Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Off-boarding in a Modern Deployment

Avatar for Jamf Jamf
November 13, 2019
0
560

Off-boarding in a Modern Deployment

Avatar for Jamf

Jamf

November 13, 2019
Tweet

More Decks by Jamf

See All by Jamf
MDM for Everyone
Avatar for Jamf jamf
0
120
Sharing Control to Improve Process and Relationships
Avatar for Jamf jamf
0
61
Roll Your Own Configuration Profiles
Avatar for Jamf jamf
0
440
Teaching the Teacher: Leveraging Jamf and Apple Resources for Professional Development with iPad
Avatar for Jamf jamf
0
90
Jamf@SAP: Journey to 100,000 Mobile Devices
Avatar for Jamf jamf
0
240
What's in the Blue Bin: Recycled Malware
Avatar for Jamf jamf
0
260
Who's Afraid of the Command Line
Avatar for Jamf jamf
0
280
Your Internal Beta Test Program: Opt-in/Opt-out via Self Service
Avatar for Jamf jamf
0
150
Our Secret Tool to Becoming a 1-to-2 Device School
Avatar for Jamf jamf
0
32

Featured

See All Featured
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
53
11k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
47
5.4k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.3k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
71
4.8k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
3.8k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
798
220k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.3k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
70k

Transcript

  1. © JAMF Software, LLC Off-boarding in a Modern Deployment 4:00

    - 4:45 PM UP NEXT
  2. None

  3. © JAMF Software, LLC Mischa van der Bent Chief Technical

    Officer 275x275 head shot

  4. © JAMF Software, LLC Off-boarding in a Modern Deployment

  5. © JAMF Software, LLC scriptingosx.com/offboarding

  6. © JAMF Software, LLC YES and NO!

  7. © JAMF Software, LLC Let me explain…

  8. © JAMF Software, LLC Deployment: User Perspective 1. Open box

    2. Power on MacBook 3. There is no step 3 ❤IT

  9. © JAMF Software, LLC Deployment: User Perspective Leverage out-of-box experience

  10. © JAMF Software, LLC Deployment: User Perspective Empower users to

    setup their devices

  11. © JAMF Software, LLC Deployment: Admin Perspective Zero-touch effort for

    IT Streamline setup assistant for users Automatically enroll Deliver important apps and policies 
 during and after enrollment

  12. © JAMF Software, LLC Keep applications up to date Address

    emerging security concerns Support multiple generations of hardware Prompt to download and 
 install updates through MDM Ongoing Maintenance

  13. © JAMF Software, LLC Off-boarding Reset to factory defaults Remove

    MDM Framework/License Securely Wipe User Data

  14. © JAMF Software, LLC Off-boarding: User Data Securely Wipe User

    Data General Data Protection Regulation (GDPR) Responsibility: User or IT??

  15. © JAMF Software, LLC Maintenance Off-boarding Deployment

  16. © JAMF Software, LLC What is Apple providing?

  17. © JAMF Software, LLC iOS, iPadOS 
 and tvOS

  18. © JAMF Software, LLC Quickly erase device from Settings All

    user data is securely removed Option can be restricted on 
 supervised devices Remote wipe MDM command User Driven Erase All Contents and Settings

  19. © JAMF Software, LLC Apple Provisioning Utility Apple Configurator 2

    GroundControl Jamf Reset Other Solutions TM

  20. © JAMF Software, LLC macOS

  21. © JAMF Software, LLC macOS Recovery Option-⌘-R Upgrade to the

    latest macOS that is compatible with your Mac. Shift-Option-⌘-R Install the macOS that came with your Mac, or the closest version still available. Command (⌘)-R Install the latest macOS that was installed on your Mac. Internet Recovery

  22. © JAMF Software, LLC Installer App

  23. © JAMF Software, LLC Installer App Manual Upgrade Create External

    Install Media Command Line Tool 
 /Applications/Install macOS Catalina.app/Contents/Resources/startosinstall

  24. © JAMF Software, LLC Automated upgrade Automate with 
 startosinstall

    Requires Mac that supports Catalina 
 and is running at least OS X 10.9

  25. © JAMF Software, LLC Automated Erase and Install Automate with

    
 startosinstall --eraseinstall Requires APFS and installer 10.13.4+ No built-in UI option

  26. © JAMF Software, LLC What if….. Erase All Content and

    Settings

  27. © JAMF Software, LLC Erase All Contents and Settings Quickly

    erase device from 
 System Preferences All user data is securely removed Option can be restricted on 
 supervised devices Remote wipe MDM command User Driven Erase All Content and Settings This doesn’t exist..YET!! ??????????

  28. © JAMF Software, LLC Same workflow across all devices

  29. © JAMF Software, LLC Reconsider Your off-boarding workflows with Catalina

  30. © JAMF Software, LLC Apple is tightening security

  31. © JAMF Software, LLC Security changes in Catalina + macOS

    Recovery

  32. © JAMF Software, LLC

  33. © JAMF Software, LLC Starting Internet Recovery. This may take

    a while.

  34. © JAMF Software, LLC Easy to forget…

  35. © JAMF Software, LLC Availability Apple Business Manager Apple School

    Manager

  36. © JAMF Software, LLC Countries 69 https://support.apple.com/en-us/HT207305 Apple Business Manager

    Availability

  37. © JAMF Software, LLC Maintenance Off-boarding Deployment

  38. © JAMF Software, LLC Reality — What we see in

    practice Your return to service workflows

  39. © JAMF Software, LLC

  40. © JAMF Software, LLC

  41. © JAMF Software, LLC What do we want to achieve?

  42. © JAMF Software, LLC What do we want to achieve?

    We want to provide a user driven off-boarding which is supported by Apple.

  43. © JAMF Software, LLC Available Tools Community

  44. © JAMF Software, LLC Bill Smith 
 Jamf https://www.jamf.com/blog/reinstall-a- clean-macos-with-one-button/

    Reinstall with Self Service

  45. © JAMF Software, LLC Graham Pugh
 grahampugh Blogpost: https://grahamrpugh.com/ 2018/03/26/reinstall-macos-from-system-

    volume.html Github: https://github.com/grahampugh/ erase-install Erase and reinstall macOS

  46. © JAMF Software, LLC Tim Perfitt
 Twocanoes Software https://twocanoes.com/products/mac/mac- deploy-stick/

    MDS - MacDeployStick

  47. © JAMF Software, LLC What we created Pro Warehouse

  48. © JAMF Software, LLC Based on startosinstall --eraseinstall --agreetolicense

  49. © JAMF Software, LLC Perspectives End-User Administrator Developer

  50. © JAMF Software, LLC End-User Command Line Tool UI Design

  51. © JAMF Software, LLC Human Interface Guidelines https://developer.apple.com/design/ human-interface-guidelines/macos/ overview/themes/

    End-User

  52. © JAMF Software, LLC Based on startosinstall --eraseinstall Logging Bring

    your own Installer Add packages to install pre-erase hooks Error Handling Validation checks • Installer app in any location • Find My • Internet connection Administrator

  53. © JAMF Software, LLC Start Application flow © JAMF Software,

    LLC

  54. © JAMF Software, LLC Start APFS & OS Version? No

    Minimum OS 10.13 Quit App No Yes Yes Application flow © JAMF Software, LLC

  55. © JAMF Software, LLC Developer

  56. © JAMF Software, LLC Shredder.app EraseInstall.app

  57. © JAMF Software, LLC

  58. © JAMF Software, LLC EraseInstall.app

  59. © JAMF Software, LLC +

  60. Fast forward 4x

  61. © JAMF Software, LLC About 7 minutes remaining

  62. © JAMF Software, LLC Native support startosinstall

  63. © JAMF Software, LLC startosinstall --usage --license
 prints the user

    license agreement only. --agreetolicense
 agree to the license you printed with --license. --rebootdelay
 how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes). --pidtosignal
 Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass "rebootdelay" send SIGUSR1 back to startosinstall. --installpackage
 the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times. --eraseinstall 
 (Requires APFS) Erase all volumes and install to a new one. Optionally specify the name of the new volume with --newvolumename. --newvolumename
 the name of the volume to be created with -- eraseinstall. --preservecontainer
 preserves other volumes in your APFS container when using --eraseinstall. --forcequitapps
 on restart applications are forcefully quit. 
 This is the default if no users are logged in. --usage
 prints this message. --agreetolicense
 agree to the license you printed with --license. --eraseinstall 
 (Requires APFS) Erase all volumes and install to a new one. Optionally specify the name of the new volume with --newvolumename. --installpackage
 the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times.

  64. © JAMF Software, LLC Add packages to install --installpackage
 the

    path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times. productbuild --identifier com.myorg.uniqueid --version 1.0 \
 --package input_component.pkg output_distribution.pkg https://scriptingosx.com/2019/04/eraseinstall-update-version-1-2/

  65. © JAMF Software, LLC Maintenance Off-boarding Deployment

  66. © JAMF Software, LLC WiFi.mobileconfig postinstall QuickAdd.pkg Custom_QuickAdd.pkg

  67. © JAMF Software, LLC EraseInstall application will look for package

    installers (pkg) files /Library/Application Support/EraseInstall/Packages/

  68. © JAMF Software, LLC Maintenance Off-boarding Deployment Custom_QuickAdd.pkg

  69. © JAMF Software, LLC Better Feedback logging

  70. © JAMF Software, LLC Better Feedback ⌘ + L

  71. © JAMF Software, LLC Deployment Deploy with Jamf Pro

  72. © JAMF Software, LLC Erase & Install
 bitbucket.org https://bitbucket.org/prowarehouse-nl/ erase-install/src/master/

    Download

  73. © JAMF Software, LLC Deploy Installer App VPP PKG with

    management system External Drive 
 softwareupdate --fetch-full-installer --full-installer-version 10.15 Available in macOS 10.15 Catalina

  74. © JAMF Software, LLC Preparations +

  75. © JAMF Software, LLC Preparations + +

  76. © JAMF Software, LLC About 7 minutes remaining

  77. © JAMF Software, LLC

  78. © JAMF Software, LLC Maintenance Off-boarding Deployment

  79. © JAMF Software, LLC YES there is

  80. © JAMF Software, LLC What is next…. Not done yet….

  81. © JAMF Software, LLC Future plans Pre-erase hooks Manage EraseInstall

    workflow with profile Localization: ✓English ✓Dutch • ……we need help VERSION 2.0

  82. © JAMF Software, LLC Customization + +

  83. © JAMF Software, LLC Customization + + +

  84. © JAMF Software, LLC Erase & Install
 bitbucket.org https://bitbucket.org/prowarehouse-nl/ erase-install/src/master/

    Open Source Contribute!

  85. © JAMF Software, LLC MacAdmins on Slack Join us at

    #eraseinstall macadmins.org

  86. © JAMF Software, LLC scriptingosx.com/offboarding

  87. © JAMF Software, LLC Mischa van der Bent Chief Technical

    Officer 275x275 head shot mvdbent scriptingosx.com/offboarding

  88. THANK YOU!

  89. © JAMF Software, LLC Thank you for listening! Give us

    feedback by completing the 2-question session survey in the JNUC 2019 app.