DEPNotify is an application that will guide end-users through the process of enrolling a computer with Automated Device Enrollment.
An organization can choose to install critical applications after enrollment with MDM, but without a tool such as DEPNotify, end users may not be aware of the process. This application can also ask the end users for information that can be input and then used by administrators for future management.
Two Major components we need to configure for DEPNotify:
- the application
- the starter script
Note: While deploying the Application package and any other resources related to it should designed with an Apple Developer certificate (if deployed via Jamf, a Jamf Pro Built-in CA certificate can be used).
Download DEPNotify: https://gitlab.com/Mactroll/DEPNotify
DEPNotify supports a wide range of configurations. These include:
- Customisable text
- Images
- User input fields which can be used for extension attributes
- EULAs
- The ability to open webpages or play a YouTube video
- Full-screen or windowed display
- Progress bars
DEPNotify is completely controlled via echoing text to its control file. By default, this is:
“ /var/tmp/depnotify.log “ but can be changed with the -path flag
To Learn about Application flags: https://gitlab.com/Mactroll/DEPNotify#application-flags
Commands:
You can customise the DEPNotify window with Commands for user Interaction, notification and completion information.
Main Window Setup: https://gitlab.com/Mactroll/DEPNotify#main-window-configuration
Interaction: https://gitlab.com/Mactroll/DEPNotify#interaction
Notification: https://gitlab.com/Mactroll/DEPNotify#interaction
Completion: https://gitlab.com/Mactroll/DEPNotify#completion
If you would like to add advanced workflow, we can write a plist “ menu.nomad.DEPNotify.plist “With this file you can configure various things like the EULA window, registration window, status text alignment and help bubbles.
Ref: https://gitlab.com/Mactroll/DEPNotify#depnotify-plist
DEPNotify starter Script:
The DEPNotify Starter Script is very lengthy but is heavily commented on to help you understand the available settings and how to configure them.
DEPNotify-Starter Github repo contains both starter script and reset script for DEPNotify:
https://github.com/jamf/DEPNotify-Starter
you can also use the application DEPNotify Set-up Helper to configure the script for you.
https://github.com/BIG-RAT/DEPNotify-Set-up-Helper
EULAs and images for DEPNotify should not be included in the DEPNotify package but instead can be placed in a package of their own.
Any package installed during Automated Device Enrollment must be signed with a certificate that can be trusted by the Mac
Deployment Plan with Jamf:
Assuming the Apple Business Manager is well-integrated
Prestage Enrollment:
You can go computers: Prestage Enrollments create a setting of prestage.
General > apply setting as per your requirement
Configuration Profile add your DEPNotify Configuration
Enrollment Packages add DEPNotify and any EULA or images package (Note both packages should be signed).
when creating a Prestage enrollment, it is best to use the minimum critical settings
Smart Computer Group:
Create a Smart computer Group with Criteria Enrollment Method: Prestage enrollment operator (is) and value Zero Touch
Configuration Profiles:
If any configuration Profile is you would like to deploy during the Zerotouch scope it with the smart Computer Group you created.
Policies:
Create a policy for the DEPNotify starter script and any packages you need to deploy during the DEPprocess set the as “Ongoing” and with a custom trigger with unique to each policy and scope to this smart Group you created before.
Testing on a Local Enrolled Mac:
Before deploying to production you can test the DEPNotify setting function on you enrolled Mac computer.
To Test open terminal and run the command :
sudo jamf policy -event enrollmentComplete
If all has been configured correctly, you should see the DEPNotify application open and a simulation of your workflow. With the testing flag set to "true", your policies and registration information will not execute.
