So way, way outside my comfort zone, but feeling this days the importance of stretching myself I think I've a highly relatable topic for JNUC 2024 pertaining to the experience of being a Macadmin in a very Windows world, and all the trials and tribulations arising therefrom. I've submitted both my proposal and introductory video, and working from my outline following is what I've come up with:
Good morning/afternoon! My name is Chad Jones. Iām currently the Jamf/Mac endpoint administrator for the City of Phoenix. This is a role Iāve held for about 3.5 years. A little about me: my professional infotech experience stretches back a quarter century to February, 1999, when I assumed my first desktop support role. Within eighteen months I was promoted, and then again about 2.5 years later. Twelve years of my career was spent directly supporting the needs of our executives and elected officials (Mayor, Council, and City Manager). I routinely received kudos for my technical acumen, ability to explain industry concepts to customers without talking down to them, and for my problem-solving skills as well. Iāve received commendations from: former mayor, Phil Gordon, the late former interim mayor and councilwoman, Thelda Williams, fomer mayor, and now congressman, Greg Stanton, twice received the āI Luv District 8ā award from former councilman, Michael Johnson, and from current the current mayor, Kate Gallego, as well.
I over many, many years have garnered a reputation as the go-to guy when things go pear-shaped. Iām known for my ability to resolve issues others havenāt been able to. Part of this is outside-the-box thinking, part is determination, and part sheer stubbornness. I hate it when things just donāt work as they should, and do my darnedest to, in nautical terms, return things to their respective, normal functioning states.
I should here mention that on a personal level, the 10gig Firewire iPod was my gateway drug into the Apple ecosystem. I added a Firewire card to my WindowsXP PC to sync both my, and my wifeās, iPods with our music library.
Roughly around that same time, the staff of our public information channel, Phx11, was making a transition away from editing on Avid to editing with FinalCut, and thus were procuring Macs. Not knowing much I was nevertheless game, and began supporting Macs in around 2005. In fact, I made a case to my supervisor that since I was supporting them I should have one to familiarize myself; they got me an early-model Mac Mini with a whopping two gigs of RAM, and a CoreDuo CPU. While I shouldnāt I still have it, and it still has the MS WindowsXP license sticker I placed on it when setup dual booting via BootCamp.
And Jamf isnāt my first foray into the world of the MDM; in 2014, I was co-admin of on on-prem MobileIron instance. Iāve nothing much to say about this, except I did my darnedest to just make it work within our enterpriseā¦. But it just never quite got there. There were far too many gotchas. Bear in mind I did this in addition to my ongoing desktop support duties as we at same time transitioned to a Shared Services model of technical support.
Have I made mistakes? Did the RDF emanate from the late Steve Jobs? There was a time about eighteen-ish years ago when a high-level staffer was in DC to testify before congress; they needed a particular file, or set of files from the org. The request came late in the day, management could not be reached. So I did what I thought best under the constrained circumstances: I put the files in my iWeb. The executive was pleased; they had their files, and could testify. But my direct supervisor? As he should have been was concerned about the potential for breachā¦ While it wasnāt a formal writeup I did get a notice of coaching in my personnel file.
Another mistake I made, in the name of wanting to please, was in the light of an unexpected retirement, to take on the role of SCCM patch manager. The previous manager left extensive documentation, and I not knowing as much as I should have about the processes involved, trusted this documentation, following its detailed procedures daily, weekly, and monthly.
I only later learned that the reporting was structured in manner to curate results in fashion more favorable than the actual stats. Some months, despite all appearance to the contrary, no patches went outā¦ But my reports indicated they had.
I was removed from this role, and relegated shortly thereafter to technical liaison to our enterprise technology helpdeskā¦ In addition to my ongoing desktop support duties.
So it was in May of 2021 that I, with my confidence in myself ebbing, was asked to implement Jamf Pro cloud for the city. I hit the ground running, not really looking backā¦ and ran smack-dab into entrenched institutional bias and attitudes about Macs in the enterprise.
Time-after-time Iād do some research, seeing how other Macadmins had resolved similar issues, and open requests toā¦ crickets. Time-and-time-again, my tickets would go unresponded to, or I would report an issue only to have it be ignored. Or I would describe in great, painstaking detail what was occurring, how others had resolved things, only to have my core competencies repeatedly questionedā¦ In many, many this was somewhat akin to, for instance, a person receiving a diagnosis, and having this things are suddenly so much clearer for themā¦ So many, many things which had never made sense were now so clear in light of the new information. This sense of joy is then quickly tempered as, having completed this leg of the journey, they then run smack-dab into entrenched attitudes, biases, and misunderstandings about the medications used to treat this newly-diagnosed condition.
The answer to one of the biggest questions, āWhy is everything seeming to just take so very, very long with this Jamf stuff, Chad?ā
Iāll answer by way of the following:
- Requests for help were either being unresponded to, or outright ignored.
- Direct queries to those, for instance, with knowledge and oversight of the on-prem network architectures, resulted in such responses as āI canāt help him [me].ā
- Repeatedly being told āWe donāt have to do that for Windows.ā
- Hearing, via third party, and I quote, āWhat the for-unlawful-carnal-knowledge does he need? I donāt have three hours for that!ā
- You have entire teams of people supporting Active Directory, and Windows; for Jamf, thereās just me. And Iām blazing a trail hereāwe had no formal Mac support prior.
So I had to both find, and implement, my own solutions and workarounds to as they say just ākeep the lights on.ā I took my passion for the Mac, channeling it into fuel for learning everything I needed to do my job and do it well. So I had to learn enough about 802.1x Wi-Fi to create a mobileconfig profile, I had to learn shell scripting, I had to delve into Kerberos, creating krb.conf files, crafting an AppSSO extensionā¦ And I had to do it all under increasing contraints and strictures. I had to devise a functional means of deploying Falcon Crowdstrike to unbound devices. Finding some resources online I discovered how I could query app-sso, harvesting each respective userās creds for the installā¦ Which ran me smack-dab into getting blackholed by CS, and subsequently having to provided samples, justifying myself to InfoSec.
I lost about two days of productivity to that.
Subsequent to that experience, I leveled up again, transtioning my script away from extracting credentials from app-sso and instead writing user UPNs to the RealName filed via dscl. This then is read by the Netskope installation script. Iāve not fun afoul of Crowdstrike sinceā¦
I donāt think I need to continue; Iām sure so very many of you can relate. Each and every time InfoSec, or the org, has thrown something at me Iāve figured out how to make it work for Macs.
Those are some of the challenges of being a Macman in a Windows world; this is not unique. The stories are legion.
How did I turn things around? How did the tide begin to turn?
I used an analogy above about this journey being akin to that of an individual receiving a diagnosis, feeling relief, and then encountering prejudice about how theyāre treating their newly-diagnosed condition. I suppose itās no surprise that Iām talking about myself, and where I dropped the ball is that while I was opening tickets I was moving so fast from one thing to the next I wasnāt following upāI wasnāt being as proactive as couldāve been. Thus my frustration would mount, and I would ping my direct supervisorsāwho had no idea about what I was talking about.
So it was that I learned I had ADHD, and had had it my entire life, and began treating it that it was I began learning how to be both proactive and properly assertive; I learned to ask for what I need, and to follow up with the relevant stakeholders. Iām not entirely comfortable outing myself in this manner to a global audience, but it's entirely relevant. And I imagine that itās highly, highly likely that a number of this both in this industry, and here, now at this conference, are what is colloquially termed as āneurodivergent.ā Weāre the outside-of-the-box thinkers, the ones passionate to the point of obsession, the ones who still āThink Different.ā
Iām also putting myself out there in this fashion because itās important for those present, any whoāll see or hear this later, and the coming generations to know that someone with a condition can not only survive, but thrive in a highly mutable, fast-paced information technology career. Iām living proof.
Now I wish what I was going to say next was sexy, or dramatic, but itās I think unfortunately pedantic:
Consistency is king.
Youāre going to encounter prejudice; I still do to this day, e.g., one of our enterprise InfoSec architects opined (again) āMacs donāt belong in the enterprise.ā Iāve learned to tune this out, focusing instead on what I need to do, among which are the following:
1) Document, document, document
--create that digital paper trail by making use of your ticket reporting system. This puts time and date stamps on everything. Attach relevant Apple/Jamf/MS/whoever elseās techdocs.
2) Communicate daily with your supervisors
--loop them in on absolutely everything, because you want them on your side.
3) Know when to escalate. There have been a couple/few occasions wherein Iāve had to craft a carefully worded, highly diplomatic executive ācarpet-bombā email. Tread cautiously here. I did this the day after returning from JNUC last year. After seeing so many of you, engaging in numerous BrainDates, attending the sessions, learning what other teams were up to across the globeā¦
I saw what could beāand I wanted it.
And subsequent to a little consternation amongst my direct superiors the tide has turned; instead of casting aspersions (āJust what is that Mac admin up to?ā) itās instead āWhat do you need?ā
To that end, and bear in mind this is municipal government weāre talking about here:
1) Management authorized the allocation of close to $2,000 to engage with Jamf engineering (Thanks, Molly!), who found no gotchas in my cloud instance other than some policies running a bit too frequently, and who highlighted my organization of policies and profiles by categories. ļI have to say this felt like vindicationāand my boss was on the call!
2) Due to seeming ongoing challenges pertaining to our ADFS authentication scheme behaving differently when attached to different networks, and ongoing dialogue with relevant stakeholders not particularly going anywhere, weāre engaging with Apple Professional Services--to the tune of an amount Iām not here authorized to discloseāto have them come onsite for a soup-to-nuts eval of our environment and infrastructure for a period of about two weeks. Weāre going to have our Come-to-Jesus moment with our partner divisions and sections, going from there into the future.
My commitment is that the Mac user experience in my enterprise is second-to-none, exceeding that of our Windows users.
Thank-you most kindly for your time and attention! Iām open to any questions.
----------------------------------------
I guess I'm putting this out there to see just how relatable it is, where I might need to punch it up, or it just sucks harder than an Electroluxe! Thanks!
