$30 off During Our Annual Pro Sale. View Details »

Off-boarding in a Modern Deployment

Jamf
November 13, 2019
0
370

Off-boarding in a Modern Deployment

Jamf

November 13, 2019
Tweet

More Decks by Jamf

See All by Jamf
MDM for Everyone
jamf
0
80
Sharing Control to Improve Process and Relationships
jamf
0
27
Roll Your Own Configuration Profiles
jamf
0
340
Teaching the Teacher: Leveraging Jamf and Apple Resources for Professional Development with iPad
jamf
0
56
Jamf@SAP: Journey to 100,000 Mobile Devices
jamf
0
180
What's in the Blue Bin: Recycled Malware
jamf
0
160
Who's Afraid of the Command Line
jamf
0
120
Your Internal Beta Test Program: Opt-in/Opt-out via Self Service
jamf
0
120
Our Secret Tool to Becoming a 1-to-2 Device School
jamf
0
19

Featured

See All Featured
Clear Off the Table
cherdarchuk
81
300k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Code Reviewing Like a Champion
maltzj
511
38k
Art, The Web, and Tiny UX
lynnandtonic
286
19k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.4k
What the flash - Photography Introduction
edds
64
11k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
0
1k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
Done Done
chrislema
178
15k
Statistics for Hackers
jakevdp
787
220k

Transcript

  1. © JAMF Software, LLC
    Off-boarding in a Modern Deployment
    4:00 - 4:45 PM
    UP NEXT

    View Slide

  2. View Slide

  3. © JAMF Software, LLC
    Mischa van der Bent
    Chief Technical Officer

    275x275

    head shot

    View Slide

  4. © JAMF Software, LLC
    Off-boarding in a Modern Deployment

    View Slide

  5. © JAMF Software, LLC
    scriptingosx.com/offboarding

    View Slide

  6. © JAMF Software, LLC
    YES and NO!

    View Slide

  7. © JAMF Software, LLC
    Let me explain…

    View Slide

  8. © JAMF Software, LLC
    Deployment: User Perspective
    1. Open box

    2. Power on MacBook

    3. There is no step 3
    ❤IT

    View Slide

  9. © JAMF Software, LLC
    Deployment: User Perspective
    Leverage out-of-box experience

    View Slide

  10. © JAMF Software, LLC
    Deployment: User Perspective
    Empower users to setup their devices

    View Slide

  11. © JAMF Software, LLC
    Deployment: Admin Perspective
    Zero-touch effort for IT

    Streamline setup assistant for users

    Automatically enroll

    Deliver important apps and policies 

    during and after enrollment

    View Slide

  12. © JAMF Software, LLC
    Keep applications up to date

    Address emerging security concerns

    Support multiple generations of hardware

    Prompt to download and 

    install updates through MDM
    Ongoing Maintenance

    View Slide

  13. © JAMF Software, LLC
    Off-boarding
    Reset to factory defaults

    Remove MDM Framework/License

    Securely Wipe User Data

    View Slide

  14. © JAMF Software, LLC
    Off-boarding: User Data
    Securely Wipe User Data

    General Data Protection Regulation (GDPR)

    Responsibility: User or IT??

    View Slide

  15. © JAMF Software, LLC
    Maintenance
    Off-boarding
    Deployment

    View Slide

  16. © JAMF Software, LLC
    What is Apple providing?

    View Slide

  17. © JAMF Software, LLC
    iOS, iPadOS 

    and tvOS

    View Slide

  18. © JAMF Software, LLC
    Quickly erase device from Settings

    All user data is securely removed

    Option can be restricted on 

    supervised devices

    Remote wipe MDM command

    User Driven
    Erase All Contents and Settings

    View Slide

  19. © JAMF Software, LLC
    Apple Provisioning Utility

    Apple Configurator 2

    GroundControl

    Jamf Reset
    Other Solutions
    TM

    View Slide

  20. © JAMF Software, LLC
    macOS

    View Slide

  21. © JAMF Software, LLC
    macOS Recovery
    Option-⌘-R

    Upgrade to the latest macOS
    that is compatible with your
    Mac.

    Shift-Option-⌘-R

    Install the macOS that came
    with your Mac, or the closest
    version still available.
    Command (⌘)-R

    Install the latest macOS that
    was installed on your Mac.
    Internet Recovery

    View Slide

  22. © JAMF Software, LLC
    Installer App

    View Slide

  23. © JAMF Software, LLC
    Installer App
    Manual Upgrade

    Create External Install Media

    Command Line Tool


    /Applications/Install macOS Catalina.app/Contents/Resources/startosinstall

    View Slide

  24. © JAMF Software, LLC
    Automated upgrade
    Automate with 

    startosinstall
    Requires Mac that supports Catalina 

    and is running at least OS X 10.9

    View Slide

  25. © JAMF Software, LLC
    Automated Erase and Install
    Automate with 

    startosinstall --eraseinstall
    Requires APFS and installer 10.13.4+

    No built-in UI option

    View Slide

  26. © JAMF Software, LLC
    What if…..
    Erase All Content
    and Settings

    View Slide

  27. © JAMF Software, LLC
    Erase All Contents and Settings
    Quickly erase device from 

    System Preferences

    All user data is securely removed

    Option can be restricted on 

    supervised devices

    Remote wipe MDM command

    User Driven
    Erase All Content
    and Settings
    This doesn’t exist..YET!!
    ??????????

    View Slide

  28. © JAMF Software, LLC
    Same workflow across all devices

    View Slide

  29. © JAMF Software, LLC
    Reconsider
    Your off-boarding workflows with Catalina

    View Slide

  30. © JAMF Software, LLC
    Apple is tightening security

    View Slide

  31. © JAMF Software, LLC
    Security changes in Catalina
    +
    macOS Recovery

    View Slide

  32. © JAMF Software, LLC

    View Slide

  33. © JAMF Software, LLC
    Starting Internet Recovery.

    This may take a while.

    View Slide

  34. © JAMF Software, LLC
    Easy to forget…

    View Slide

  35. © JAMF Software, LLC
    Availability
    Apple Business Manager

    Apple School Manager

    View Slide

  36. © JAMF Software, LLC
    Countries
    69
    https://support.apple.com/en-us/HT207305
    Apple Business Manager Availability

    View Slide

  37. © JAMF Software, LLC
    Maintenance
    Off-boarding
    Deployment

    View Slide

  38. © JAMF Software, LLC
    Reality — What we see in practice
    Your return to service workflows

    View Slide

  39. © JAMF Software, LLC

    View Slide

  40. © JAMF Software, LLC

    View Slide

  41. © JAMF Software, LLC
    What do we want to achieve?

    View Slide

  42. © JAMF Software, LLC
    What do we want to achieve?
    We want to provide a user driven off-boarding

    which is supported by Apple.

    View Slide

  43. © JAMF Software, LLC
    Available Tools
    Community

    View Slide

  44. © JAMF Software, LLC
    Bill Smith 

    Jamf
    https://www.jamf.com/blog/reinstall-a-
    clean-macos-with-one-button/

    Reinstall with Self Service

    View Slide

  45. © JAMF Software, LLC
    Graham Pugh

    grahampugh
    Blogpost: https://grahamrpugh.com/
    2018/03/26/reinstall-macos-from-system-
    volume.html

    Github: https://github.com/grahampugh/
    erase-install
    Erase and reinstall macOS

    View Slide

  46. © JAMF Software, LLC
    Tim Perfitt

    Twocanoes Software
    https://twocanoes.com/products/mac/mac-
    deploy-stick/

    MDS - MacDeployStick

    View Slide

  47. © JAMF Software, LLC
    What we created
    Pro Warehouse

    View Slide

  48. © JAMF Software, LLC
    Based on
    startosinstall --eraseinstall --agreetolicense

    View Slide

  49. © JAMF Software, LLC
    Perspectives
    End-User Administrator Developer

    View Slide

  50. © JAMF Software, LLC
    End-User
    Command Line Tool
    UI Design

    View Slide

  51. © JAMF Software, LLC
    Human Interface
    Guidelines
    https://developer.apple.com/design/
    human-interface-guidelines/macos/
    overview/themes/
    End-User

    View Slide

  52. © JAMF Software, LLC
    Based on startosinstall --eraseinstall

    Logging

    Bring your own Installer

    Add packages to install

    pre-erase hooks

    Error Handling

    Validation checks

    • Installer app in any location

    • Find My

    • Internet connection
    Administrator

    View Slide

  53. © JAMF Software, LLC
    Start
    Application flow
    © JAMF Software, LLC

    View Slide

  54. © JAMF Software, LLC
    Start
    APFS &
    OS Version?
    No
    Minimum OS 10.13 Quit App
    No
    Yes
    Yes
    Application flow
    © JAMF Software, LLC

    View Slide

  55. © JAMF Software, LLC
    Developer

    View Slide

  56. © JAMF Software, LLC
    Shredder.app
    EraseInstall.app

    View Slide

  57. © JAMF Software, LLC

    View Slide

  58. © JAMF Software, LLC
    EraseInstall.app

    View Slide

  59. © JAMF Software, LLC
    +

    View Slide

  60. Fast forward 4x

    View Slide

  61. © JAMF Software, LLC
    About 7 minutes remaining

    View Slide

  62. © JAMF Software, LLC
    Native support
    startosinstall

    View Slide

  63. © JAMF Software, LLC
    startosinstall --usage
    --license

    prints the user license agreement only.
    --agreetolicense

    agree to the license you printed with --license.
    --rebootdelay

    how long to delay the reboot at the end of
    preparing. This delay is in seconds and has a
    maximum of 300 (5 minutes).
    --pidtosignal

    Specify a PID to which to send SIGUSR1 upon
    completion of the prepare phase. To bypass
    "rebootdelay" send SIGUSR1 back to startosinstall.
    --installpackage

    the path of a package (built with productbuild(1))
    to install after the OS installation is complete;
    this option can be specified multiple times.
    --eraseinstall 

    (Requires APFS) Erase all volumes and install to a
    new one. Optionally specify the name of the new
    volume with --newvolumename.
    --newvolumename

    the name of the volume to be created with --
    eraseinstall.
    --preservecontainer

    preserves other volumes in your APFS container
    when using --eraseinstall.
    --forcequitapps

    on restart applications are forcefully quit. 

    This is the default if no users are logged in.
    --usage

    prints this message.
    --agreetolicense

    agree to the license you printed with --license.
    --eraseinstall 

    (Requires APFS) Erase all volumes and install to a
    new one. Optionally specify the name of the new
    volume with --newvolumename.
    --installpackage

    the path of a package (built with productbuild(1))
    to install after the OS installation is complete;
    this option can be specified multiple times.

    View Slide

  64. © JAMF Software, LLC
    Add packages to install
    --installpackage

    the path of a package (built with productbuild(1))
    to install after the OS installation is complete;
    this option can be specified multiple times.
    productbuild --identifier com.myorg.uniqueid --version 1.0 \

    --package input_component.pkg output_distribution.pkg
    https://scriptingosx.com/2019/04/eraseinstall-update-version-1-2/

    View Slide

  65. © JAMF Software, LLC
    Maintenance
    Off-boarding
    Deployment

    View Slide

  66. © JAMF Software, LLC
    WiFi.mobileconfig
    postinstall
    QuickAdd.pkg
    Custom_QuickAdd.pkg

    View Slide

  67. © JAMF Software, LLC
    EraseInstall application will look for package installers (pkg) files

    /Library/Application Support/EraseInstall/Packages/

    View Slide

  68. © JAMF Software, LLC
    Maintenance
    Off-boarding
    Deployment
    Custom_QuickAdd.pkg

    View Slide

  69. © JAMF Software, LLC
    Better Feedback
    logging

    View Slide

  70. © JAMF Software, LLC
    Better Feedback
    ⌘ + L

    View Slide

  71. © JAMF Software, LLC
    Deployment
    Deploy with Jamf Pro

    View Slide

  72. © JAMF Software, LLC
    Erase & Install

    bitbucket.org
    https://bitbucket.org/prowarehouse-nl/
    erase-install/src/master/

    Download

    View Slide

  73. © JAMF Software, LLC
    Deploy Installer App
    VPP

    PKG with management system

    External Drive


    softwareupdate --fetch-full-installer --full-installer-version 10.15
    Available in macOS 10.15 Catalina

    View Slide

  74. © JAMF Software, LLC
    Preparations
    +

    View Slide

  75. © JAMF Software, LLC
    Preparations
    +
    +

    View Slide

  76. © JAMF Software, LLC
    About 7 minutes remaining

    View Slide

  77. © JAMF Software, LLC

    View Slide

  78. © JAMF Software, LLC
    Maintenance
    Off-boarding
    Deployment

    View Slide

  79. © JAMF Software, LLC
    YES there is

    View Slide

  80. © JAMF Software, LLC
    What is next….
    Not done yet….

    View Slide

  81. © JAMF Software, LLC
    Future plans
    Pre-erase hooks

    Manage EraseInstall workflow with profile

    Localization:

    ✓English

    ✓Dutch

    • ……we need help
    VERSION
    2.0

    View Slide

  82. © JAMF Software, LLC
    Customization
    +
    +

    View Slide

  83. © JAMF Software, LLC
    Customization
    +
    +
    +

    View Slide

  84. © JAMF Software, LLC
    Erase & Install

    bitbucket.org
    https://bitbucket.org/prowarehouse-nl/
    erase-install/src/master/

    Open Source
    Contribute!

    View Slide

  85. © JAMF Software, LLC
    MacAdmins on Slack
    Join us at #eraseinstall

    macadmins.org

    View Slide

  86. © JAMF Software, LLC
    scriptingosx.com/offboarding

    View Slide

  87. © JAMF Software, LLC
    Mischa van der Bent
    Chief Technical Officer

    275x275

    head shot
    mvdbent
    scriptingosx.com/offboarding

    View Slide

  88. THANK YOU!

    View Slide

  89. © JAMF Software, LLC
    Thank you for listening!
    Give us feedback by
    completing the 2-question
    session survey in the JNUC
    2019 app.

    View Slide