Automate enrollment and package installment

Professional
New Contributor II

Hi,
I'm new to the Jamf community.
we have old jamf settings on our company, I want to be able to automate jamf enrollment + necessary package installment .
what steps should I follow? (I'm familiar with jamf 100)

my second question is that when we buy new products for our company like iPhone and macbooks is it possible to deploy them automatically without unboxing them?

3 REPLIES 3

jyoakum
New Contributor III

I’ll start off first with buying new equipment. In order to accomplish what you want to do, there are a few things you’ll need.

  1. You’ll need to signed up for Apple school/business manager depending on if you are a school or business.
  2. Work with your Apple account rep to make sure that you have a customer number(s). You’ll want to set those numbers(s) in the Apple Business Manager.
  3. Make sure to order the equipment using one of the customer numbers that you set in Business Manager. When you place an order through Apple website with that customer number, then Apple will automatically add those devices to your business manager.
  4. Need to configure Jamf with that connection to Business Manager, while also configuring Business Manager to default to that MDM server.

This process with pre-stage all the devices into Jamf for any auto-enrollment processes, which then would allow for end users to just open a box and it would automatically proceed from there.

Once all that is done, then you can work on a pre-stage workflow that can be almost fully automated. I won’t go full bore here with exactly how to automate application installs, as it’s lengthy, but look into using either DEP Notify or the Jamf helper. Leveraging these will give you a decently smooth automatic, controlled process of installing Mac apps to devices. IPads are a little easier because all you’ll have to do is scope apps to them.

Professional
New Contributor II

jyoakum , Thanks for your reply.

We have already done the four steps you mentioned.
can you please send me the detailed instruction about the next steps you mentioned?

jyoakum
New Contributor III

So, for our process, we have a default naming scheme, but we also have set machines that we want with certain names (like labs). So we start are workflow with hitting an API that will compare serial numbers to hostname and if it finds the serial number, then will name it what we want... You can store those in a CSV file or for us, we have a dashboard and SQL database storing the data and then an API set up in order to call it... You don't have to do this, this is just what we do...

Here is part of the script that we use. We have a policy set up to run this on enrollment.

workstationSerialNumber=$(system_profiler SPHardwareDataType | grep "Serial Number (system)" | awk '{ printf "%s", $4 }') curl -s "${API_BASE}/${workstationSerialNumber}" >> "${WORKING_DIR}/${URL_OUTPUT}" if [[ -f "${WORKING_DIR}/${URL_OUTPUT}" ]]; then result=$(cat "${WORKING_DIR}/${URL_OUTPUT}" | grep -o '"HostName":.",' | sed 's/"HostName"://g' | sed 's/^ //g' | sed 's/"//g' | sed 's/,//g' ) fi if [[ $result ]]; then newAdFriendlyComputerName=$result else fi newAdFriendlyComputerName=$(system_profiler SPHardwareDataType | grep "Serial Number (system)" | awk '{ printf "%s", $4 }' | awk '{ print tolower( substr($0,4,11) ) }') newAdFriendlyComputerName="${CampusCode}-${newAdFriendlyComputerName}" fi newAdFriendlyComputerName="$(echo -e "${newAdFriendlyComputerName}" | sed 's/[[:space:]]//g')" "$JAMF_BINARY" setComputerName -target "$1" -name "$newAdFriendlyComputerName"

And then after it sets the name, we call a different policy from this one that controls our app installs.

#Use the Jamf binary to install apps "$JAMF_BINARY" policy -event provision_computer

In that script is where we use other policies and call them one at a time in the order we want to install the apps.

#!/bin/zsh PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin::/usr/local/sbin:/usr/libexec export PATH jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" jamfbinary="/usr/local/bin/jamf" LOGFOLDER="/Library/Logs/UA" LOG=$LOGFOLDER"/UA_macOS_Deployment.log" hostname=$(scutil --get ComputerName) ------------------------------------------- FUNCTIONS ------------------------------------------- logme() { if [ ! -d "$LOGFOLDER" ]; then mkdir -p $LOGFOLDER fi # Check to see if function has been called correctly if [ -z "$1" ]; then echo $( date )" - logme function call error: no text passed to function! Please recheck code!" # In this instance we disable the ungraceful exit as we don't want the script to stop simply because we didn't pass a value. # exit 1 fi # Log the passed details echo -e "[$(date "+%b %d, %Y %H:%M:%S")] $1" 2>&1 | tee -a $LOG # We disable the following because we do not want a blank line inserted after each log line. # echo "" >> $LOG } End function logme install() { # For reference: # $1 is the Description of what you are installing # $2 is the Policy of the Application that you are installing # $3 is the Icon set to use logme " -Installing $1" killall jamfHelper "$jamfHelper" -windowType "hud" -heading "Installing applications..." -description "$1" -icon "/Library/Application Support/UA Jamf/icons/$3" & # path to iconset "$jamfbinary" policy -event "$2" } ------------------------------------------- EXECUTION ------------------------------------------- logme "JAMF macOS Provisioning" logme " Updating inventory and installing icons" "$jamfHelper" -windowType "hud" -heading "Syncing with Jamf Pro..." -description "Updating inventory and installing icons" -icon "/System/Library/CoreServices/Finder.app/Contents/Resources/Finder.icns" & logme " Running initial Jamf Recon..." "$jamfbinary" recon logme " Running Jamf policy event install_Rosetta..." "$jamfbinary" policy -event install_Rosetta logme " Running Jamf policy event install_icons..." "$jamfbinary" policy -event install_icons Install base apps logme "* Installing base applications..." install "UAA Pre-reqs" install_UAAExtras UAA_Swoosh.icns install "Adobe Acrobat Reader DC" install_AdobeReader reader.icns install "Fetch" install_fetch fetch.icns install "K2 Client" install_K2client k2.icns install "Mozilla Firefox" install_firefox firefox.icns install "Google Chrome" install_Chrome chrome.icns install "Java 8" install_Java java.icns install "Office 2019" install_Office office.icns install "VLC" install_VLC VLC.icns isntall "Zoom" install_ZoomMeetings zoom.icns

We then also have an If..Then..Else statement that will install additional apps if the hostname starts with certain characters.

Once the script is all done, then we reboot the machine.

If you notice that we created a package with all the iconsets for the apps and then distrbuted it first so that all the subsequent apps had matching icons and it looked better. Each app is it's own policy with a custom trigger so that we can call it from the command line.