Upgrade to Pro — share decks privately, control downloads, hide ads and more …

MDM Not Working: Was it the Proxy?

Jamf
November 13, 2019
0
410

MDM Not Working: Was it the Proxy?

Jamf

November 13, 2019
Tweet

More Decks by Jamf

See All by Jamf
MDM for Everyone
jamf
0
97
Off-boarding in a Modern Deployment
jamf
0
520
Sharing Control to Improve Process and Relationships
jamf
0
44
Roll Your Own Configuration Profiles
jamf
0
410
Teaching the Teacher: Leveraging Jamf and Apple Resources for Professional Development with iPad
jamf
0
73
Jamf@SAP: Journey to 100,000 Mobile Devices
jamf
0
200
What's in the Blue Bin: Recycled Malware
jamf
0
240
Who's Afraid of the Command Line
jamf
0
220
Your Internal Beta Test Program: Opt-in/Opt-out via Self Service
jamf
0
130

Featured

See All Featured
Speed Design
sergeychernyshev
25
620
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Automating Front-end Workflow
addyosmani
1366
200k
The Cult of Friendly URLs
andyhume
78
6k
Building an army of robots
kneath
302
43k
The Invisible Side of Design
smashingmag
298
50k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
Designing Experiences People Love
moore
138
23k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k

Transcript

  1. © JAMF Software, LLC MDM Not Working? Was It the

    Proxy? 10:15 - 11 AM UP NEXT
  2. None

  3. © JAMF Software, LLC Daniel MacLaughlin Implementation Engineer Jamf

  4. © JAMF Software, LLC MDM Not Working? Was It the

    Proxy? Presentation agenda: What do we mean when we say “Proxy” Different “Proxy” configurations How does it impact MDM and Apple Who’s Security is better? Troubleshooting, Takeaways and Q’s maybe A’s

  5. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px Whats in a Name?

  6. © JAMF Software, LLC Alice isn’t talking to Bob directly.

    Bob doesn’t see a request from Alice. The Proxy is acting like a relay. Proxy in a Tech Sense

  7. © JAMF Software, LLC Proxies and Apple

  8. © JAMF Software, LLC Proxies and Apple

  9. © JAMF Software, LLC Proxies and Apple

  10. © JAMF Software, LLC Proxies and Apple

  11. © JAMF Software, LLC So What’s the Problem? Did we

    miss something? Why are there options? Is it or Isn’t it Supported?

  12. © JAMF Software, LLC It’s Always the Proxy Well there

    is something Its called SSL inspection It’s not supported!

  13. © JAMF Software, LLC It’s Always the Proxy

  14. © JAMF Software, LLC Proxies and Apple

  15. © JAMF Software, LLC

  16. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px 5223

  17. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

  18. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

  19. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px https://www.apple.com

  20. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

  21. © JAMF Software, LLC Proxies and Apple

  22. © JAMF Software, LLC Proxies and Apple

  23. © JAMF Software, LLC Proxies and Apple

  24. © JAMF Software, LLC Proxies and Apple

  25. © JAMF Software, LLC

  26. © JAMF Software, LLC Proxies and Apple

  27. © JAMF Software, LLC Max image dimensions Proxies and Apple

    Ok Network admin has whitelisted Apple to bypass SSL inspection Why is it still not working? Is it always the proxy?

  28. © JAMF Software, LLC

  29. © JAMF Software, LLC Proxies and MDM What about the

    MDM My Server is On-Prem Will I still have issues?

  30. © JAMF Software, LLC Proxies and MDM

  31. © JAMF Software, LLC Proxies and MDM

  32. © JAMF Software, LLC Proxies and MDM

  33. © JAMF Software, LLC Certificate Security OCSP Stapling Cert Trust

    Anchors

  34. © JAMF Software, LLC More Certificate Security Transparent Proxies Explicit

    Proxies There’s this thing called TLS 1.3 and SNI or ESNI

  35. © JAMF Software, LLC Prove its the Proxy You have

    to get some logs Packet captures Even from the proxy server

  36. © JAMF Software, LLC For macOS we can use 3rd

    party tools like: Charles Proxy and WireShark Local Tools tcpdump For iOS: Apple Configurator 2 WireShark using rvictl tcpdump using rvictl Getting Packet Captures

  37. © JAMF Software, LLC What are we looking for

  38. © JAMF Software, LLC What are we looking for

  39. © JAMF Software, LLC Takeaways • Don’t use manual settings

    • Do use explicit over transparent • Some URLS just gotta be un-authed • Don’t inspect SSL

  40. © JAMF Software, LLC Not Getting Push: https://support.apple.com/en-us/HT203609 Use Apple

    on Enterprise Networks: https://support.apple.com/en-us/HT210060 Getting Started with ABM or ASM with MDM: https://support.apple.com/en-us/HT207516 Enterprise Firewall for WNS: https://docs.microsoft.com/en-au/windows/uwp/design/shell/ tiles-and-notifications/firewall-allowlist-config Links

  41. © JAMF Software, LLC Network Ports used by Jamf Pro

    https://www.jamf.com/jamf-nation/articles/34 Configuring the JSS to use an HTTP Proxy Server https://jamf.com/jamf-nation/articles/379 Recording a Packet Trace https://developer.apple.com/documentation/network/ recording_a_packet_trace Third Party Network Tools https://developer.apple.com/documentation/network/ taking_advantage_of_third-party_network_debugging_tools Links

  42. © JAMF Software, LLC Q & A

  43. © JAMF Software, LLC Thank you

  44. © JAMF Software, LLC Thank you for listening! Give us

    feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT What’s in the Blue Bin? Recycled Malware 11:30 AM