milisub.blogg.se - Jamf pro zero touch deployment

#JAMF PRO ZERO TOUCH DEPLOYMENT HOW TO#
#JAMF PRO ZERO TOUCH DEPLOYMENT INSTALL#
#JAMF PRO ZERO TOUCH DEPLOYMENT PASSWORD#

I prefer to call it Light Touch Deployment. If it was truelly zero touch I would be able to open my mac and everything would already be done. I highly recommend using Dan Snelson's great Setup Your Mac:Īs a side rant.I really don't like the term zero touch. Were on Prem and have a very similar solution to this. All the apps and settings get installed and then force the user to logout to activate Filevault.Ideally you want to have your user blocked from doing anything on the mac until its complete This is were you set up something fancy with swiftDialoug or any of the other options. At desktop, EnrollmentComplete trigger should fire off from JAMF.

#JAMF PRO ZERO TOUCH DEPLOYMENT PASSWORD#

(If you don't have JAMF connect, user might need to input password here).

MDM authenticates user and creates account.

Wifi connect to apple, tells it the url of the MDM.

User gets mac and opens it up.logs into wifi.

Assuming you have everything above here's how in theory it would work: Ideally have an authentication method for the user.AD works. There are some great suggestions already.but I'll add my 3 cents. Like do you guys use Apple Business Manager? Volume Purchasing Program? APNS set up? Jamf connect? Because that will determine somethings in JAMF settings. I think we need a bit more information here.

#JAMF PRO ZERO TOUCH DEPLOYMENT HOW TO#

This doc covers how to open internet an on prem JAMF instance.

User logs in the comp portal to register the Mac with Azure (intune) (assuming Azure is open internet if the Mac is off prem).

User logs in to macOS using their LAN credentials.

You need to find a modern IDP solution like JAMF Connect.

If the user is off prem you cant domain bind nor can they log in with a mobile account if even the device is domain bound as the Mac cant see the domain controller.

If the user is on prem you can domain bind with a script and they can log in to mobile accounts.

#JAMF PRO ZERO TOUCH DEPLOYMENT INSTALL#

Your prestage would take over and install any configuration profiles and packages (Assuming you have a cloud distribution point).

JAMF can see AD to authenticate the users.

Users would log in with their LAN accounts to enroll the Mac.

Mac is pointed to your JAMF Instance which is open internet by Apple during activation.

The Automated Device Enrollment workflow would look like this.

Azure and Microsoft Endpoint Manager should not be too bad, but the support Microsoft offers for macOS is garbage. Apple has been saying to stop domain binding for years now. You can script domain binding, but the device still needs to be on prem. These devices become supervised, and the MDM profile can be configured to be unremovable by the user. For JAMF you need a cloud distribution point, and to move your JAMF instance to the DMZ and get a second JAMF JAMF Pro Web App on a external server.Īctive Directory is an outdated solution and designed for on prem tech assisted configurations. Automated Device EnrollmentAutomated Device Enrollment allows organizations to configure and manage devices from the moment the devices are removed from the box (known as zero-touch deployment). The JAMF part is easy, its the Microsoft part that gets sloppy.