Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Making it One-to-One

Jamf
October 25, 2018

Making it One-to-One

Presentation from JNUC 2018, the world's largest rally of Apple IT administrators.

Session:
Making it One-to-One

Presented by:
Steven Bradley, Rodeph Sholom School

View all session slides, recordings and more at https://www.jamf.com/events/jamf-nation-user-conference/2018/.

Jamf

October 25, 2018
Tweet

More Decks by Jamf

Other Decks in Technology

Transcript

  1. To update, double-click to edit master © JAMF Software, LLC

    Steven Bradley Technology Specialist Rodeph Sholom School Adam Newman Network & Systems Manager Rodeph Sholom School 275x275 head shot 275x275 head shot
  2. Your logo here 275 x 100 max © JAMF Software,

    LLC Making It One-to-One Presentation agenda: • The one-to-one system • Apple Device Enrollment (formerly DEP) & usage • The RSS Method • The next step - No touch
  3. To update, double-click to edit master © JAMF Software, LLC

    780 px 650 px The one-to-one system • No more shared laptops • An easier life for IT Admins • Collect your box and go
  4. Your logo here 275 x 100 max © JAMF Software,

    LLC Apple’s Device Enrollment (Formerly DEP) An Overview: • Make sure you set your organization up with one of Apple’s Device Enrollment Programs • Apple Device Enrollment is key for a successful one-to-one • Make sure ALL devices are purchased directly from Apple or an authorized Apple reseller • Integrate the Jamf Pro Server with Apple’s Device Enrollment • Allows devices to talk directly to the Jamf Pro Server as soon as they connect to internet • Foundation for everything else going forward
  5. Your logo here 275 x 100 max © JAMF Software,

    LLC Connecting the Jamf Pro Server to Apple’s Device Enrollment • Establish a DEP Instance on the Jamf Pro Server • Assuming all goes as planned, if you click on the Devices tab, you should see the same devices listed for your organization in Apple’s Device Enrollment portal
  6. To update, double-click to edit master © JAMF Software, LLC

    DEP Devices tab should be populated with all DEP devices associated with the organizational account that was used for the Instance.
  7. Your logo here 275 x 100 max © JAMF Software,

    LLC PreStage Enrollment • Separate PreStage Enrollments were created for Faculty and Students • Smart Groups created for each PreStage enrollment • Policies and Configuration Profiles scoped to each smart group
  8. Your logo here 275 x 100 max © JAMF Software,

    LLC Creating PreStage Enrollments • Separate PreStage Enrollments were created for Faculty and Students to account for our K-12 environment • You can create more enrollments if your environment requires a wider range of deployments (eg. marketing, finance, engineering, etc.)
  9. To update, double-click to edit master © JAMF Software, LLC

    We created two PreStage enrollments to separate students and faculty
  10. To update, double-click to edit master © JAMF Software, LLC

    PreStage Enrollment - General Settings
  11. To update, double-click to edit master © JAMF Software, LLC

    PreStage Enrollment - Account Settings
  12. To update, double-click to edit master © JAMF Software, LLC

    PreStage Enrollment - Passcode Settings (make this as complex as needed for your environment)
  13. To update, double-click to edit master © JAMF Software, LLC

    If you install a 3rd Party SSL Cert and have Device Enrollment connection issues, make sure you don’t have the Jamf Pro Server Built-in CA listed in the Certificates tab. This was an issue that affected us. There is actually a feature request: Don’t automatically add Jamf Pro Server Built-in CA to Anchor Certificates in DEP pre-stage enrollments when using a 3rd party SSL cert.
  14. Your logo here 275 x 100 max © JAMF Software,

    LLC Smart Groups created for each PreStage enrollment
  15. To update, double-click to edit master © JAMF Software, LLC

    Smart Group criteria for our student PreStage Enrollment
  16. Your logo here 275 x 100 max © JAMF Software,

    LLC Policies and Configuration Profiles scoped to each smart group • Simplifies management • New Wrinkle: As part of our device setup process, we now have a policy in Self Service which applies the same scripts and installs the same core programs that we previously accomplished using Imaging Configurations
  17. To update, double-click to edit master © JAMF Software, LLC

    This is an example of the various Configuration Profiles typically installed on a student laptop. A number of these were applied by scoping to the PreStageEnrollment-Students Smart Group previously discussed. Others were applied as part of a larger scope. The biggie for High Sierra was Kernel Extension White lists. Of course that’s old news now with Mojave and Privacy Controls. Policies were also scoped in a similar manner for Software Installation, printers, EFI password, FileVault, etc.
  18. To update, double-click to edit master © JAMF Software, LLC

    This is typical of the policies scoped to student laptops. The Student Laptops- PreStage Configuration policy replaces much of what we used to accomplish with Imaging Configurations
  19. Your logo here 275 x 100 max © JAMF Software,

    LLC Some General Advice • Externally-accessible Jamf Pro Server and a Cloud Distribution Point. We set up our CDP using AWS. The AWS was actually pretty easy to setup thanks to a wonderful blog by Rich Trouton. • Setup a 3rd Party SSL Cert. We set one up through DigiCert. If you do set one up and start having issues enrolling devices, check to see if there is a leftover Anchor Cert in the PreStage Enrollment settings. • Excellent information can be found through online communities like Jamf Nation, MacAdmins Slack channel, GitHub, etc. Some great blogs like Der Flounder (Rich Trouton) and MacMule (Ben Toms) to name a few.
  20. Your logo here 275 x 100 max © JAMF Software,

    LLC • Don’t be afraid to contact Jamf Support • Create a Device Enrollment 1:1 setup guide for IT staff • Start with a 1:1 pilot program before going all in • Take advantage of VPP • TEST TEST TEST TEST TEST TEST TEST TEST TEST • MOARRR TESTING Some General Advice
  21. Your logo here 275 x 100 max © JAMF Software,

    LLC Create a setup guide for IT Staff •Since imaging is mostly dead, and these are 1:1 devices (not redoing every summer), we’ve accepted a small amount of easy, but manual steps can’t be avoided. •A DEP deployment guide was created for this purpose. The goal was to make 1:1 setups as easy as possible.
  22. Your logo here 275 x 100 max © JAMF Software,

    LLC The process Step-by-Step
  23. Your logo here 275 x 100 max © JAMF Software,

    LLC The Future No Touch • Baby Steps • Increase buy-in • User’s responsibility • Encourage Self Service • Just hand a box