Showing posts with label Automate Device Enrollment. Show all posts
Showing posts with label Automate Device Enrollment. Show all posts

Thursday, January 18, 2024

Releasing Devices in Apple Business Manager


Say goodbye to unwanted devices cluttering your Apple Business Manager! Releasing devices is a crucial part of managing your fleet, allowing you to remove devices sold, lost, or simply beyond repair. This blog dives into the steps for releasing devices and sheds light on which roles have the authority to do so.

Why Release Devices?

Releasing devices offers several benefits:

  • Clean Up Your Inventory: Keep track of active devices and avoid confusion.
  • Compliance Check: Ensure you're not managing devices you no longer own, adhering to Apple Business Manager Agreement terms.
  • Security Clearance: Prevent unauthorized access to your network and data by wiping released devices.

Who Can Release the Devices?

Only two user roles in Apple Business Manager can initiate device release:

  • Administrator: The all-powerful role, with full control over devices, users, and settings.
  • Device Enrollment Manager: Responsible for device enrollment and management, also authorized to release them.

Release Steps Simplified:

Sign In: Access Apple Business Manager with your valid Administrator or Device Enrollment Manager credentials.



Device Selection: Choose "Devices" from the sidebar. You can search for specific devices or view the entire list.

Target the Unwanted: Select the device(s) you want to release by clicking the checkbox next to their names.




Release Actions: Click the "Release" button at the top right corner.




Confirmation: A confirmation window will appear. Double-check the selected devices and click "Release".



Note: Releasing a device removes it from Apple Business Manager and you will need to wipe the device.

Bonus Tip: You can configure Apple Business Manager to allow only specific users within the Device Enrollment Manager role to release devices. This adds an extra layer of control and accountability.

By following these steps and understanding the authorised roles, you can say goodbye to unwanted devices and maintain a clean, efficient Apple Business Manager environment. So, go forth and release those digital ghosts with confidence!

Remember: This information is accurate as of January 18, 2024. Apple may update its processes or release new features,so always refer to the official Apple Business Manager documentation for the latest guidance.

Feel free to leave comments below if you have any questions or additional insights on device release in Apple Business Manager!

For more information please contact us at https://brilyant.com/contact/

- No comments:
Labels: , , , , , , , ,

Tuesday, December 26, 2023

Zero Touch Setup with DEPNotify

DEPNotify is an application that will guide end-users through the process of enrolling a computer with Automated Device Enrollment. 

An organization can choose to install critical applications after enrollment with MDM, but without a tool such as DEPNotify, end users may not be aware of the process. This application can also ask the end users for information that can be input and then used by administrators for future management.


Two Major components we need to configure for DEPNotify: 

  1. the application 
  2. the starter script


Note: While deploying the Application package and any other resources related to it should designed with an Apple Developer certificate (if deployed via Jamf, a Jamf Pro Built-in CA certificate can be used).


Download DEPNotify: https://gitlab.com/Mactroll/DEPNotify 


DEPNotify supports a wide range of configurations. These include:

  • Customisable text
  • Images
  • User input fields which can be used for extension attributes
  • EULAs
  • The ability to open webpages or play a YouTube video
  • Full-screen or windowed display
  • Progress bars


DEPNotify is completely controlled via echoing text to its control file. By default, this is:


“  /var/tmp/depnotify.log “ but can be changed with the -path flag


To Learn about Application flags:  https://gitlab.com/Mactroll/DEPNotify#application-flags


Commands:

You can customise the DEPNotify window with Commands for user Interaction, notification and completion information.


Main Window Setup: https://gitlab.com/Mactroll/DEPNotify#main-window-configuration

Interaction: https://gitlab.com/Mactroll/DEPNotify#interaction

Notification: https://gitlab.com/Mactroll/DEPNotify#interaction

Completion: https://gitlab.com/Mactroll/DEPNotify#completion


If you would like to add advanced workflow, we can write a plist “  menu.nomad.DEPNotify.plist “With this file you can configure various things like the EULA window, registration window, status text alignment and help bubbles.


Ref: https://gitlab.com/Mactroll/DEPNotify#depnotify-plist


DEPNotify starter Script:

The DEPNotify Starter Script is very lengthy but is heavily commented on to help you understand the available settings and how to configure them.


DEPNotify-Starter Github repo contains both starter script and reset script for DEPNotify:

 https://github.com/jamf/DEPNotify-Starter


you can also use the application DEPNotify Set-up Helper to configure the script for you. 

https://github.com/BIG-RAT/DEPNotify-Set-up-Helper 

 


EULAs and images for DEPNotify should not be included in the DEPNotify package but instead can be placed in a package of their own. 


Any package installed during Automated Device Enrollment must be signed with a certificate that can be trusted by the Mac


Deployment Plan with Jamf:

Assuming the Apple Business Manager is well-integrated


Prestage Enrollment: 

You can go computers: Prestage Enrollments create a setting of prestage.

General > apply setting as per your requirement

Configuration Profile add your DEPNotify Configuration

Enrollment Packages add DEPNotify and any EULA or images package (Note both packages should be signed).

when creating a Prestage enrollment, it is best to use the minimum critical settings


Smart Computer Group:

Create a Smart computer Group with Criteria Enrollment Method: Prestage enrollment operator (is) and value Zero Touch


Configuration Profiles:

If any configuration Profile is you would like to deploy during the Zerotouch scope it with the smart Computer Group you created.


Policies:

Create a policy for the DEPNotify starter script and any packages you need to deploy during the DEPprocess set the as “Ongoing” and with a custom trigger with unique to each policy and scope to this smart Group you created before.


Testing on a Local Enrolled Mac:

Before deploying to production you can test the DEPNotify setting function on you enrolled Mac computer.


To Test open terminal and run the command :

sudo jamf policy -event enrollmentComplete


If all has been configured correctly, you should see the DEPNotify application open and a simulation of your workflow. With the testing flag set to "true", your policies and registration information will not execute.


For more information please contact us at https://brilyant.com/contact/


- No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)