Posted on 12-14-2018 03:14 PM
Hi,
I'm working with a client who just had their second Mac stolen in a year. This one was only a few weeks old.
We sent a "Lock Computer" command, but as he pointed out, there are very few situations where the thief is able to unlock the Mac with a fingerprint and connect to a valid network to receive the MDM command rather than just wipe and re-install. It's also been pointed out in these forums that if the thief bypasses the network during Setup Assistant, DEP won't get a shot at it either.
They are not currently using firmware passwords or the like, and the user isn't signed into iCloud to use Find My Mac.
At this point, the machine is just gone. But I'm not writing to find out how to get it. I'm hoping to start a more modern conversation about how people are preventing loss or handling when a machine is stolen from a technical standpoint in 2018 and beyond.
What tools do you use?
Thanks,
Chad
Posted on 12-15-2018 04:04 PM
Absolute is a very solid company to go with. They work with local law enforcement to locate and retrieve a stolen device. They can track the device not only to a location but also what ever floor it may be on if its a large building.
Also, if they cannot retrieve the device for you, they actually pay you back, pay back prices are predicated upon the device/year/model. They will also send a representative to sit down with you and discuss what you want to do, make sure it will work for your environment, etc.
With this software you can set up geofences, so if a device leaves a certain area or pings outside of the geofence, it can lock down, etc, before you even realize its gone and have a chance to lock it with Jamf.
It's worth taking a look and participating in the free trial.
https://www.absolute.com/en/partners/oem/apple
Posted on 12-18-2018 11:44 AM
We're using Prey along with JAMF to lock computers out and then ultimately look up where they are etc. through Prey if somehow someone figures out how to get past the JAMF remote lock (Its possible). In the test cases we've had we used these really old computers as a proof of concept to see if we could gather enough information about who, what and where, etc. for our computers and so far (knock on wood) haven't had to use it for a real computer. We know we have tools at our disposal now to do so should the situation come up.
For the setup, we have a special DEP environment setup for stolen devices and they get Prey as soon as they touch the internet and finish enrolling etc.
This is a link to the session I first attended about Prey at JNUC 2017: https://www.jamf.com/resources/videos/security-woes-now-what/
Another from JNUC 2018: https://www.jamf.com/resources/videos/loss-prevention-using-prey/
Hoping that helps!
Posted on 01-04-2019 10:02 AM
Thank you both for your guidance. I've been relaying these suggestions to my client. He's happy to hear that people have solutions they like.
Posted on 04-30-2019 10:52 AM
Do Prey or Absolute solve for whether or not a thief bypasses network configuration during setup? So far as I can tell, if the setup is completed without an active network connection, then Jamf won't have an opportunity to push Prey out to a machine flagged as being stolen.
Disclaimer: I haven't tested with Absolute yet.
Posted on 04-30-2019 11:29 AM
easy turn on a firmware password. they will not be able to do any thing with the device if they don't go in to apple store and thus if it is stolen they will not be able to get it reset. firmware password /file vault / added to jamf should make the device a brick.