration projects go both really, really well, and really, really poorly. In most cases, the migration is somewhat painful no matter what you do. But in this (my first) article on the JAMF blog, I try and organize my thoughts around a few things to look out for when migrating between MDMs/MAMs, and some context/experience around those.
krypted June 23rd, 2016
Posted In: Articles and Books, iPhone, JAMF, Mac OS X
Apple, devices, iPad, iPhone, MAC, mdm, Migration
Published an article at http://www.itbusinessedge.com/slideshows/10-must-have-apps-for-your-small-business.html
on types of apps you should use when starting to put iPads in a small business. Obviously many a business has vertical needs, but a lot of apps are horizontal, so cut across a wide swath of industries.
krypted June 22nd, 2016
Posted In: Articles and Books, iPhone, JAMF
Posted a Huffington Post article from my notes from the WWDC keynote. Hope you enjoy!
Apple kicked off WWDC (World Wide Developers Conference) today, with a Keynote that showcased some of the upper tier of talent and management within Apple. As a former WWDC speaker, I watch the keynote and most sessions through the remainder of the week religiously. Here, you see what’s coming in the fall releases of the four operating systems: macOS, watchOS, iOS, and tvOS (for Macs, Apple Watches, iPhones and iPads, and Apple TVs respectively).
PS: macOS autocorrects to tacos. Mmmmm, tacos…
krypted June 14th, 2016
Posted In: Apple TV, Apple Watch, iPhone, JAMF, Mac OS X, Mac OS X Server
future of iPad, ios, iPhone, macos, tvos, what's next, WWDC Keynote
« Previous Page
Casper 9.9 has shipped! After the most thorough of testing and field enablement, JAMF has shipped Casper 9.9, with tons of new awesomeness for iOS 9.3. You now have the ability to do Lost Mode, which allows you to see where a lost device is, and allows your users the peace of mind that their privacy is protected by informing them that administrators looked at the location of a device (and you can assign a custom Lost Mode message
, for example providing a reward for the return of a lost device). You can also manage a number of Notification Center features. You now have the ability to use the Classroom App in conjunction with education device deployments. You now have the ability to unlock new, great payloads, such as placing badges where you want them on a home screen. You can also now use the B2B App Store
with Casper. And for the first time, you also have the ability to show and hide apps!
And cool new features aren’t limited to iOS. Casper can also now manage Active Directory bindings
with DEP devices using the Active Directory/LDAP payloads, streamlining those workflows in a more supportable fashion. And manage user account types
. This brings us closer and closer to true zero-touch deployments. And lots of issues are resolved that make your installation (e.g. detecting Java versions) and management (e.g. some cool new screens) more and more stable and user friendly with each release!
So log into JAMF Nation
, and check out Casper 9.9 in your testing environment, and unlock all the new coolness. 🙂
krypted March 31st, 2016
Posted In: iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment
Active Directory, casper 9.9, dep, iOS 9.3, lost mode, pre-bindings
— Next Page »