Jamf Nation Community

myu · 2 weeks ago

I know that most folks are recommending user-driven provisioning where the end-user gets to enjoy the process of being involved in setting up their Macbooks. Our org is not one of those. Our users prefer to get their Macbooks and get to work immediately and not have to wait for apps to install or things to be configured while they sit and do nothing. We achieve this in Windows by pre-provisioning (Microsoft calls it white glove) where we assign common apps (Office, Chrome, VLC, etc) to the devices rather than the user and we leave user-specific apps (not all users get Adobe Creative Cloud for example) to be installed after the user logs in. This way, we can get a fleet of Windows laptops ready for use by anyone with very minimal delays experienced by the user (they can work in Outlook and Chrome while Adobe CC is being installed in the background).

I plan to achieve the user side of things using DEPnotify but any suggestions how to pre-provision common apps? Is putting the comon apps in the pre-stage the only way to do this? Most of my readings so far recomend that only really essential things be included in the pre-stage such as Jamf Connect and wi-fi profiles.

myu · 2 weeks ago

I'm going to go answer my own question here for those looking for the same thing ... Jamf does this using the Enrollment Complete trigger in policies. The only reason I was thinking that it wasn't doing it was because my test app (Office 365) takes about 10mins to install. That and the fact that there is no visible indication that things are being installed in the background (unlike Windows which shows the progress).

When I swapped my test app to something smaller (Google Chrome), I can see in the logs that it did continue to install even without me logging into the device.

So the only problem now is how to know when all the apps have installed (aside from constantly looking in the logs; not good when you're deploying multiple Macbooks at the same time). In our case, we use Jamf Connect so I sequenced that app so that it installs LAST among all the apps that are part of the pre-provisioning process. As soon as the normal Mac login screen changes to Jamf Connect, I know that all the other apps have finished installing. You can do the same if you're still using NoMAD I guess. Other than that, I have no idea what other visual cues can be put in place.

View solution in original post

myu · 2 weeks ago

I'm going to go answer my own question here for those looking for the same thing ... Jamf does this using the Enrollment Complete trigger in policies. The only reason I was thinking that it wasn't doing it was because my test app (Office 365) takes about 10mins to install. That and the fact that there is no visible indication that things are being installed in the background (unlike Windows which shows the progress).

When I swapped my test app to something smaller (Google Chrome), I can see in the logs that it did continue to install even without me logging into the device.

So the only problem now is how to know when all the apps have installed (aside from constantly looking in the logs; not good when you're deploying multiple Macbooks at the same time). In our case, we use Jamf Connect so I sequenced that app so that it installs LAST among all the apps that are part of the pre-provisioning process. As soon as the normal Mac login screen changes to Jamf Connect, I know that all the other apps have finished installing. You can do the same if you're still using NoMAD I guess. Other than that, I have no idea what other visual cues can be put in place.

DTB_Kirky · 2 weeks ago

Jamf created a Depnotify script you can use to deploy and monitor your app policies.

https://github.com/jamf/DEPNotify-Starter.

Edit the script to your specification; upload it to Jamf and run that script as your 1st policy in enrollment

myu · 2 weeks ago

Doesn't DEPNotify require a user to be logged in?

Tribruin · 2 weeks ago

I would not recommend putting any pkg of size (like Microsoft Office) in your Prestage. Jamf and Apple recommend only installing the most essential packages. I only have my JamfConnect Mega package to get Jamf Connect installed.

We had a similar situation where our users "expected" a ready to use computer. I ended up developing the following process:

Technician enrolls the computer using ADE
A special enrollment only account is created on the computer using the PreStage accounts process
Technician signs in using the enrollment account
Deployment process starts and runs for technician
As part of the deployment process, the technician is prompted for the end users account and the computer is reassigned in Jamf to the correct end user.
At the end of the deployment process, the tech runs a Self Service policy to generate a user account for the end user, based on the user that was assigned. The process also generates a temporary password for the end user.
Tech logs out of enrollment account and back in as the end user using the temporary account
Final settings are applied to the new user account (wallpaper, dock setup). Technician shuts down computer and ships to end user with the temporary login password.
User logs in and syncs their computer with Jamf Connect to set their local password to match their network password.

It works really well, but we are moving to true user driven enrollment and just letting the user wait for the Apps. For most users this is a less than 30 minute process.

myu · 2 weeks ago

Cool. Thanks for sharing.

It won't work for our workflow though because we don't wait until the user needs the Macbook to provision it. Ours require that as soon we receive the unit, we pre-provision it and then store the unit so that when it's needed, we basically just take it out of storage and let the user log in. This way, when a Macbook fails, we have an immediate replacement available already.

Jamf Nation Community

Pre-provisioning Macbooks in Jamf