August 2024 – MacAdmins Meeting

14 Aug August 2024 – MacAdmins Meeting

August 21st, 2024 – University of Utah, MacAdmins Meeting

The University of Utah, MacAdmins Meeting is held monthly virtually on the 3rd Wednesday of each month at 11 AM Mountain Time. Presentations cover Apple technology and integration in a heterogeneous university enterprise environment. This month’s meeting will be held on Wed, August 21st, 2024 at 11 AM MT and we will provide live broadcasts and archives that will be made available 2-3 days after the meeting.

AppleSeed for IT & SoftwareUpdate Update – Yogen Kushi, Apple

This presentation will be by the University of Utah’s new Apple Systems Engineer, Yogen Kushi. He will delve into the powerful tools and programs that Apple offers to IT administrators. This session will cover AppleSeed for IT, Apple’s exclusive beta testing program designed for IT professionals. Learn how early access to software updates and hands-on testing can prepare your organization for upcoming releases, ensuring smooth transitions and minimal disruptions. He will also explore the intricacies of Software Update management, a critical component for maintaining the security, stability, and performance of Apple devices in your environment. From configuring update policies to automating deployment, discover best practices and strategies for keeping your devices up-to-date with the latest software. Additionally, we’ll highlight new features introduced in the macOS betas, such as enhanced update controls, more granular scheduling options, and improved reporting capabilities, giving you more flexibility and control over your fleet.

About Yogen Kushi

Custodian of Apple’s technical relationship with Higher Education institutions in Washington, Oregon, Idaho, Montana, Nevada, Utah and Wyoming.

     Note – Please be aware that by Apple’s policy, this presentation will not be recorded or accessible after the live broadcast.    

Unlocking the Future with Passkeys – Joe Scalone, Yubico

This presentation explores the potential of passkeys, FIDO-enabled credentials, to revolutionize authentication by eliminating the need for traditional passwords. Passkeys offer enhanced security against phishing attacks and a more seamless user experience. As their popularity grows, it’s essential to understand the different types: synced and device-bound passkeys. 

Key topics covered include:

• The limitations of traditional passwords and the growing threat of cyberattacks.
• A detailed explanation of passkeys, including their different types (sync-able and device-bound).
• The role of attestation in ensuring the security of passkeys.
• The impact of passkeys on user experience and organizational security.
• Challenges and considerations for implementing passkeys in enterprise environments.

This presentation will delve into the benefits, challenges, and implementation considerations for each type, empowering attendees to make informed decisions about adopting passkeys within their organizations.

About Joe Scalone

Joe Scalone is a Senior Solutions Architect at Yubico, dedicated to making the internet safer. His main focus is ensuring secure login options are available to everyone. He is also the co-chair of the Government Deployment Working Group and co-chair of the US Government Deployment subgroup for the FIDO Alliance helping specify standardized implementations for the FIDO standards in Governments in the US and Worldwide.

• Video – To view the archived presentation video, click here.
• Slides – To view the archived presentation slides, click here.

SOFA – Henry Stamerjohann, Zentral

In this presentation, we’ll explore SOFA (Simple Organized Feed for Apple Software Updates) an open-source project that acts as a comprehensive aggregator for Security and OS Update information. This powerful tool is designed to assist MacAdmins by efficiently tracking and highlighting critical updates for macOS and iOS. SOFA provides both a machine-readable feed and a user-friendly web interface, ensuring you have up-to-date information on XProtect data, OS updates, and the detailed components of those releases. You’ll learn how SOFA operates using scheduled GitHub actions, serving as a dynamic, centralized source of truth to be used by the community as an integrated tool. It’s a versatile solution that can even be self-hosted, offering complete control over the data consumed by your fleet and colleagues. This self-hosting capability makes SOFA an indispensable tool for enhancing security awareness and administrative efficiency within your organization.

SOFA Use cases

Nudge 2.0 ​

Nudge is a MacAdmins Open Source tool designed to encourage the installation of macOS security updates. The latest release, Nudge 2.0, integrates with the SOFA feed to keep macOS systems up to date. By default, it checks the SOFA feed every 24 hours, caching the data locally. Users can customize the refresh interval, set a custom feed URL, and manage support for unsupported devices. Customizable UI elements indicate when a device is unsupported, with text fields and overlay icons to highlight this status.

Using SOFA with Jamf Pro ​

Integrate SOFA with Jamf Pro to monitor macOS and XProtect updates. SOFA provides up-to-date information on macOS versions and XProtect updates, allowing you to determine if systems are compliant. Use Jamf Pro Extension Attribute scripts (macOSVersionCheck-EA.sh and XProtectVersionCheck-EA.sh) to check local system versions against the latest updates in the SOFA JSON feed. Results can be used to scope non-compliant computers into Smart Groups, triggering MDM/DDM commands to ensure systems are updated.

About Henry Stamerjohann

Henry Stamerjohann, based in Germany, is one of the co-founders of Zentral, an innovative open-source platform designed for enterprise-grade device management and reporting. Zentral excels at transforming endpoint events and telemetry data from various sources into a normalized, unified view, while also managing device configurations. It serves as a keystone solution for managing best-in-class open-source tools like Osquery, Google Santa, and Munki, in addition to its own declarative open-source Apple MDM.

With Zentral, device management workflows are deeply integrated with modern GitOps practices, ensuring auditability, peer review, and automated change control. This approach guarantees a robust and efficient management process that is both transparent and reliable.

• Video – To view the archived presentation video, click here.
• Slides – To view the archived presentation slides, click here.
  
  

Open Discussion

Questions, comments, problems, and fixes.

Directions

This meeting will not be held in person but will be done virtually using Zoom video communications architecture.