Off-boarding in a Modern Deployment

Transcript

1. © JAMF Software, LLC Off-boarding in a Modern Deployment 4:00

   - 4:45 PM UP NEXT
2. None

3. © JAMF Software, LLC Mischa van der Bent Chief Technical

   Officer 275x275 head shot

4. © JAMF Software, LLC Off-boarding in a Modern Deployment

5. © JAMF Software, LLC scriptingosx.com/offboarding

6. © JAMF Software, LLC YES and NO!

7. © JAMF Software, LLC Let me explain…

8. © JAMF Software, LLC Deployment: User Perspective 1. Open box

   2. Power on MacBook 3. There is no step 3 ❤IT

9. © JAMF Software, LLC Deployment: User Perspective Leverage out-of-box experience

10. © JAMF Software, LLC Deployment: User Perspective Empower users to

    setup their devices

11. © JAMF Software, LLC Deployment: Admin Perspective Zero-touch effort for

    IT Streamline setup assistant for users Automatically enroll Deliver important apps and policies 
 during and after enrollment

12. © JAMF Software, LLC Keep applications up to date Address

    emerging security concerns Support multiple generations of hardware Prompt to download and 
 install updates through MDM Ongoing Maintenance

13. © JAMF Software, LLC Off-boarding Reset to factory defaults Remove

    MDM Framework/License Securely Wipe User Data

14. © JAMF Software, LLC Off-boarding: User Data Securely Wipe User

    Data General Data Protection Regulation (GDPR) Responsibility: User or IT??

15. © JAMF Software, LLC Maintenance Off-boarding Deployment

16. © JAMF Software, LLC What is Apple providing?

17. © JAMF Software, LLC iOS, iPadOS 
 and tvOS

18. © JAMF Software, LLC Quickly erase device from Settings All

    user data is securely removed Option can be restricted on 
 supervised devices Remote wipe MDM command User Driven Erase All Contents and Settings

19. © JAMF Software, LLC Apple Provisioning Utility Apple Configurator 2

    GroundControl Jamf Reset Other Solutions TM

20. © JAMF Software, LLC macOS

21. © JAMF Software, LLC macOS Recovery Option-⌘-R Upgrade to the

    latest macOS that is compatible with your Mac. Shift-Option-⌘-R Install the macOS that came with your Mac, or the closest version still available. Command (⌘)-R Install the latest macOS that was installed on your Mac. Internet Recovery

22. © JAMF Software, LLC Installer App

23. © JAMF Software, LLC Installer App Manual Upgrade Create External

    Install Media Command Line Tool 
 /Applications/Install macOS Catalina.app/Contents/Resources/startosinstall

24. © JAMF Software, LLC Automated upgrade Automate with 
 startosinstall

    Requires Mac that supports Catalina 
 and is running at least OS X 10.9

25. © JAMF Software, LLC Automated Erase and Install Automate with

    
 startosinstall --eraseinstall Requires APFS and installer 10.13.4+ No built-in UI option

26. © JAMF Software, LLC What if….. Erase All Content and

    Settings

27. © JAMF Software, LLC Erase All Contents and Settings Quickly

    erase device from 
 System Preferences All user data is securely removed Option can be restricted on 
 supervised devices Remote wipe MDM command User Driven Erase All Content and Settings This doesn’t exist..YET!! ??????????

28. © JAMF Software, LLC Same workflow across all devices

29. © JAMF Software, LLC Reconsider Your off-boarding workflows with Catalina

30. © JAMF Software, LLC Apple is tightening security

31. © JAMF Software, LLC Security changes in Catalina + macOS

    Recovery

32. © JAMF Software, LLC

33. © JAMF Software, LLC Starting Internet Recovery. This may take

    a while.

34. © JAMF Software, LLC Easy to forget…

35. © JAMF Software, LLC Availability Apple Business Manager Apple School

    Manager

36. © JAMF Software, LLC Countries 69 https://support.apple.com/en-us/HT207305 Apple Business Manager

    Availability

37. © JAMF Software, LLC Maintenance Off-boarding Deployment

38. © JAMF Software, LLC Reality — What we see in

    practice Your return to service workflows

39. © JAMF Software, LLC

40. © JAMF Software, LLC

41. © JAMF Software, LLC What do we want to achieve?

42. © JAMF Software, LLC What do we want to achieve?

    We want to provide a user driven off-boarding which is supported by Apple.

43. © JAMF Software, LLC Available Tools Community

44. © JAMF Software, LLC Bill Smith 
 Jamf https://www.jamf.com/blog/reinstall-a- clean-macos-with-one-button/

    Reinstall with Self Service

45. © JAMF Software, LLC Graham Pugh
 grahampugh Blogpost: https://grahamrpugh.com/ 2018/03/26/reinstall-macos-from-system-

    volume.html Github: https://github.com/grahampugh/ erase-install Erase and reinstall macOS

46. © JAMF Software, LLC Tim Perfitt
 Twocanoes Software https://twocanoes.com/products/mac/mac- deploy-stick/

    MDS - MacDeployStick

47. © JAMF Software, LLC What we created Pro Warehouse

48. © JAMF Software, LLC Based on startosinstall --eraseinstall --agreetolicense

49. © JAMF Software, LLC Perspectives End-User Administrator Developer

50. © JAMF Software, LLC End-User Command Line Tool UI Design

51. © JAMF Software, LLC Human Interface Guidelines https://developer.apple.com/design/ human-interface-guidelines/macos/ overview/themes/

    End-User

52. © JAMF Software, LLC Based on startosinstall --eraseinstall Logging Bring

    your own Installer Add packages to install pre-erase hooks Error Handling Validation checks • Installer app in any location • Find My • Internet connection Administrator

53. © JAMF Software, LLC Start Application flow © JAMF Software,

    LLC

54. © JAMF Software, LLC Start APFS & OS Version? No

    Minimum OS 10.13 Quit App No Yes Yes Application flow © JAMF Software, LLC

55. © JAMF Software, LLC Developer

56. © JAMF Software, LLC Shredder.app EraseInstall.app

57. © JAMF Software, LLC

58. © JAMF Software, LLC EraseInstall.app

59. © JAMF Software, LLC +

60. Fast forward 4x

61. © JAMF Software, LLC About 7 minutes remaining

62. © JAMF Software, LLC Native support startosinstall

63. © JAMF Software, LLC startosinstall --usage --license
 prints the user

    license agreement only. --agreetolicense
 agree to the license you printed with --license. --rebootdelay
 how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes). --pidtosignal
 Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass "rebootdelay" send SIGUSR1 back to startosinstall. --installpackage
 the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times. --eraseinstall 
 (Requires APFS) Erase all volumes and install to a new one. Optionally specify the name of the new volume with --newvolumename. --newvolumename
 the name of the volume to be created with -- eraseinstall. --preservecontainer
 preserves other volumes in your APFS container when using --eraseinstall. --forcequitapps
 on restart applications are forcefully quit. 
 This is the default if no users are logged in. --usage
 prints this message. --agreetolicense
 agree to the license you printed with --license. --eraseinstall 
 (Requires APFS) Erase all volumes and install to a new one. Optionally specify the name of the new volume with --newvolumename. --installpackage
 the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times.

64. © JAMF Software, LLC Add packages to install --installpackage
 the

    path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times. productbuild --identifier com.myorg.uniqueid --version 1.0 \
 --package input_component.pkg output_distribution.pkg https://scriptingosx.com/2019/04/eraseinstall-update-version-1-2/

65. © JAMF Software, LLC Maintenance Off-boarding Deployment

66. © JAMF Software, LLC WiFi.mobileconfig postinstall QuickAdd.pkg Custom_QuickAdd.pkg

67. © JAMF Software, LLC EraseInstall application will look for package

    installers (pkg) files /Library/Application Support/EraseInstall/Packages/

68. © JAMF Software, LLC Maintenance Off-boarding Deployment Custom_QuickAdd.pkg

69. © JAMF Software, LLC Better Feedback logging

70. © JAMF Software, LLC Better Feedback ⌘ + L

71. © JAMF Software, LLC Deployment Deploy with Jamf Pro

72. © JAMF Software, LLC Erase & Install
 bitbucket.org https://bitbucket.org/prowarehouse-nl/ erase-install/src/master/

    Download

73. © JAMF Software, LLC Deploy Installer App VPP PKG with

    management system External Drive 
 softwareupdate --fetch-full-installer --full-installer-version 10.15 Available in macOS 10.15 Catalina

74. © JAMF Software, LLC Preparations +

75. © JAMF Software, LLC Preparations + +

76. © JAMF Software, LLC About 7 minutes remaining

77. © JAMF Software, LLC

78. © JAMF Software, LLC Maintenance Off-boarding Deployment

79. © JAMF Software, LLC YES there is

80. © JAMF Software, LLC What is next…. Not done yet….

81. © JAMF Software, LLC Future plans Pre-erase hooks Manage EraseInstall

    workflow with profile Localization: ✓English ✓Dutch • ……we need help VERSION 2.0

82. © JAMF Software, LLC Customization + +

83. © JAMF Software, LLC Customization + + +

84. © JAMF Software, LLC Erase & Install
 bitbucket.org https://bitbucket.org/prowarehouse-nl/ erase-install/src/master/

    Open Source Contribute!

85. © JAMF Software, LLC MacAdmins on Slack Join us at

    #eraseinstall macadmins.org

86. © JAMF Software, LLC scriptingosx.com/offboarding

87. © JAMF Software, LLC Mischa van der Bent Chief Technical

    Officer 275x275 head shot mvdbent scriptingosx.com/offboarding

88. THANK YOU!

89. © JAMF Software, LLC Thank you for listening! Give us

    feedback by completing the 2-question session survey in the JNUC 2019 app.