Month: November 2018

Jamf API fun with iOS Shortcuts

UPDATE 29th of November: A colleague showed me the possibility of using JSON in iOS Shortcuts. This allows us to create quick API calls without the need of ssh and another machine running the script. Cool indeed. Time permitting I will dive into some handy API calls to add to Shortcuts. Nevertheless, the option to quickly run your API scripts from iOS through ssh might remain handy in some cases.

This is going to be a quick one, just to see if there would be a use case for it! Let me know what you think!

After publishing my previous post on how to create an ESXI VM via the iOS Shortcuts app, I was wondering what else I could do with it. Be it just for fun, or something which might be useful.

This brought my thoughts to the Jamf API. What if I could just press a button on the iPhone and make some ‘sudo Jamf magic’ ??‍♂️ happen…? Well we could create a fancy iOS app, but unfortunately I’m not a developer. And as discussed in my previous post, Apple did give us a very handy iOS tool: the Shortcuts app. Not only is it soo easy to use, it also allows us to run scripts from an iOS device! 

The only caveat here is: you need to SSH into another device to run the script. But imagine you do have a computer sitting around somewhere, or even better, the possibility to run a ‘low spec’ VM on which you can enable SSH.

I know, the idea of keeping a device on the network with SSH enabled just for this… It might not please everyone and even put some network security guys on their high horse again, but with the correct network isolation this should not be the end of the world in my opinion. Up to you to decide if this is acceptable, because in the end, the purpose of this post is just to have some fun, explore possibilities and open the discussion.

Continue reading “Jamf API fun with iOS Shortcuts”

Create an iOS Shortcut to create a VM in ESXI

Ok, this one falls under the category ‘just for fun while actually being very handy’: Create an iOS Shortcut to create a VM in ESXI 🙂

When troubleshooting and testing deployments, you need some virtual machines to make your life easy… Snapshotting them before you configure them is of course a smart thing to do, but there are situations where you just need to create a new VM and start over.

I already discussed the methods of creating a ‘DEP capable’, sorry Apple, I mean ‘Automated MDM enrollment capable’, VM on both Parallels and VMWare but what about ESXI? Well I’m not going to spend too much time on this because it’s actually exactly the same as VMWare Fusion!

Continue reading “Create an iOS Shortcut to create a VM in ESXI”

A secure journey with tokens

About managing FileVault and Secure Tokens on macOS Mojave 10.14.1

Update 06/12/18: After reading this, have a look at my new post regarding Mojave 10.14.2

macOS Mojave and Secure Tokens…? If you have been managing Macs since High Sierra and Mojave came around, you must have heard about “Secure Tokens” before 🙂

Most likely you have already hit your head multiple times against the wall while trying to fix your FileVault workflows. Well, to be honest, join the club as I still find the whole Secure Token story very confusing. Depending the deployment and environment, the journey through managing FileVault and Secure Tokens might be straight forward and hassle free, or a big nightmare inducing experience.

I’ve been reading so many articles and tech blogs about the matter and each time I tell myself  “Yes, now I completely know how it works”… followed by some hands on in different scenario’s proving me otherwise again!

Amongst the articles I’ve been reading, as well as advice I got from certain people, there are sources I would never, not in a 100 years, dare to question. Nevertheless, I’ve seen Secure Tokens behave in a very confusing  and inconsistent ways. At least that’s how I experienced it, because there might be things I’ve been overlooking or maybe the fact that “Apple just changed things in the last update”…

Continue reading “A secure journey with tokens”

Automated MDM Enrolment and Parallels Desktop.

Configure a virtual machine to behave like one of your “DEP” devices, or “Automated MDM Enrolment” – Parallels Desktop

UPDATE 20th of November: Parallels released an update for version 14

https://kb.parallels.com/en/124521
"Resolves an issue with the Apple DEP (Device Enrollment Program) not working in a macOS virtual machine"

CONFIRMED: Works perfectly in Parallels 14.1

In my previous post I discussed the steps to create a VMware Fusion virtual machine, which is behaving like your “automated MDM Enrolment” test device (previously known as “DEP”). While I personally use VMWare, in combination with my ESXI homelab, I promised to post the workflow for “Automated MDM Enrolment and Parallels Desktop” as well.

So I did some testing…

The good news is: it still works on Parallels Desktop 13, even with macOS Mojave.
The “bad” news is: I haven’t succeeded in getting it to work with Parallels Desktop 14. – See update above. I will test and update the blog ASAP.

Here is what I did, as well as the working configuration for Parallels Desktop 13 (confirmed on Version 13.3.2 (43368) with macOS 10.14.1)

Click here for the Tutorial on how to do this on Parallels 13.

Continue reading “Automated MDM Enrolment and Parallels Desktop.”