Combining DEPNotify with NoLoAD (Nomad Login AD)
While continuing my journey in finding efficient workflows to manage Secure Tokens and FileVault on Mojave, I side-tracked to testing NoMAD Login AD in combination with DEPNotify.
Continue reading “NoMAD Login AD and DEPNotify”
I’ll come back to which workflow I’m using it for in my next post, but for now, just imagine a more general scenario where you want to create a local account based on AD credentials. But also avoiding the BIND and all its disadvantages (including potential keychain, FileVault and Secure Token issues) and use the power of DEPNotify to inform the user about what’s going on when they login.
NoMAD Login AD is your friend here! Similar to NoMAD Login+ Okta, where you base the account on Okta users. With NoMAD Login AD you benefit from having the local account credentials to be the same as the AD account. A good start for adding Jamf Connect/NoMAD later in the deployment.
About managing FileVault and Secure Tokens on macOS Mojave 10.14.1
Update 06/12/18: After reading this, have a look at my new post regarding Mojave 10.14.2
macOS Mojave and Secure Tokens…? If you have been managing Macs since High Sierra and Mojave came around, you must have heard about “Secure Tokens” before 🙂
Continue reading “A secure journey with tokens”
Most likely you have already hit your head multiple times against the wall while trying to fix your FileVault workflows. Well, to be honest, join the club as I still find the whole Secure Token story very confusing. Depending the deployment and environment, the journey through managing FileVault and Secure Tokens might be straight forward and hassle free, or a big nightmare inducing experience.
I’ve been reading so many articles and tech blogs about the matter and each time I tell myself “Yes, now I completely know how it works”… followed by some hands on in different scenario’s proving me otherwise again!
Amongst the articles I’ve been reading, as well as advice I got from certain people, there are sources I would never, not in a 100 years, dare to question. Nevertheless, I’ve seen Secure Tokens behave in a very confusing and inconsistent ways. At least that’s how I experienced it, because there might be things I’ve been overlooking or maybe the fact that “Apple just changed things in the last update”…
Configure a virtual machine to behave like one of your “DEP” devices, or “Automated MDM Enrolment” – Parallels Desktop
UPDATE 20th of November: Parallels released an update for version 14
"Resolves an issue with the Apple DEP (Device Enrollment Program) not working in a macOS virtual machine"
CONFIRMED: Works perfectly in Parallels 14.1
In my previous post I discussed the steps to create a VMware Fusion virtual machine, which is behaving like your “automated MDM Enrolment” test device (previously known as “DEP”). While I personally use VMWare, in combination with my ESXI homelab, I promised to post the workflow for “Automated MDM Enrolment and Parallels Desktop” as well.
So I did some testing…
The good news is: it still works on Parallels Desktop 13, even with macOS Mojave.
The “bad” news is: I haven’t succeeded in getting it to work with Parallels Desktop 14. – See update above. I will test and update the blog ASAP.
Here is what I did, as well as the working configuration for Parallels Desktop 13 (confirmed on Version 13.3.2 (43368) with macOS 10.14.1)
Continue reading “Automated MDM Enrolment and Parallels Desktop.”
Click here for the Tutorial on how to do this on Parallels 13.