Upgrade to Pro — share decks privately, control downloads, hide ads and more …

MDM Not Working: Was it the Proxy?

Jamf
November 13, 2019
0
350

MDM Not Working: Was it the Proxy?

Jamf

November 13, 2019
Tweet

More Decks by Jamf

See All by Jamf
MDM for Everyone
jamf
0
83
Off-boarding in a Modern Deployment
jamf
0
430
Sharing Control to Improve Process and Relationships
jamf
0
31
Roll Your Own Configuration Profiles
jamf
0
370
Teaching the Teacher: Leveraging Jamf and Apple Resources for Professional Development with iPad
jamf
0
61
Jamf@SAP: Journey to 100,000 Mobile Devices
jamf
0
180
What's in the Blue Bin: Recycled Malware
jamf
0
190
Who's Afraid of the Command Line
jamf
0
150
Your Internal Beta Test Program: Opt-in/Opt-out via Self Service
jamf
0
120

Featured

See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
153
14k
Learning to Love Humans: Emotional Interface Design
aarron
266
39k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
115
18k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
Visualization
eitanlees
135
14k
Why You Should Never Use an ORM
jnunemaker
PRO
50
8.6k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
How to Ace a Technical Interview
jacobian
272
22k
A Tale of Four Properties
chriscoyier
150
22k
YesSQL, Process and Tooling at Scale
rocio
162
13k
The Power of CSS Pseudo Elements
geoffreycrofte
58
5k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
1.3k

Transcript

  1. © JAMF Software, LLC MDM Not Working? Was It the

    Proxy? 10:15 - 11 AM UP NEXT
  2. None

  3. © JAMF Software, LLC Daniel MacLaughlin Implementation Engineer Jamf

  4. © JAMF Software, LLC MDM Not Working? Was It the

    Proxy? Presentation agenda: What do we mean when we say “Proxy” Different “Proxy” configurations How does it impact MDM and Apple Who’s Security is better? Troubleshooting, Takeaways and Q’s maybe A’s

  5. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px Whats in a Name?

  6. © JAMF Software, LLC Alice isn’t talking to Bob directly.

    Bob doesn’t see a request from Alice. The Proxy is acting like a relay. Proxy in a Tech Sense

  7. © JAMF Software, LLC Proxies and Apple

  8. © JAMF Software, LLC Proxies and Apple

  9. © JAMF Software, LLC Proxies and Apple

  10. © JAMF Software, LLC Proxies and Apple

  11. © JAMF Software, LLC So What’s the Problem? Did we

    miss something? Why are there options? Is it or Isn’t it Supported?

  12. © JAMF Software, LLC It’s Always the Proxy Well there

    is something Its called SSL inspection It’s not supported!

  13. © JAMF Software, LLC It’s Always the Proxy

  14. © JAMF Software, LLC Proxies and Apple

  15. © JAMF Software, LLC

  16. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px 5223

  17. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

  18. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

  19. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px https://www.apple.com

  20. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

  21. © JAMF Software, LLC Proxies and Apple

  22. © JAMF Software, LLC Proxies and Apple

  23. © JAMF Software, LLC Proxies and Apple

  24. © JAMF Software, LLC Proxies and Apple

  25. © JAMF Software, LLC

  26. © JAMF Software, LLC Proxies and Apple

  27. © JAMF Software, LLC Max image dimensions Proxies and Apple

    Ok Network admin has whitelisted Apple to bypass SSL inspection Why is it still not working? Is it always the proxy?

  28. © JAMF Software, LLC

  29. © JAMF Software, LLC Proxies and MDM What about the

    MDM My Server is On-Prem Will I still have issues?

  30. © JAMF Software, LLC Proxies and MDM

  31. © JAMF Software, LLC Proxies and MDM

  32. © JAMF Software, LLC Proxies and MDM

  33. © JAMF Software, LLC Certificate Security OCSP Stapling Cert Trust

    Anchors

  34. © JAMF Software, LLC More Certificate Security Transparent Proxies Explicit

    Proxies There’s this thing called TLS 1.3 and SNI or ESNI

  35. © JAMF Software, LLC Prove its the Proxy You have

    to get some logs Packet captures Even from the proxy server

  36. © JAMF Software, LLC For macOS we can use 3rd

    party tools like: Charles Proxy and WireShark Local Tools tcpdump For iOS: Apple Configurator 2 WireShark using rvictl tcpdump using rvictl Getting Packet Captures

  37. © JAMF Software, LLC What are we looking for

  38. © JAMF Software, LLC What are we looking for

  39. © JAMF Software, LLC Takeaways • Don’t use manual settings

    • Do use explicit over transparent • Some URLS just gotta be un-authed • Don’t inspect SSL

  40. © JAMF Software, LLC Not Getting Push: https://support.apple.com/en-us/HT203609 Use Apple

    on Enterprise Networks: https://support.apple.com/en-us/HT210060 Getting Started with ABM or ASM with MDM: https://support.apple.com/en-us/HT207516 Enterprise Firewall for WNS: https://docs.microsoft.com/en-au/windows/uwp/design/shell/ tiles-and-notifications/firewall-allowlist-config Links

  41. © JAMF Software, LLC Network Ports used by Jamf Pro

    https://www.jamf.com/jamf-nation/articles/34 Configuring the JSS to use an HTTP Proxy Server https://jamf.com/jamf-nation/articles/379 Recording a Packet Trace https://developer.apple.com/documentation/network/ recording_a_packet_trace Third Party Network Tools https://developer.apple.com/documentation/network/ taking_advantage_of_third-party_network_debugging_tools Links

  42. © JAMF Software, LLC Q & A

  43. © JAMF Software, LLC Thank you

  44. © JAMF Software, LLC Thank you for listening! Give us

    feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT What’s in the Blue Bin? Recycled Malware 11:30 AM