Jamf Connect Login with Azure

There we go! Jamf launched Jamf Connect Login and Jamf Connect Verify with Azure integration: Jamf Connect Azure

Also, Nomad Pro has been rebranded to Jamf Connect Sync (Okta only).

My goal is to do a couple of blog post on the above products, but combining them in one big post would make this post a bit too long. Hence, let’s start with Jamf Connect Login and Azure integration. And this will already be one of those longer posts… ☕️☕️☕️

In one of my previous post I discussed Nomad Login+ Okta. This is now part of Jamf Connect, as depending the configuration the tool can be used for both Okta as Azure. I do have Jamf Connect Login with Okta on my ‘blog to-do list’ in order to go through the changes and discuss how to deploy it.

I’ll also leave Jamf Connect Verify for another time as it requires an additional installation (not included in the Jamf Connect installer).

Jamf Connect Notify (previously DEPNotify) is however part of Jamf Connect, so let’s do that today as well.

So the goal for today’s post:

  • Deploy Jamf Connect
  • Integrate it with Azure
  • Launch Notify during the Jamf Connect Login process.
Continue reading “Jamf Connect Login with Azure”

Script to manage Secure Tokens on macOS 10.14.2+

Just a quick post before heading into the weekend, and leaving Secure Tokens far behind me for a couple of days. I just want to share this attempt to make a script to manage Secure Tokens prior to enabling FileVault.

The idea is to make sure that you have an Administrator Account with a Secure Token in case you want to be able to manipulate the tokens/FileVault later. This is especially important in case you are limiting the end user to creating a non-admin/standard account or using managed mobile accounts at automated enrolment.

Continue reading “Script to manage Secure Tokens on macOS 10.14.2+”

Mojave 10.14.2 and Secure Tokens, it works!

macOS 10.14.2 brings a welcome change to our Secure Token saga!

Well, kind off. Not everything but there are some welcome changes!

!!! ALREADY AN UPDATE to what I wrote here -  see comments !!!
Update 2: 9/12/18 - promote the non-admin Secure Token holder. see comments !!!

When I wrote my previous post on Secure Tokens, I mainly focused on enabling FileVault with Configuration Profiles on 10.14.1. The main issue was that if no account on the mac had a Secure Token, the profile would fail to enable FileVault. This due to the fact the first account logging into the Mac has to be a LOCAL Administrator.

This, amongst many other FileVault related issues, caused some concerns for many Mac Sys Admins. Additional bugs on 10.14.1 seemed to make the mayhem complete, leaving many of us in a state wondering if something was expected behaviour, or “a feature”… In all fairness, there were moments where I thought I finally understood how Secure Tokens work, and other moments where I just lost all hope…

Hence my intensive search for a recommended workflow to avoid as much of the issues as possible. I ended up testing almost every scenario with different types of accounts, on both 10.14.1 and 10.14.2.

I had to wait until 10.14.2 came out of beta, but now that 10.14.2 is released, let’s see what this early Filevault Santa bring us!

Continue reading “Mojave 10.14.2 and Secure Tokens, it works!”

Jamf API fun with iOS Shortcuts

UPDATE 29th of November: A colleague showed me the possibility of using JSON in iOS Shortcuts. This allows us to create quick API calls without the need of ssh and another machine running the script. Cool indeed. Time permitting I will dive into some handy API calls to add to Shortcuts. Nevertheless, the option to quickly run your API scripts from iOS through ssh might remain handy in some cases.

This is going to be a quick one, just to see if there would be a use case for it! Let me know what you think!

After publishing my previous post on how to create an ESXI VM via the iOS Shortcuts app, I was wondering what else I could do with it. Be it just for fun, or something which might be useful.

This brought my thoughts to the Jamf API. What if I could just press a button on the iPhone and make some ‘sudo Jamf magic’ ??‍♂️ happen…? Well we could create a fancy iOS app, but unfortunately I’m not a developer. And as discussed in my previous post, Apple did give us a very handy iOS tool: the Shortcuts app. Not only is it soo easy to use, it also allows us to run scripts from an iOS device! 

The only caveat here is: you need to SSH into another device to run the script. But imagine you do have a computer sitting around somewhere, or even better, the possibility to run a ‘low spec’ VM on which you can enable SSH.

I know, the idea of keeping a device on the network with SSH enabled just for this… It might not please everyone and even put some network security guys on their high horse again, but with the correct network isolation this should not be the end of the world in my opinion. Up to you to decide if this is acceptable, because in the end, the purpose of this post is just to have some fun, explore possibilities and open the discussion.

Continue reading “Jamf API fun with iOS Shortcuts”