![]() ![]() I prefer to call it Light Touch Deployment. If it was truelly zero touch I would be able to open my mac and everything would already be done. I highly recommend using Dan Snelson's great Setup Your Mac:Īs a side rant.I really don't like the term zero touch. Were on Prem and have a very similar solution to this. All the apps and settings get installed and then force the user to logout to activate Filevault.Ideally you want to have your user blocked from doing anything on the mac until its complete This is were you set up something fancy with swiftDialoug or any of the other options. At desktop, EnrollmentComplete trigger should fire off from JAMF.(If you don't have JAMF connect, user might need to input password here).MDM authenticates user and creates account.Wifi connect to apple, tells it the url of the MDM.User gets mac and opens it up.logs into wifi.Assuming you have everything above here's how in theory it would work: Ideally have an authentication method for the user.AD works. There are some great suggestions already.but I'll add my 3 cents. ![]() Like do you guys use Apple Business Manager? Volume Purchasing Program? APNS set up? Jamf connect? Because that will determine somethings in JAMF settings. I think we need a bit more information here. This doc covers how to open internet an on prem JAMF instance. User logs in the comp portal to register the Mac with Azure (intune) (assuming Azure is open internet if the Mac is off prem).User logs in to macOS using their LAN credentials.You need to find a modern IDP solution like JAMF Connect. If the user is off prem you cant domain bind nor can they log in with a mobile account if even the device is domain bound as the Mac cant see the domain controller.If the user is on prem you can domain bind with a script and they can log in to mobile accounts.Your prestage would take over and install any configuration profiles and packages (Assuming you have a cloud distribution point).JAMF can see AD to authenticate the users. Users would log in with their LAN accounts to enroll the Mac.Mobile Device Management (MDM) Application management. This guide contains overviews of features, release history. Mac is pointed to your JAMF Instance which is open internet by Apple during activation This guide contains overviews of features, release history, and instructions for deploying and administering Jamf Connect.The Automated Device Enrollment workflow would look like this. Azure and Microsoft Endpoint Manager should not be too bad, but the support Microsoft offers for macOS is garbage. Apple has been saying to stop domain binding for years now. You can script domain binding, but the device still needs to be on prem. For JAMF you need a cloud distribution point, and to move your JAMF instance to the DMZ and get a second JAMF JAMF Pro Web App on a external server.Īctive Directory is an outdated solution and designed for on prem tech assisted configurations. The JAMF part is easy, its the Microsoft part that gets sloppy. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |