Tweet
Tweet

Slide 1

Slide 1 text

© JAMF Software, LLC MDM Not Working? Was It the Proxy? 10:15 - 11 AM UP NEXT

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

© JAMF Software, LLC Daniel MacLaughlin Implementation Engineer Jamf

Slide 4

Slide 4 text

© JAMF Software, LLC MDM Not Working? Was It the Proxy? Presentation agenda: What do we mean when we say “Proxy” Different “Proxy” configurations How does it impact MDM and Apple Who’s Security is better? Troubleshooting, Takeaways and Q’s maybe A’s

Slide 5

Slide 5 text

© JAMF Software, LLC Image or video dimensions 1080 px 525 px Whats in a Name?

Slide 6

Slide 6 text

© JAMF Software, LLC Alice isn’t talking to Bob directly. Bob doesn’t see a request from Alice. The Proxy is acting like a relay. Proxy in a Tech Sense

Slide 7

Slide 7 text

© JAMF Software, LLC Proxies and Apple

Slide 8

Slide 8 text

© JAMF Software, LLC Proxies and Apple

Slide 9

Slide 9 text

© JAMF Software, LLC Proxies and Apple

Slide 10

Slide 10 text

© JAMF Software, LLC Proxies and Apple

Slide 11

Slide 11 text

© JAMF Software, LLC So What’s the Problem? Did we miss something? Why are there options? Is it or Isn’t it Supported?

Slide 12

Slide 12 text

© JAMF Software, LLC It’s Always the Proxy Well there is something Its called SSL inspection It’s not supported!

Slide 13

Slide 13 text

© JAMF Software, LLC It’s Always the Proxy

Slide 14

Slide 14 text

© JAMF Software, LLC Proxies and Apple

Slide 15

Slide 15 text

© JAMF Software, LLC

Slide 16

Slide 16 text

© JAMF Software, LLC Image or video dimensions 1080 px 525 px 5223

Slide 17

Slide 17 text

© JAMF Software, LLC Image or video dimensions 1080 px 525 px

Slide 18

Slide 18 text

© JAMF Software, LLC Image or video dimensions 1080 px 525 px

Slide 19

Slide 19 text

© JAMF Software, LLC Image or video dimensions 1080 px 525 px https://www.apple.com

Slide 20

Slide 20 text

© JAMF Software, LLC Image or video dimensions 1080 px 525 px

Slide 21

Slide 21 text

© JAMF Software, LLC Proxies and Apple

Slide 22

Slide 22 text

© JAMF Software, LLC Proxies and Apple

Slide 23

Slide 23 text

© JAMF Software, LLC Proxies and Apple

Slide 24

Slide 24 text

© JAMF Software, LLC Proxies and Apple

Slide 25

Slide 25 text

© JAMF Software, LLC

Slide 26

Slide 26 text

© JAMF Software, LLC Proxies and Apple

Slide 27

Slide 27 text

© JAMF Software, LLC Max image dimensions Proxies and Apple Ok Network admin has whitelisted Apple to bypass SSL inspection Why is it still not working? Is it always the proxy?

Slide 28

Slide 28 text

© JAMF Software, LLC

Slide 29

Slide 29 text

© JAMF Software, LLC Proxies and MDM What about the MDM My Server is On-Prem Will I still have issues?

Slide 30

Slide 30 text

© JAMF Software, LLC Proxies and MDM

Slide 31

Slide 31 text

© JAMF Software, LLC Proxies and MDM

Slide 32

Slide 32 text

© JAMF Software, LLC Proxies and MDM

Slide 33

Slide 33 text

© JAMF Software, LLC Certificate Security OCSP Stapling Cert Trust Anchors

Slide 34

Slide 34 text

© JAMF Software, LLC More Certificate Security Transparent Proxies Explicit Proxies There’s this thing called TLS 1.3 and SNI or ESNI

Slide 35

Slide 35 text

© JAMF Software, LLC Prove its the Proxy You have to get some logs Packet captures Even from the proxy server

Slide 36

Slide 36 text

© JAMF Software, LLC For macOS we can use 3rd party tools like: Charles Proxy and WireShark Local Tools tcpdump For iOS: Apple Configurator 2 WireShark using rvictl tcpdump using rvictl Getting Packet Captures

Slide 37

Slide 37 text

© JAMF Software, LLC What are we looking for

Slide 38

Slide 38 text

© JAMF Software, LLC What are we looking for

Slide 39

Slide 39 text

© JAMF Software, LLC Takeaways • Don’t use manual settings • Do use explicit over transparent • Some URLS just gotta be un-authed • Don’t inspect SSL

Slide 40

Slide 40 text

© JAMF Software, LLC Not Getting Push: https://support.apple.com/en-us/HT203609 Use Apple on Enterprise Networks: https://support.apple.com/en-us/HT210060 Getting Started with ABM or ASM with MDM: https://support.apple.com/en-us/HT207516 Enterprise Firewall for WNS: https://docs.microsoft.com/en-au/windows/uwp/design/shell/ tiles-and-notifications/firewall-allowlist-config Links

Slide 41

Slide 41 text

© JAMF Software, LLC Network Ports used by Jamf Pro https://www.jamf.com/jamf-nation/articles/34 Configuring the JSS to use an HTTP Proxy Server https://jamf.com/jamf-nation/articles/379 Recording a Packet Trace https://developer.apple.com/documentation/network/ recording_a_packet_trace Third Party Network Tools https://developer.apple.com/documentation/network/ taking_advantage_of_third-party_network_debugging_tools Links

Slide 42

Slide 42 text

© JAMF Software, LLC Q & A

Slide 43

Slide 43 text

© JAMF Software, LLC Thank you

Slide 44

Slide 44 text

© JAMF Software, LLC Thank you for listening! Give us feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT What’s in the Blue Bin? Recycled Malware 11:30 AM