We've been creating an image from the base OS installer on the App Store using AutoDMG and using it to wipe Macs via Disk Utility to an out of box state when dealing with malware or device owner changes. Super simple, fast, clean and modular since we push all config profiles and the latest App packages and policies down after the device goes through the Pre-Stage enrollment and hits the desktop for the first time.
With APFS and High Sierra, we can no longer use Disk Utility to accomplish this. Maybe I'm wrong, but from reading JAMF's white paper on the subject, it looks like the suggestion for performing a full wipe is to re-download and install the OS using the recovery partition. I hope there is a better way, because this takes a long time (38 minutes and counting on the test machine in front of me instead of <2 minutes for imaging via thunderbolt cable) and is kind of harsh on our Wi-Fi.
I just wanted to get the nation's perspective on imaging as we move forward. I've never used NetBoot and I know essentially nothing about it. Can we use it to pull down a base OS image like we did with disk utility, perhaps even image from machine to machine via Thunderbolt's networking capability? Does NetBoot work over Wi-Fi?
Netbooting is basically just booting to a network hard drive. What we do is netboot to a 10.11.6 image with casper imaging on it. We have a OS DMG's uploaded through casper admin and within casper admin we have a configuration for each os version we use. (dmg's made with autodmg). Just set it to priority 1 in the configuration and you should be good. Netboot works over wifi but I use it over a wire as it's faster.
Not that I have tried it myself but the latest AutoDMG under Advanced Options allows you to create the "Base" system formated as either APFS or HFS+. This means you could still do your standard image workflow and if wanted then boot into Recovery Mode and in Disk Utility convert the hardrive from HFS+ to APFS.
Due to the multiple issues with High Sierra though and no DEP at my workplace I have been experimenting with adapting our image workflow and High Sierra.
1 - Base system from Apple or a reinstalled Base High Sierra
2 - Field Techs run QuickAdd.pkg to bind mac to the JSS
3 - Policy in JSS to upload a sparseimage file with packages needed to /usr/local
4 - Shell script uploaded to /usr/local/bin/
5 - PLIST file uploaded to /Library/LaunchDaemons/
6 - Restart system
The LaunchDaemon calls the Shell script which installs and makes changes to the Mac Base system and then reboots.
Similar in a way as to how we use AutoDMG but adapted to the "I got no choice and need a workaround now" scenario. It works pretty well, I just got to make sure the Add-on pkgs work as well. Time wise it is not as long as our original method (+- 10 minutes).