Posted on 09-16-2024 08:01 AM
Our school division uses Active Directory and managed Apple IDs. I currently allow personal Apple IDs to be set up on a computer. Some users have been granted administrative access on the computer they use because of the remote work they do. I have observed that when personal Apple IDs are used with an account when a software update is available it will prompt for authentication but the username section is greyed out with just their username, but even when using their current password it says try again. This also happens with some other things like require lock screen password.
The lock screen issue just came to my attention today but the Software Update I've been getting around that by either remoting into the computer, logging into our local account and authenticating there or pushing out a Software Update policy in Jamf Pro to that computer.
Does anyone know why this happens with personal Apple ID and how I can get around this? This seems to happen at least with macOS Sonoma and Ventura. Can't say I have tested beyond that.
Posted on 09-16-2024 09:14 AM
good question, if the users cannot authenticate for a software update, it is more then likely because the account is no5t a volume owner; or lack a token that is required on modern APFS setups; more info available here:
https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/web
https://derflounder.wordpress.com/2023/03/10/granting-volume-owner-status-on-apple-silicon-macs/
I also wouldn't allow, personal apple IDs, but if you do, best to ensure that activation lock is disabled ion the prestige and DEP enrollment is used. hope that helps.
Posted on 09-19-2024 06:40 AM
I thought of this but haven't checked it out yet. Will do so as I can easily reproduce the issue.
It's not just for software updates though.