MDM Not Working: Was it the Proxy?

Transcript

1. © JAMF Software, LLC MDM Not Working? Was It the

   Proxy? 10:15 - 11 AM UP NEXT
2. None

3. © JAMF Software, LLC Daniel MacLaughlin Implementation Engineer Jamf

4. © JAMF Software, LLC MDM Not Working? Was It the

   Proxy? Presentation agenda: What do we mean when we say “Proxy” Different “Proxy” configurations How does it impact MDM and Apple Who’s Security is better? Troubleshooting, Takeaways and Q’s maybe A’s

5. © JAMF Software, LLC Image or video dimensions 1080 px

   525 px Whats in a Name?

6. © JAMF Software, LLC Alice isn’t talking to Bob directly.

   Bob doesn’t see a request from Alice. The Proxy is acting like a relay. Proxy in a Tech Sense

7. © JAMF Software, LLC Proxies and Apple

8. © JAMF Software, LLC Proxies and Apple

9. © JAMF Software, LLC Proxies and Apple

10. © JAMF Software, LLC Proxies and Apple

11. © JAMF Software, LLC So What’s the Problem? Did we

    miss something? Why are there options? Is it or Isn’t it Supported?

12. © JAMF Software, LLC It’s Always the Proxy Well there

    is something Its called SSL inspection It’s not supported!

13. © JAMF Software, LLC It’s Always the Proxy

14. © JAMF Software, LLC Proxies and Apple

15. © JAMF Software, LLC

16. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px 5223

17. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

18. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

19. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px https://www.apple.com

20. © JAMF Software, LLC Image or video dimensions 1080 px

    525 px

21. © JAMF Software, LLC Proxies and Apple

22. © JAMF Software, LLC Proxies and Apple

23. © JAMF Software, LLC Proxies and Apple

24. © JAMF Software, LLC Proxies and Apple

25. © JAMF Software, LLC

26. © JAMF Software, LLC Proxies and Apple

27. © JAMF Software, LLC Max image dimensions Proxies and Apple

    Ok Network admin has whitelisted Apple to bypass SSL inspection Why is it still not working? Is it always the proxy?

28. © JAMF Software, LLC

29. © JAMF Software, LLC Proxies and MDM What about the

    MDM My Server is On-Prem Will I still have issues?

30. © JAMF Software, LLC Proxies and MDM

31. © JAMF Software, LLC Proxies and MDM

32. © JAMF Software, LLC Proxies and MDM

33. © JAMF Software, LLC Certificate Security OCSP Stapling Cert Trust

    Anchors

34. © JAMF Software, LLC More Certificate Security Transparent Proxies Explicit

    Proxies There’s this thing called TLS 1.3 and SNI or ESNI

35. © JAMF Software, LLC Prove its the Proxy You have

    to get some logs Packet captures Even from the proxy server

36. © JAMF Software, LLC For macOS we can use 3rd

    party tools like: Charles Proxy and WireShark Local Tools tcpdump For iOS: Apple Configurator 2 WireShark using rvictl tcpdump using rvictl Getting Packet Captures

37. © JAMF Software, LLC What are we looking for

38. © JAMF Software, LLC What are we looking for

39. © JAMF Software, LLC Takeaways • Don’t use manual settings

    • Do use explicit over transparent • Some URLS just gotta be un-authed • Don’t inspect SSL

40. © JAMF Software, LLC Not Getting Push: https://support.apple.com/en-us/HT203609 Use Apple

    on Enterprise Networks: https://support.apple.com/en-us/HT210060 Getting Started with ABM or ASM with MDM: https://support.apple.com/en-us/HT207516 Enterprise Firewall for WNS: https://docs.microsoft.com/en-au/windows/uwp/design/shell/ tiles-and-notifications/firewall-allowlist-config Links

41. © JAMF Software, LLC Network Ports used by Jamf Pro

    https://www.jamf.com/jamf-nation/articles/34 Configuring the JSS to use an HTTP Proxy Server https://jamf.com/jamf-nation/articles/379 Recording a Packet Trace https://developer.apple.com/documentation/network/ recording_a_packet_trace Third Party Network Tools https://developer.apple.com/documentation/network/ taking_advantage_of_third-party_network_debugging_tools Links

42. © JAMF Software, LLC Q & A

43. © JAMF Software, LLC Thank you

44. © JAMF Software, LLC Thank you for listening! Give us

    feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT What’s in the Blue Bin? Recycled Malware 11:30 AM