Are you Ready to Deploy MacOS Big Sur?

 Are you Ready to Deploy MacOS Big Sur?

Check List:

Delay software update Policy in your MDM for Testing MacOS BigSur.

Enrol to AppleSeed for IT Program and Beta Test and Complete all Test.

Evaluation of MacOS Big Sur Brand new UI, features and Capabilities.

IT infrastructure like VPN, printer Drivers, Application and Management Policy Test Completed.

Training and Announced of Launch for Internal Team.

 

macOS Big Sur Compatible devices:

(https://www.apple.com/macos/big-sur-preview/)

• 1. iMac 2014+
• 2. iMac Pro 2017 
• 3. Mac Pro 2013+ 
• 4. MacMini 2014+ 
• 5. MacBook 2015+ 
• 6. MacBook Air 2013+ 
• 7. MacBook Pro 2013+

Plan for upgrade:

Prepare Package:

Download Install macOS Big Sur app from the Mac App Store.

Build a pkg using Package building tools. Like the Composer, VMware Airwatch Admin Assistant app.

Upload the pkg to MDM.

Create a Policy to deploy in End-user Device.

Jamf MDM users: 

Upload the Package to Jamf Pro console using Jamf Admin.

Option A

Cache Install

1. Log in to Jamf Pro. 
2. Click Computers at the top of the page. 
3. Click Policies. 
4. Click New 
5. In the General payload, enter a display name for the policy. For example, “Cache Install macOS Big Sur.pkg”. 
6. Select Recurring Check-in as the trigger. 
7. Choose “Once per Computer” from the Execution Frequency pop-up menu. 
8. Select the Packages payload and click Configure. 
9. Click Add for the PKG file. 
10. Choose “Cache” from the Action pop-up menu. 
11. Specify a distribution point for computers to download the package from. 
12. Select the Maintenance payload and click Configure. 
13. Ensure that the Update Inventory checkbox is selected. 
14. Click the Scope tab and configure the scope of the policy. 
15. Save 

Create a Smart Computer Group with the Cached PKG File

1. Click Computers at the top of the page. 
2. Click Smart Computer Groups. 
3. Click New. 
4. On the Computer Group pane, enter a display name for the smart computer group. For example, “Install MacOS Big Sur.pkg Cached”. 
5. Click the Criteria tab. 
6. Click Add.
   
7. Click Choose for “Cached Packages”.
   Note: Only your 30 most frequently used criteria are listed. To display additional criteria, click Show Advanced Criteria. 
8. Choose “has” from the Operator pop-up menu. 
9. Click Browse. 
10. Click Choose for the PKG file.
    Note: The PKG file is not available as a value until it has been cached on at least one computer. 
11. Click Save.

Create a Policy for Upgrading macOS

Option 1 self service:

1. Click Computers at the top of the page. 
2. Click Policies. 
3. Click New. 
4. In the General payload, enter a display name for the policy. For example, “Upgrade macOS”. 
5. Choose “Once per Computer” from the Execution Frequency pop-up menu. 
6. Select the Packages payload and click Configure. 
7. Click Add for the Install macOS Big sur.pkg file.
8. Choose “Install Cached” from the Action pop-up menu.
9. Select the Files and Processes payload and click Configure. 
10. In the Execute Command field, enter the file path to the installer with the --startosinstall command. For example, "/file/path/Install macOS Big Sur.app/Contents/Resources/startosinstall". (To suppress end-user messages during installation, add the --agreetolicense flag to the command).
11. Click the Scope tab. 
12. Click Add. 
13. Click the Computer Groups tab. 
14. Click Add for the smart computer group with the cached PKG file you just created. 
15. Click the Self Service tab. 
16. Select Make the policy available in Self Service. 
17. Configure how the policy is displayed in Self Service using the settings on the pane. 
18. Click Save.

Option 2 Creating Policy for upgrading macOS Automatically:

1. Click Computers at the top of the page. 
2. Click Policies. 
3. Click New. 
4. In the General payload, enter a display name for the policy. For example, “Upgrade macOS”. 
5. Choose “Once per Computer” from the Execution Frequency pop-up menu. 
6. Select the Packages payload and click Configure. 
7. Click Add for the Install macOS Big Sur.pkg file. 
8. Choose “Install Cached” from the Action pop-up menu. 
9. Select the Files and Processes payload and click Configure. 
10. In the Execute Command field, enter the file path to the installer with the --startosinstall command. For example, "/file/path/Install macOS Big Sur.app/Contents/Resources/startosinstall" (Optional) To suppress user messages while installing macOS, add the --agreetolicense flag to the command. 

12. Click the Scope tab. 
13. Click Add  . 
14. Click the Computer Groups tab. 
15. Click Add for the smart computer group with the cached PKG file you just created. 
16. Click the User Interaction tab and enter messages to display to users or allow users to defer the policy. 
17. Click Save.

Option B

Direct Install:

Purchase Mac OS Installer from Apple Business Manager from Apps and Book.

1. Click Computers at the top of the page. 
2. Click Mac App Store Apps. 
3. Click New. 
4. Do one of the following: 
• To add the app by browsing the App Store, enter the name of the app, choose an App Store country, and then click Next. Then click Add for the app you want to add. 

5. Use the General pane to configure settings for the app, including the distribution method. For apps distributed using managed distribution, you can also enable automatic app updates. 
6. Click the Scope tab and configure the scope of the app. 
7. Click the Self Service tab and configure the way the app is displayed in Self Service. 
8. You can customize the text displayed in the description for the app in Self Service by using Markdown in the Description field.
9. Click the Managed Distribution tab, and then click the Device Assignments tab.
10. Select the Assign Volume Content checkbox. 
11. Choose the location that has purchased the app to distribute to computers.
12. Click Save 
13. Click Computers at the top of the page. 
14. Click Policies. 
15. Click New. 
16. In the General payload, enter a display name for the policy. For example, “Upgrade macOS”. 
17. Choose “Once per Computer” from the Execution Frequency pop-up menu. 
18. Select the Files and Processes payload and click Configure. 
19. In the Execute Command field, enter the file path to the installer with the --startosinstall command. For example, "/file/path/Install macOS Big Sur.app/Contents/Resources/startosinstall" (Optional) To suppress user messages while installing macOS, add the --agreetolicense flag to the command. 

12. Click the Scope tab. 
13. Click Add. 
14. Click the Computer Groups.
15. Click Save.

VMware | workspace One MDM:

Option A

1. In the Workspace ONE UEM Console, click Apps & Books.
2. Expand Applications and click Native.
3. Select Purchase
4. Click Sync Assets 
5. Enable Device Assignment for. MacOS upgrade
6. Click Ok click Save and Assign
7. Assign to Pre-Big Sur Device
8. Set Assignment Type
9. Click Save and Publish.
10. Click Add Application on the Internal tab.
11. Upload macOS Application to Workspace ONE.
12. Upload Metadata File
13. Add Image to App
14. Assign the Application On-Demand
15. Save and Publish

Option B

.

1. Click Add Application on the Internal tab.
2. Upload macOS Application to Workspace ONE.
3. Upload Metadata File
4. Add Image to App
5. Assign the Application On-Demand
6. Save and Publish

Configure Post Install Script in Workspace one.

1. In the Workspace ONE UEM Console, click Devices.
2. Expand Profiles & Resources and click Profiles.
3. Click Add.
4. Click Add Profile
5. Select Profile Platform and Context - Select Apple macOS> Select Device Profile.
6. Configure General macOS Device Profile Settings
7. Configure Custom Attributes Payload (paste the Install script)
8. Set the Execution Interval to Schedule.
9. Set Report Every to 8 Hours.
10. Click Save and Publish, then click Publish.

Note:  please validate the script, this plan is for reference only. I am not responsible if any data loss

Creating Redemption code Via Apple Business Manager

1. Log in to your Apple Business Manager.
2. > Custom Apps.
3. Select the app for which you want to the redemption codes.
4. Select Redemption Codes from the License Type drop-down menu
5. Provide the Quantity and click Get (Note: You will receive an email confirming the purchase at the admin email address).
6. Download the redemption codes, save and share with your Team.

setup Shared iPad for Business

Shared iPad can also be used in business, Multiple users can use the iPad and the USer experiences can be like a personal device, even though the device is shared.

To set up the Shared iPad it requires an MDM solution, Apple Business Manager and Managed Apple ID created using Microsoft Azure.

Shared iPad Support on:
iPad Pro
iPad 5th Gen
iPad Air 2
iPad mini 4th Gen

iPadOS 13.4

Following setup had to be done in MDM:

When Setting up the AutoEnrollment configuration select Shared iPad.

Sign into shared iPad:

1. Once the Device is configured Enter the  Manage Apple ID Username and Password
2.Create a Shared iPad Password
3. Next time when you use the iPad, use Manage Apple ID user name and shared iPad Password.

 Shared iPad Temporary Session

In iPadOS 13.4 or later, any user can initiate a temporary session without the need for a username or password by tapping Guest at the login screen. All their data — including browsing history — is deleted when the user signs out.

Using Temporary Sessions with Shared iPad also prevents users from modifying account settings or signing into Apple services. For example, users can’t create new mail accounts in Settings or sign in to the App Store.

Note: Shared iPad Temporary session can be disable using MDM.

Script Jamf

Assest Tag:

Cat: None

#!/bin/bash
assetTag=$(osascript -e 'text returned of (display dialog "Please type in your asset tag" default answer "JS#####" buttons {"OK"} default button 1)')
sudo jamf recon -assetTag $assetTag

Policy > files and Process : Clean OS install:
"/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense

upload sys log:

cat: system tools

#!/bin/bash
serial=$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $4}')
jamfID=$(curl -sku username:password -H "Accept: application/xml" https://brilyant.jamfcloud.com/JSSResource/computers/serialnumber/$serial | xpath "/computer/general/id/text()")
curl -sku api:apple123 https://brilyant.jamfcloud.com/JSSResource/fileuploads/computers/id/$jamfID -F name=@/private/var/log/system.log -X POST

wallpaper

cat: Dock
#!/bin/bash
# $3 is the logged in user - default for most policies.
sudo -u $3 /usr/bin/osascript <<ENDofOSAscript
tell Application "Finder"
set the desktop picture to {"Library:Desktop Pictures:<apppp>.jpg"} as alias
end tell
ENDofOSAscript
exit 0

Versions:

#!/bin/sh
FILE_PATH="$1"
FILE_NAME="${FILE_PATH##*/}"
PKG_PATH="${FILE_PATH%/*}"
TMP_PATH=`/usr/bin/mktemp -d /tmp/PKGINFO.XXXX`
DEBUG=false



if [ ! -f "$FILE_PATH" ] || [ "$FILE_NAME##*." == "pkg" ]; then
echo "ERROR: Unable to find valid package file."
echo "USAGE: ${0##*/} /path/to/package"
exit $LINENO
fi


if $DEBUG; then
echo "FILE:   $FILE_NAME"
echo "FOLDER: $PKG_PATH"
echo "TEMP:   $TMP_PATH"
fi



PKG_TITLE=`/usr/sbin/installer -verbose -pkginfo -pkg "$FILE_PATH" | /usr/bin/grep -m 1 Title | /usr/bin/awk -F " : " '{print $2}'`



if ! PKG_INFO=(`/usr/bin/xar -t -f "$FILE_PATH" | /usr/bin/grep PackageInfo`); then
echo "ERROR: Unable to find package file information."
exit $LINENO
fi



pushd "$TMP_PATH" > /dev/null


for PKG_FILE in ${PKG_INFO}; do
if ! /usr/bin/xar -x -f "$FILE_PATH" "$PKG_FILE"; then
echo "ERROR: Unable to extract package file information."
exit $LINENO
else
TMP_INFO+=("$TMP_PATH/$PKG_FILE")
if $DEBUG; then echo "INFO:   ${TMP_INFO[@]}"; fi
fi
done


for FILE_INFO in $TMP_INFO; do
PKG_VERSION+=(`/usr/bin/xpath "$FILE_INFO" "string(/pkg-info[1]/@version)" 2> /dev/null`)
echo "TITLE:   $PKG_TITLE"
echo "VERSION: ${PKG_VERSION[@]}"
done

popd > /dev/null



/bin/rm -rf "$TMP_PATH"

Lastboot:

#!/bin/bash

bootTime=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
#echo "$bootTime"

bootTimeFormatted=$(date -jf %s $bootTime +%F\ %T)

echo "<result>$bootTimeFormatted</result>"

Application launch

#!/bin/bash


open -a (Name of application).app

uptime:

#!/bin/bash

##defers policy
returnCode=$("/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType hud -description "Click Restart to Resrat your Mac or Choose a better time." -button1 "Restart" -button2 "Cancel" -showDelayOptions "0, 300, 3600")
selectedTime=${returnCode%?}
echo $selectedTime
buttonClicked=${returnCode: -1}


if [[ $returnCode == 3001 ]]; then
sleep 300s;
elif [[ $returnCode == 36001 ]]; then
sleep 3600s;

fi
#### push restart policy
reboot



Changing the name to SL No:

#!/usr/bin/env bash

# Get the Serial Number of the Machine
sn=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')

# Set the ComputerName, HostName and LocalHostName
scutil --set ComputerName $sn
scutil --set HostName $sn
scutil --set LocalHostName $sn

Message:

osascript -e 'tell app "Finder" to display dialog "you have sucessfully rebooted"'

Last boot
#!/bin/bash

assetTag=$(osascript -e 'text returned of (display dialog "Please type in your asset tag" default answer "JS#####" buttons {"OK"} default button 1)')
sudo jamf recon -assetTag $assetTag


Battery Serial Number
#!/bin/sh

echo "<result>$(ioreg -r -c "AppleSmartBattery" | grep "BatterySerialNumber" | awk '{print $3}' | sed s/\"//g)</result>"

uptime days

#!/bin/bash
# Commands required by this script
declare -x awk="/usr/bin/awk"
declare -x sysctl="/usr/sbin/sysctl"
declare -x perl="/usr/bin/perl"

declare -xi DAY=86400
declare -xi EPOCH="$($perl -e "print time")"
declare -xi UPTIME="$($sysctl kern.boottime |
$awk -F'[= ,]' '/sec/{print $6;exit}')"

declare -xi DIFF="$(($EPOCH - $UPTIME))"

if [ $DIFF -le $DAY ] ; then
echo "<result>1</result>"
else
echo "<result>$(($DIFF / $DAY))</result>"
fi


Active power management

#!/bin/sh
echo "<result>`/usr/bin/pmset -g 2>&1 | grep \* | awk '{$NF=""; print $0}'`</result>"


Email ID

#!/bin/bash

pathData="/usr/local/dashboard/data/EmailAddresses.dat"

function DashboardStructure {
  # Ensure the appropriate directories are in place.
  mkdir -p /usr/local/dashboard/{bin,data,logs}
  CheckAppleMail
  CheckOutlook
}

function CheckAppleMail {
  if [ `ps aux | grep -c "Mail.ap[p]"` -gt "0" ]; then
    accountsMail=$(/usr/bin/osascript <<-EOF
    tell application "Mail"
    user name of every account
    end tell
    EOF)
    for account in $accountsMail; do
      if [ `echo $account | grep -c "@"` -gt "0" ]; then
        echo $account | tr -d "," >> "$pathData"
      fi
    done
  fi
}

function CheckOutlook {
  if [ `ps aux | grep -c "Microsoft Outlook.ap[p]"` -gt "0" ]; then
    accountsOutlook=`/usr/bin/osascript <<-EOT
    tell application "Microsoft Outlook"
    user name of every exchange account
    end tell
    EOT`
    for account in $accountsOutlook; do
      if [ `echo $account | grep -c "@"` -gt "0" ]; then
        echo $account | tr -d "," >> "$pathData"
      fi
    done
    accountsOutlookIMAP=$(/usr/bin/osascript <<-EOF
    tell application "Microsoft Outlook"
    user name of every imap account
    end tell
    EOF)
    for account in $accountsOutlookIMAP; do
      if [ `echo $account | grep -c "@"` -gt "0" ]; then
        echo $account | tr -d "," >> "$pathData"
      fi
    done
  fi
}

function ReportResult {
  if [ -e "$pathData" ]; then
    cat "$pathData" | sort -u > "$pathData.tmp"
    mv "$pathData.tmp" "$pathData"
    echo "<result>`cat $pathData`</result>"
  else
    echo "<result>N/A</result>"
  fi
}

Useful link for Jamf Pro starters

Youtube knowledge base :
https://www.youtube.com/playlist?list=PLlxHm_Px-Ie3dNKXGmRIuxFgmiy2KZDH5


Guide:
http://docs.jamf.com/10.9.0/jamf-pro/administrator-guide/Preface.html

Network Ports Used by Jamf Pro :
https://www.jamf.com/jamf-nation/articles/34/network-ports-used-by-jamf-pro

integrate Jamf Pro with Active Directory Certificate Services (AD CS) : http://docs.jamf.com/technical-papers/jamf-pro/integrating-ad-cs/10.6.0/Introduction.html

Finding a Process Name Using Terminal:
https://www.jamf.com/jamf-nation/articles/98/finding-the-name-of-processes-when-configuring-restricted-software

Starting and Stopping Tomcat :
https://www.jamf.com/jamf-nation/articles/117/starting-and-stopping-tomcat

Enabling Debug Mode:
 https://www.jamf.com/jamf-nation/articles/454/enabling-debug-mode

Classic API
https://developer.jamf.com/#/advancedmobiledevicesearches/findAdvancedMobileDeviceSearches

Obtaining an Installer Certificate from Apple:
https://www.jamf.com/jamf-nation/articles/301/obtaining-an-installer-certificate-from-apple

Integration of Jamf with Intune:
http://docs.jamf.com/technical-papers/jamf-pro/microsoft-intune/10.9.0/Introduction.html

• Jamf Pro includes three components: 
  1. Java: a runtime environment required by Apache Tomcat and the Jamf Pro web application 
  2. Apache Tomcat: a web server 
  3. MySQL: an open source relational database management system 

• The physical location of the Jamf Pro server depends on each organization’s needs. There are two options: 
  1. Hosted by Jamf in a cloud environment 
  2. Hosted by an organization in their server environment using macOS, Ubuntu, Red Hat Enterprise Linux (RHEL), or Windows Server 

• Navigating Jamf Pro: 
  • Dashboard, Sidebar, Objects, and Buttons 
  • Computers, Devices, and Users 
  • Settings button 
  • Keyboard shortcuts
    • 
      
  • Buildings and Departments can be created to organize the devices managed by Jamf Pro.
    
    

Jamf Pro Navigational Aid

Computers

Devices
Users
Settings

Jamf Pro Server Environment

	Server OS	Tomcat Version	Database Configuration	Java
Recommended	Windows Server 2016	Tomcat 8.5	MySQL 5.7 – InnoDB	Oracle Java 1.8
	Ubuntu Server 18.04 LTS		MySQL 5.7 on Amazon RDS – InnoDB	OpenJDK 1.8
	macOS 10.14*
	Red Hat Enterprise Linux 7.x
Minimum Required	Windows Server 2012 R2	Tomcat 7	MySQL 5.6 – InnoDB
	Ubuntu Server 16.04 LTS
	macOS 10.13*
	Red Hat Enterprise Linux 6.x

* macOS is not recommended for clustered environments.

Web Browsers
The following table lists the browser requirements for enrollment and access to web applications:

	macOS	iOS	Windows	Linux
Recommended	Safari	Safari	Microsoft Internet Explorer 11
Minimum Required	Google Chrome		Google Chrome	Google Chrome
	Mozilla Firefox		Mozilla Firefox
			Microsoft Edge

Computer and Mobile Device Management
The following table lists operating system requirements for managed computers and mobile devices:

	macOS*	iOS	tvOS
Recommended	macOS 10.14.x	iOS 12.x	tvOS 12.x
		iOS 11.x	tvOS 11.x
Minimum Required	macOS 10.13.x	iOS 10.x
	macOS 10.11.x	iOS 9.x

* Also indicates macOS versions required to run Composer on Mac computers.

Jamf Pro Server Requirements

The server used to host Jamf Pro should meet the minimum requirements for operating system, Tomcat version, database configuration, and Java installation. For detailed information on these requirements, see "Jamf Pro Server Environment" on the Jamf Pro System Requirements page. 

The Jamf Pro installers have additional requirements for each platform: 

Mac

• A 64-bit capable Intel processor 
• 2 GB of RAM 
• 400 MB of disk space available 
• Ports 8443 and 9006 available 

Linux

• A 64-bit capable Intel processor 
• 2 GB of RAM 
• 400 MB of disk space available 
• The "wget" utility installed 
• Ports 8443 and 8080 available 

Windows

• A 64-bit capable Intel processor 
• 2 GB of RAM 
• 400 MB of disk space available 
• Ports 8443 and 8080 available
  Note: The Jamf Pro Installer for Windows automatically creates a firewall exception for port 8443. If you are using a third-party firewall, or if you are using a port other than 8443, you will need to manually add a firewall exception. 

Jamf Now

Today just tried Jamf Now:
Create your Jamf Now Account : https://www.jamf.com/products/jamf-now/?r=05efa215693a43be887ba2a161aa1bc7

Jamf Now is Basic For SMB and to get start for becoming a Pro on Jamf.

what all was possible when i tried:

Setting:
Binding : Apple school Manager and Apple Business Manager
Binding : VPP
Auto enrolments and open enrolments
Add Team Mates

Configuration Policies :

iOS Device:

• Apps Push
• Web clips
• Security : Password
• Email configurations
• Wifi configurations
• Restrictions: Apps, Security & Privacy, Network & cellular, iCloud, siri, Email wallpaper
• Single App mode
• OS update

Mac Device:

• Apps Push
• Security : Password and Enable file Vault 2
• Restrictions: Apps to a certain limit, iCloud
• wallpaper
• OS update

I suggest this for testing on for iOS Device and SME.

Scan a Document on a Mac using iPhone and iPad

With New Continuity feature on macOS Mojave and iOS 12 many app on Mac works with continuity camera including Pages Numbers and Keynote. you can now Take a Photo or Scan a Document using iPhone camera or Scan a document.

How to add a Photo or Scan a document:

• Open your document
• Right click on a Space with in the document Insert From iPhone or from Menu Insert > Insert from iPhone.
• Hover to Import from iPhone or iPad
• Click what you want to do i.e Take a Photo or Scan a Document
• You can see the camera of iPhone or iPad is active
• Click Save once done
• Photo or Scan a Document will appear in your Document page.