My IT Notes
Poorly written notes on various workflows I come across as a consultant. My focus is Jamf management, macOS & iOS deployment and device security, Meraki networking, and Google Workspaces. I’m an Installomator maintainer and you can find me on macadmins Slack: @Isaac or get some of my professional time @ mann.com.
Fixing MDM Communications With Apple Business Manager Migration
Introduced in macOS 26 Apple Business Manager (ABM) supports migrating devices from one MDM to another. One unintended feature of this is the ability to use the migration to repair broken MDM communications, including mismatched APNs topics with expired MDM profiles. This saves IT from performing a device erase or going into recovery mode. This…
Keep readingJamf MSP Co-Management With Jamf Account
MSPs who provide co-managed services with customers using Jamf products face interesting dilemmas when it comes to implementing SSO: Luckily Jamf’s recent implementation of Jamf Account SSO solves these challenges! This post will go over the steps to properly set this up co-management to solve these issues and grant both the MSP and customer access…
Keep readingJamf Account Group Authorization in Jamf Pro with Okta
With the release of Jamf Pro 11.15 Jamf has been forcing customers to enable Jamf Account OIDC for authentication to use new features. In the default OIDC configuration each admin needs to be manually provisioned in Jamf Pro. As an MSP this is a difficult change to implement when you have to manage multiple consultants…
Keep readingDetails button not working in Jamf Pro policy logs
Starting with the 11.13 update Jamf Pro administrators have reported that the details button in policy logs isn’t working as intended. Instead of showing the details of the policy clicking this button no longer does anything. This can make troubleshooting policy errors difficult. Fortunately after some discussions on Mac Admins Slack https://www.macadmins.org it’s been identified…
Keep readingMajor macOS deferrals may rollback security fixes
Apple provides the ability to defer major macOS upgrades to prevent early adoption of major OS versions on managed devices. Having a major deferral in place that’s longer than an existing minor deferral may leave computers with an immediately pending macOS update after a macOS Upgrade, which could cause computers to rollback already applied security…
Keep readingUndocumented change in Jamf Pro 11.11 limits policy logs
In Jamf’s November 2024 Jamf Pro 11.11 update Jamf silently added in a 25 KB limit to policy log output. This will limit the your ability to troubleshoot scripts that fail to run with an output more than 25 KB. Jamf support notes that this is to prevent “server degradation”. There is no public documentation…
Keep readingHow to run unsigned apps in macOS 15.1
Apple uses code signatures to verify app are created by a specific developer and haven’t been tampered with. This is done through Apple’s Gatekeeper process which blocks execution of known bad code or code with no signature at all. In versions of macOS prior to 15.1 you bypass this block by going to System Settings…
Keep reading
Tricking require an admin password to access system-wide settings
Summary macOS has a setting under System Settings > Security and Privacy > Advanced called “Require an administrator password to access system-wide settings” (I’m going to call it “require admin setting” from here out). The help section describes this option as “Prevent users from changing locked system settings without an administrator’s password.” Unfortunately the setting…
Keep readingJamf Pro Framework Not Installing or Redeploying
Starting on or around Monday June 26th we recently ran into some issues where the Jamf Pro Binary located at /usr/local/bin/jamf was missing on newly enrolled computers. The computers would be MDM enrolled but and would receive configuration profiles but the Jamf Management Framework, including Self Service and the jamf binary would be missing. Because…
Keep readingCapturing Jamf Protect Diagnostics to S3
While it doesn’t happen often at all sometime your staff will have issues performance issues with Jamf Protect. This was apparent for us recently with an issue that was patched in 3.1.4.425, which was compounded by a Unified Logging filter that generated a lot of information. In the process of gathering logs for support we…
Keep readingSomething went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.
AirWatch APNs Apple Apple Business Manager Apple Push Notificaitons Benchmarks CIS Departed Enrollment Gatekeeper Google Chrome Jamf Account Jamf Management Framework Jamf Pro Jamf Protect mac macOS MDM Communications MDM Communications Repair Okta PI Policies Scripts security Single Sign-on Software Update STIG technology Users Vulnerability windows
IT Notes 