© JAMF Software, LLC Off-boarding in a Modern Deployment 4:00 - 4:45 PM UP NEXT

No content

© JAMF Software, LLC Mischa van der Bent Chief Technical Officer 275x275 head shot

© JAMF Software, LLC Off-boarding in a Modern Deployment

© JAMF Software, LLC scriptingosx.com/offboarding

© JAMF Software, LLC YES and NO!

© JAMF Software, LLC Let me explain…

© JAMF Software, LLC Deployment: User Perspective 1. Open box 2. Power on MacBook 3. There is no step 3 ❤IT

© JAMF Software, LLC Deployment: User Perspective Leverage out-of-box experience

© JAMF Software, LLC Deployment: User Perspective Empower users to setup their devices

© JAMF Software, LLC Deployment: Admin Perspective Zero-touch effort for IT Streamline setup assistant for users Automatically enroll Deliver important apps and policies 
 during and after enrollment

© JAMF Software, LLC Keep applications up to date Address emerging security concerns Support multiple generations of hardware Prompt to download and 
 install updates through MDM Ongoing Maintenance

© JAMF Software, LLC Off-boarding Reset to factory defaults Remove MDM Framework/License Securely Wipe User Data

© JAMF Software, LLC Off-boarding: User Data Securely Wipe User Data General Data Protection Regulation (GDPR) Responsibility: User or IT??

© JAMF Software, LLC Maintenance Off-boarding Deployment

© JAMF Software, LLC What is Apple providing?

© JAMF Software, LLC iOS, iPadOS 
 and tvOS

© JAMF Software, LLC Quickly erase device from Settings All user data is securely removed Option can be restricted on 
 supervised devices Remote wipe MDM command User Driven Erase All Contents and Settings

© JAMF Software, LLC Apple Provisioning Utility Apple Configurator 2 GroundControl Jamf Reset Other Solutions TM

© JAMF Software, LLC macOS

© JAMF Software, LLC macOS Recovery Option-⌘-R Upgrade to the latest macOS that is compatible with your Mac. Shift-Option-⌘-R Install the macOS that came with your Mac, or the closest version still available. Command (⌘)-R Install the latest macOS that was installed on your Mac. Internet Recovery

© JAMF Software, LLC Installer App

© JAMF Software, LLC Installer App Manual Upgrade Create External Install Media Command Line Tool 
 /Applications/Install macOS Catalina.app/Contents/Resources/startosinstall

© JAMF Software, LLC Automated upgrade Automate with 
 startosinstall Requires Mac that supports Catalina 
 and is running at least OS X 10.9

© JAMF Software, LLC Automated Erase and Install Automate with 
 startosinstall --eraseinstall Requires APFS and installer 10.13.4+ No built-in UI option

© JAMF Software, LLC What if….. Erase All Content and Settings

© JAMF Software, LLC Erase All Contents and Settings Quickly erase device from 
 System Preferences All user data is securely removed Option can be restricted on 
 supervised devices Remote wipe MDM command User Driven Erase All Content and Settings This doesn’t exist..YET!! ??????????

© JAMF Software, LLC Same workflow across all devices

© JAMF Software, LLC Reconsider Your off-boarding workflows with Catalina

© JAMF Software, LLC Apple is tightening security

© JAMF Software, LLC Security changes in Catalina + macOS Recovery

© JAMF Software, LLC

© JAMF Software, LLC Starting Internet Recovery. This may take a while.

© JAMF Software, LLC Easy to forget…

© JAMF Software, LLC Availability Apple Business Manager Apple School Manager

© JAMF Software, LLC Countries 69 https://support.apple.com/en-us/HT207305 Apple Business Manager Availability

© JAMF Software, LLC Maintenance Off-boarding Deployment

© JAMF Software, LLC Reality — What we see in practice Your return to service workflows

© JAMF Software, LLC

© JAMF Software, LLC

© JAMF Software, LLC What do we want to achieve?

© JAMF Software, LLC What do we want to achieve? We want to provide a user driven off-boarding which is supported by Apple.

© JAMF Software, LLC Available Tools Community

© JAMF Software, LLC Bill Smith 
 Jamf https://www.jamf.com/blog/reinstall-a- clean-macos-with-one-button/ Reinstall with Self Service

© JAMF Software, LLC Graham Pugh
 grahampugh Blogpost: https://grahamrpugh.com/ 2018/03/26/reinstall-macos-from-system- volume.html Github: https://github.com/grahampugh/ erase-install Erase and reinstall macOS

© JAMF Software, LLC Tim Perfitt
 Twocanoes Software https://twocanoes.com/products/mac/mac- deploy-stick/ MDS - MacDeployStick

© JAMF Software, LLC What we created Pro Warehouse

© JAMF Software, LLC Based on startosinstall --eraseinstall --agreetolicense

© JAMF Software, LLC Perspectives End-User Administrator Developer

© JAMF Software, LLC End-User Command Line Tool UI Design

© JAMF Software, LLC Human Interface Guidelines https://developer.apple.com/design/ human-interface-guidelines/macos/ overview/themes/ End-User

© JAMF Software, LLC Based on startosinstall --eraseinstall Logging Bring your own Installer Add packages to install pre-erase hooks Error Handling Validation checks • Installer app in any location • Find My • Internet connection Administrator

© JAMF Software, LLC Start Application flow © JAMF Software, LLC

© JAMF Software, LLC Start APFS & OS Version? No Minimum OS 10.13 Quit App No Yes Yes Application flow © JAMF Software, LLC

© JAMF Software, LLC Developer

© JAMF Software, LLC Shredder.app EraseInstall.app

© JAMF Software, LLC

© JAMF Software, LLC EraseInstall.app

© JAMF Software, LLC +

Fast forward 4x

© JAMF Software, LLC About 7 minutes remaining

© JAMF Software, LLC Native support startosinstall

© JAMF Software, LLC startosinstall --usage --license
 prints the user license agreement only. --agreetolicense
 agree to the license you printed with --license. --rebootdelay
 how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes). --pidtosignal
 Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass "rebootdelay" send SIGUSR1 back to startosinstall. --installpackage
 the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times. --eraseinstall 
 (Requires APFS) Erase all volumes and install to a new one. Optionally specify the name of the new volume with --newvolumename. --newvolumename
 the name of the volume to be created with -- eraseinstall. --preservecontainer
 preserves other volumes in your APFS container when using --eraseinstall. --forcequitapps
 on restart applications are forcefully quit. 
 This is the default if no users are logged in. --usage
 prints this message. --agreetolicense
 agree to the license you printed with --license. --eraseinstall 
 (Requires APFS) Erase all volumes and install to a new one. Optionally specify the name of the new volume with --newvolumename. --installpackage
 the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times.

© JAMF Software, LLC Add packages to install --installpackage
 the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times. productbuild --identifier com.myorg.uniqueid --version 1.0 \
 --package input_component.pkg output_distribution.pkg https://scriptingosx.com/2019/04/eraseinstall-update-version-1-2/

© JAMF Software, LLC Maintenance Off-boarding Deployment

© JAMF Software, LLC WiFi.mobileconfig postinstall QuickAdd.pkg Custom_QuickAdd.pkg

© JAMF Software, LLC EraseInstall application will look for package installers (pkg) files /Library/Application Support/EraseInstall/Packages/

© JAMF Software, LLC Maintenance Off-boarding Deployment Custom_QuickAdd.pkg

© JAMF Software, LLC Better Feedback logging

© JAMF Software, LLC Better Feedback ⌘ + L

© JAMF Software, LLC Deployment Deploy with Jamf Pro

© JAMF Software, LLC Erase & Install
 bitbucket.org https://bitbucket.org/prowarehouse-nl/ erase-install/src/master/ Download

© JAMF Software, LLC Deploy Installer App VPP PKG with management system External Drive 
 softwareupdate --fetch-full-installer --full-installer-version 10.15 Available in macOS 10.15 Catalina

© JAMF Software, LLC Preparations +

© JAMF Software, LLC Preparations + +

© JAMF Software, LLC About 7 minutes remaining

© JAMF Software, LLC

© JAMF Software, LLC Maintenance Off-boarding Deployment

© JAMF Software, LLC YES there is

© JAMF Software, LLC What is next…. Not done yet….

© JAMF Software, LLC Future plans Pre-erase hooks Manage EraseInstall workflow with profile Localization: ✓English ✓Dutch • ……we need help VERSION 2.0

© JAMF Software, LLC Customization + +

© JAMF Software, LLC Customization + + +

© JAMF Software, LLC Erase & Install
 bitbucket.org https://bitbucket.org/prowarehouse-nl/ erase-install/src/master/ Open Source Contribute!

© JAMF Software, LLC MacAdmins on Slack Join us at #eraseinstall macadmins.org

© JAMF Software, LLC scriptingosx.com/offboarding

© JAMF Software, LLC Mischa van der Bent Chief Technical Officer 275x275 head shot mvdbent scriptingosx.com/offboarding

THANK YOU!

© JAMF Software, LLC Thank you for listening! Give us feedback by completing the 2-question session survey in the JNUC 2019 app.