July 2022 – MacAdmins Meeting

July 2022 – MacAdmins Meeting

July 20, 2022 – University of Utah, MacAdmins Meeting


mac_mgrs_crowd

The University of Utah, MacAdmins Meeting is held monthly virtually on the 3rd Wednesday of each month at 11 AM Mountain Time. Presentations cover Apple technology and integration in a heterogeneous university enterprise environment. This month’s meeting will be held on Wed, July 20th, 2022 at 11 AM MT and we will provide live broadcasts and archives that will be made available 2-3 days after the meeting. If you have suggestions on presentations or interest in presenting,  questions, or comments, please use the Contact Us option.

Jamf Connect Deployment Planning – Sean Rabbitt, Jamf


In this presentation, we’ll discuss Jamf Connect, a tool for making user accounts on Macs and keeping their passwords in sync with a cloud identity provider. We’ll chat about the two halves of Jamf Connect, when to use the login window, and how to automate deployments using Jamf Pro and smart computer groups. We’ll also briefly discuss how to plan for zero-touch onboarding strategies with links to other sessions on how to automate your deployment.  

Jamf Connect includes two core components:

  • Login window—An authorization plug-in that modifies the default macOS login process and login window UI.

  • Menu bar app—An application that helps users manage their network and local passwords.

Jamf Connect Summary:

  • Account provisioning: Create local macOS user accounts based on cloud identity provider credentials for centralized account management with modern authentication.
  • Privilege Management: Use the identity provider attributes and group membership to elevate user permissions from standard accounts to administrator accounts for centralized management of rights.
  • Password Sync: Keep local macOS user accounts passwords in sync with a cloud identity provider, eliminating the need for binding a device to a directory for centralized password management.
  • Passwordless: With Jamf Unlock, Jamf Connect’s passwordless workflow, provides users secure access to their Mac via their iPhone. Utilizing Face ID, Touch ID, or PINs, users gain immediate access to their Mac, without needing to type a password

 

About Sean Rabbit

Sean was born a small human child and has since gotten larger. He is currently a Sr. Consulting Engineer for Identity and Access Management at Jamf where he writes a lot of documentation that people ignore. He is often seen in an Airstream trailer traveling the country.

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.

Tart Open Source Virtualization for MacAdmins – Fedor Korotkov & Dan K. Snelson


During this presentation, you will learn about Continuous Integration (CI) and how to leverage Tart, an open-source tool to run macOS VMs on Macs with Apple silicon.
 


Tart is a virtualization toolset to build, run and manage virtual machines on Apple Silicon. Built by CI engineers for your automation needs.
 


Here are some highlights of Tart:

  • Tart uses Apple’s own Virtualization.Framework for near-native performance.
  • Push/Pull virtual machines from any OCI-compatible container registry.
  • Use Tart Packer Plugin to automate VM creation.
  • Built-in CI integration.

About Fedor Korotkov

Fedor Korotkov has spent more than 10 years working on all kinds of developer tools at companies like Airbnb, Twitter, and JetBrains before founding Cirrus CI — the one CI to rule them all.

About Dan K. Snelson

Dan K. Snelson is a senior systems engineer with The Church of Jesus Christ of Latter-day Saints, managing Macs worldwide. He writes the Snelson.us blog and you can find him on the MacAdmins Slack as dan-snelson.

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.

Microsoft Enterprise SSO plug-in for Apple Devices – Michael Epping, Microsoft


The Microsoft Enterprise SSO plug-in provides a single sign-on (SSO) to applications and websites that use Microsoft Azure Active Directory (AD) for authentication, including Microsoft 365. This plug-in uses the Apple single sign-on extension. It reduces the number of authentication prompts users to get when using devices managed by Mobile Device Management (MDM), including Microsoft Intune. Once set up, applications that support the Microsoft Authentication Library (MSAL) automatically take advantage of the Microsoft Enterprise SSO plug-in (preview). Applications that don’t support MSAL can be allowed to use the extension. Just add the application Bundle ID or prefix to the extension configuration.

Many organizations that use macOS also use Azure AD and M365. There are multiple integration points between Azure AD and macOS, and many organizations struggle with implementation. We’ll discuss how these pieces work deep down and some best practices for deploying them. Attendees will learn how to improve security and the user experience, how to provide SSO to M365 resources, and how to leverage the latest macOS features to integrate with the Azure AD identity platform as much as possible.

 

About Michael Epping 

Michael Epping is a Senior Product Manager in the Azure AD Engineering team at Microsoft. He is part of the customer experience team and his role is to accelerate the adoption of cloud services across enterprise customers. Michael helps customers deploy Azure AD features and capabilities via long-term engagements that can last years, as well as working within the engineering organization as an advocate on behalf of those customers. Michael has more than 9 years of experience working with customers to deploy Microsoft products like Azure AD, Intune, and Office 365. He’s spoken at various industry events, such as BSides and The Experts Conference.  

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.

 

Open Discussion


Questions, comments, problems, and fixes.

 

Directions


Due to the coronavirus (aka Covid-19) crisis, this meeting will not be meeting in person but will currently be done virtually using Zoom video communications architecture.

With Zoom we will implement the following security best practices:
  • Require a Password to Join This meeting will require a password to join the meeting. Information will be emailed via a campus internal list, but if you are external and want to attend the meeting, please use the contact us form to receive details. Else, the archive of the meeting will be available 2-3 days after the live meeting.

    • Waiting Room When joining the meeting you will be placed in the Waiting Room by default and the hosts will give you access to the live meeting.

  • Miscellaneous We will also implement other settings and safeguards to secure the meeting.

Archived Presentation(s)


  • Archives of the presentations will be available on this web page.
No Comments

Leave a Reply