Help

New to DEP, MDM, Need Some Guidance

habiem
New Contributor

Posted on ‎03-29-2018 07:05 PM

I'm a partner at a small software development company. We've got 23 employees and 30ish MacOS machines. I've been searching for a better way to handle OS updates than walking around and making sure all updates are installed. I'd prefer not to turn on auto-updates on all of the machines for a number of reasons.

I tried Apple Remote Desktop, but it seems to have issues when the machines have FileVault on. I have tried sending unix commands to the machines (softwareupdate -i -a) to get them to update. It downloads the updates, but always hangs installing. I can run around and type in passwords to get past FileVault, and if I get to all of them fast enough, they will install...

So...in my research, it seems DEP-enrolled machines is what I need, plus an MDM to force the updates to run. Over the years, we've bought the machines via Apple Retail, with no customer number, so it seems like I'm screwed on DEP. I tried Jamf NOW, but without DEP, I can't push updates.

Is there something I'm missing?? It really seems like there's got to be some way to easily manage a small network without needing to buy all new machines so that they are DEP enrolled. Does anyone know if there's some magic with Remote Desktop I'm missing?

Greatly appreciate any advice. This has been driving me crazy for months now.

Labels:
0 Kudos
3 REPLIES 3

bradtchapman
Valued Contributor II

Posted on ‎03-29-2018 10:51 PM

Hello Joseph,

Unfortunately without DEP you can't get silent MDM enrollment during activation. However, starting with Jamf Pro 10.3 you will be able to enroll your Macs in a way that doesn't require a separate step to install / approve MDM. When you visit https://yourjss.acme.com/enroll, you'll be presented with a sequence of steps to install the CA Certificate as a configuration profile, then the MDM enrollment profile. No more QuickAdd package. It's not silent or transparent—someone still has to click a few buttons—but once that's done, the computer is enrolled and the jamf binary / "on enrollment" steps do the rest. Also, you have a deployment of less than 50 computers. This should take you about half a day, and you'll never have to do it again.

bradtchapman
Valued Contributor II

Posted on ‎03-29-2018 11:04 PM

Also ... since you have Jamf NOW, you would use a "Blueprint" to enforce certain settings on the device. I do not have a Jamf NOW instance in front of me, but Jamf Support should be able to tell you if you can enforce the "Automatic Updates" settings in a Blueprint. Or you could see if such an option exists for you.

To keep your Macs up to date all the time, go to the "App Store" pane and enable every check box. You may find equivalent settings in a Blueprint.

0 Kudos

habiem
New Contributor

Posted on ‎03-30-2018 05:51 AM

Thanks, that's very helpful, I appreciate it. Unfortunately, doesn't look like Jamf NOW has any options for it.

The initial onboarding cost is what is keeping me from going with Jamf PRO. I'm sure I'd find additional uses for it, but right now, I really just want to be able to keep machines in the network in sync (like I do with puppet for our linux environment).

Again, appreciate the help. It's great to know that Jamf PRO does have a solution, if it gets to that level of pain for me.

0 Kudos