September 2022 – MacAdmins Meeting

16 Sep September 2022 – MacAdmins Meeting

September 21, 2022 – University of Utah, MacAdmins Meeting

The University of Utah, MacAdmins Meeting is held monthly virtually on the 3rd Wednesday of each month at 11 AM Mountain Time. Presentations cover Apple technology and integration in a heterogeneous university enterprise environment. This month’s meeting will be held on Wed, September 21st, 2022 at 11 AM MT and we will provide live broadcasts and archives that will be made available 2-3 days after the meeting.

If you have suggestions on presentations or interest in presenting,  questions, or comments, please use the Contact Us option. 

Tanium macOS Essentials – Kelli Huynh & Kofi Asirifi, Tanium

Tanium is feature-packed endpoint management and endpoint security platform designed to strengthen and optimize an organization’s cybersecurity efforts. Encompassing everything from asset and threat discovery to complete threat response capabilities from a single endpoint agent, Tanium gives security teams the tools they need to fortify existing security gaps and/or completely overhaul their cyber security environments.

In this presentation, we will start with an overview of Tanium including the basics, enforcement, performance, and threat response. And cover macOS integration including management, installation & configuration, distribution across your fleet, patching, and troubleshooting tips & tricks.

About Kelli Huynh

Kelli Huynh has worked at Tanium for over 6 years and started as internal IT managing our mac endpoints before becoming a Technical Account Manager (TAM) to help create content for the mac disparities in Tanium. Prior to Tanium, worked as a system administrator at schools to manage their Mac enterprise. environment.

About Kofi Asirifi

Kofi Asirifi worked at Tanium for almost 4 years, with most of my time spent in the TAM organization. The Enforce module is my primary focus area which includes Mac management. Prior to Tanium, I worked as an Infrastructure Engineer managing Apple devices in the enterprise.

• Video – To view the archived presentation video, click here. (requires campus login)

XCreds 2 – Timothy Perfitt, Twocanoes Software

With this presentation, learn about the newest open source project from Twocanoes Software. XCreds 2 supercharges the mac login window so you can use your Azure, Google Cloud, or any Open ID Connect provider password to log in. XCreds 2 also provisions user accounts and monitors for external password changes.



XCreds has 2 components: the XCreds app that runs in user space and XCreds Login Window which is a security agent that runs when the user is logging in to their mac. Both the security agent and the app share keychain items in the user’s keychain to key track the current local password and the tokens from the cloud provider. Both items prompt the user with a web view to authenticate to their cloud provider, verify login was successful, and then update the local password and user keychain passwords as needed.

XCreds Login

XCreds Login is a Security Agent that replaces the login window on macOS to provide authentication to the cloud provider. It presents a web view at the login window and fully supports multi-factor authentication. When authentication completes, the web view receives Open Id Connect (OIDC) tokens and stores those tokens in the login keychain. If the local password and the cloud password are different, the local password is updated to match the cloud password and the login keychain password has been updated as well. The local password is then stored in the user keychain so that any password changes in the future can be updated silently. Only the security agent and the XCreds application are given permission to access the password and tokens.

XCreds Application

The XCreds application runs when the user logs in. On the first launch, it checks to see if XCreds tokens are available in the login keychain. If they are, the refresh token is used to see if it is still valid. If it is invalid (due to a remote password change), the user is prompted with a web view to authenticating with their cloud credentials. If they authenticate successfully, the tokens are updated in the login keychain and the password is checked to see if it has been changed. If it changed, the local account and login keychain is updated to match the cloud password.

We will show a demo, answer questions and discuss how the project works and how you can use it.

About Timothy Perfitt

Timothy Perfitt is the Founder and President of Twocanoes Software located in Naperville, IL. Tim started Twocanoes Software after a decade of working at Apple, Inc, in engineering. He is the creator of Winclone, Boot Runner, MDS, Smart Card Utility and many more successful products focused on the Mac, iPhone, and iPad. His most recent open source project, XCreds, provides a powerful and secure way to authenticate to cloud providers from the Mac.

Tim is focused on macOS and iOS authentication, including certificate-based authentication, smart cards, remote access, and code signing. Tim has a Bachelor of Science in Electrical Engineering from Michigan State University and a Master’s Degree from California State University. Tim enjoys renovating his grandfather’s Model A and going to the dog park with his two labs.

• Video – To view the archived presentation video, click here.
• Slides – To view the archived presentation slides, click here.

BeyondTrust Privilege Management for Mac – Tom Ziegmann, BeyondTrust

About Tom Ziegmann

Tom Ziegmann is a Senior Solutions Engineer at BeyondTrust. In this role, Tom helps organizations of all sizes identify solutions to meet their privileged access management objectives. Tom has more than ten years of experience in Information Security and has been recognized as a six-time Most Valuable Professional (MVP) by Microsoft for his work in the IT community.

• Video – To view the archived presentation video, click here. (requires campus login)

Open Discussion

Questions, comments, problems, and fixes.

Directions

Due to the coronavirus (aka Covid-19) crisis, this meeting will not be meeting in person but will currently be done virtually using Zoom video communications architecture.