Jamf Nation Community

So way, way outside my comfort zone, but feeling this days the importance of stretching myself I think I've a highly relatable topic for JNUC 2024 pertaining to the experience of being a Macadmin in a very Windows world, and all the trials and tribulations arising therefrom. I've submitted both my proposal and introductory video, and working from my outline following is what I've come up with:

Good morning/afternoon! My name is Chad Jones. I’m currently the Jamf/Mac endpoint administrator for the City of Phoenix. This is a role I’ve held for about 3.5 years. A little about me: my professional infotech experience stretches back a quarter century to February, 1999, when I assumed my first desktop support role. Within eighteen months I was promoted, and then again about 2.5 years later. Twelve years of my career was spent directly supporting the needs of our executives and elected officials (Mayor, Council, and City Manager). I routinely received kudos for my technical acumen, ability to explain industry concepts to customers without talking down to them, and for my problem-solving skills as well. I’ve received commendations from: former mayor, Phil Gordon, the late former interim mayor and councilwoman, Thelda Williams, fomer mayor, and now congressman, Greg Stanton, twice received the “I Luv District 8” award from former councilman, Michael Johnson, and from current the current mayor, Kate Gallego, as well.

I over many, many years have garnered a reputation as the go-to guy when things go pear-shaped. I’m known for my ability to resolve issues others haven’t been able to. Part of this is outside-the-box thinking, part is determination, and part sheer stubbornness. I hate it when things just don’t work as they should, and do my darnedest to, in nautical terms, return things to their respective, normal functioning states.

I should here mention that on a personal level, the 10gig Firewire iPod was my gateway drug into the Apple ecosystem. I added a Firewire card to my WindowsXP PC to sync both my, and my wife’s, iPods with our music library.

Roughly around that same time, the staff of our public information channel, Phx11, was making a transition away from editing on Avid to editing with FinalCut, and thus were procuring Macs. Not knowing much I was nevertheless game, and began supporting Macs in around 2005. In fact, I made a case to my supervisor that since I was supporting them I should have one to familiarize myself; they got me an early-model Mac Mini with a whopping two gigs of RAM, and a CoreDuo CPU. While I shouldn’t I still have it, and it still has the MS WindowsXP license sticker I placed on it when setup dual booting via BootCamp.

And Jamf isn’t my first foray into the world of the MDM; in 2014, I was co-admin of on on-prem MobileIron instance. I’ve nothing much to say about this, except I did my darnedest to just make it work within our enterprise…. But it just never quite got there. There were far too many gotchas. Bear in mind I did this in addition to my ongoing desktop support duties as we at same time transitioned to a Shared Services model of technical support.

Have I made mistakes? Did the RDF emanate from the late Steve Jobs? There was a time about eighteen-ish years ago when a high-level staffer was in DC to testify before congress; they needed a particular file, or set of files from the org. The request came late in the day, management could not be reached. So I did what I thought best under the constrained circumstances: I put the files in my iWeb. The executive was pleased; they had their files, and could testify. But my direct supervisor? As he should have been was concerned about the potential for breach… While it wasn’t a formal writeup I did get a notice of coaching in my personnel file.

Another mistake I made, in the name of wanting to please, was in the light of an unexpected retirement, to take on the role of SCCM patch manager. The previous manager left extensive documentation, and I not knowing as much as I should have about the processes involved, trusted this documentation, following its detailed procedures daily, weekly, and monthly.

I only later learned that the reporting was structured in manner to curate results in fashion more favorable than the actual stats. Some months, despite all appearance to the contrary, no patches went out… But my reports indicated they had.

I was removed from this role, and relegated shortly thereafter to technical liaison to our enterprise technology helpdesk… In addition to my ongoing desktop support duties.

So it was in May of 2021 that I, with my confidence in myself ebbing, was asked to implement Jamf Pro cloud for the city. I hit the ground running, not really looking back… and ran smack-dab into entrenched institutional bias and attitudes about Macs in the enterprise.

Time-after-time I’d do some research, seeing how other Macadmins had resolved similar issues, and open requests to… crickets. Time-and-time-again, my tickets would go unresponded to, or I would report an issue only to have it be ignored. Or I would describe in great, painstaking detail what was occurring, how others had resolved things, only to have my core competencies repeatedly questioned… In many, many this was somewhat akin to, for instance, a person receiving a diagnosis, and having this things are suddenly so much clearer for them… So many, many things which had never made sense were now so clear in light of the new information. This sense of joy is then quickly tempered as, having completed this leg of the journey, they then run smack-dab into entrenched attitudes, biases, and misunderstandings about the medications used to treat this newly-diagnosed condition.

The answer to one of the biggest questions, “Why is everything seeming to just take so very, very long with this Jamf stuff, Chad?”

I’ll answer by way of the following:

• Requests for help were either being unresponded to, or outright ignored.
• Direct queries to those, for instance, with knowledge and oversight of the on-prem network architectures, resulted in such responses as “I can’t help him [me].”
• Repeatedly being told “We don’t have to do that for Windows.”
• Hearing, via third party, and I quote, “What the for-unlawful-carnal-knowledge does he need? I don’t have three hours for that!”
• You have entire teams of people supporting Active Directory, and Windows; for Jamf, there’s just me. And I’m blazing a trail here—we had no formal Mac support prior.

So I had to both find, and implement, my own solutions and workarounds to as they say just “keep the lights on.” I took my passion for the Mac, channeling it into fuel for learning everything I needed to do my job and do it well. So I had to learn enough about 802.1x Wi-Fi to create a mobileconfig profile, I had to learn shell scripting, I had to delve into Kerberos, creating krb.conf files, crafting an AppSSO extension… And I had to do it all under increasing contraints and strictures. I had to devise a functional means of deploying Falcon Crowdstrike to unbound devices. Finding some resources online I discovered how I could query app-sso, harvesting each respective user’s creds for the install… Which ran me smack-dab into getting blackholed by CS, and subsequently having to provided samples, justifying myself to InfoSec.

I lost about two days of productivity to that.

Subsequent to that experience, I leveled up again, transtioning my script away from extracting credentials from app-sso and instead writing user UPNs to the RealName filed via dscl. This then is read by the Netskope installation script. I’ve not fun afoul of Crowdstrike since…

I don’t think I need to continue; I’m sure so very many of you can relate. Each and every time InfoSec, or the org, has thrown something at me I’ve figured out how to make it work for Macs.

Those are some of the challenges of being a Macman in a Windows world; this is not unique. The stories are legion.

How did I turn things around? How did the tide begin to turn?

I used an analogy above about this journey being akin to that of an individual receiving a diagnosis, feeling relief, and then encountering prejudice about how they’re treating their newly-diagnosed condition. I suppose it’s no surprise that I’m talking about myself, and where I dropped the ball is that while I was opening tickets I was moving so fast from one thing to the next I wasn’t following up—I wasn’t being as proactive as could’ve been. Thus my frustration would mount, and I would ping my direct supervisors—who had no idea about what I was talking about.

So it was that I learned I had ADHD, and had had it my entire life, and began treating it that it was I began learning how to be both proactive and properly assertive; I learned to ask for what I need, and to follow up with the relevant stakeholders. I’m not entirely comfortable outing myself in this manner to a global audience, but it's entirely relevant. And I imagine that it’s highly, highly likely that a number of this both in this industry, and here, now at this conference, are what is colloquially termed as “neurodivergent.” We’re the outside-of-the-box thinkers, the ones passionate to the point of obsession, the ones who still “Think Different.”

I’m also putting myself out there in this fashion because it’s important for those present, any who’ll see or hear this later, and the coming generations to know that someone with a condition can not only survive, but thrive in a highly mutable, fast-paced information technology career. I’m living proof.

Now I wish what I was going to say next was sexy, or dramatic, but it’s I think unfortunately pedantic:

Consistency is king.

You’re going to encounter prejudice; I still do to this day, e.g., one of our enterprise InfoSec architects opined (again) “Macs don’t belong in the enterprise.” I’ve learned to tune this out, focusing instead on what I need to do, among which are the following:

1) Document, document, document
     --create that digital paper trail by making use of your ticket reporting system. This puts time and date stamps on everything. Attach relevant Apple/Jamf/MS/whoever else’s techdocs.

2) Communicate daily with your supervisors
     --loop them in on absolutely everything, because you want them on your side.

3) Know when to escalate. There have been a couple/few occasions wherein I’ve had to craft a carefully worded, highly diplomatic executive “carpet-bomb” email. Tread cautiously here. I did this the day after returning from JNUC last year. After seeing so many of you, engaging in numerous BrainDates, attending the sessions, learning what other teams were up to across the globe…

I saw what could be—and I wanted it.

And subsequent to a little consternation amongst my direct superiors the tide has turned; instead of casting aspersions (“Just what is that Mac admin up to?”) it’s instead “What do you need?”

To that end, and bear in mind this is municipal government we’re talking about here:

1) Management authorized the allocation of close to $2,000 to engage with Jamf engineering (Thanks, Molly!), who found no gotchas in my cloud instance other than some policies running a bit too frequently, and who highlighted my organization of policies and profiles by categories. I have to say this felt like vindication—and my boss was on the call!
2) Due to seeming ongoing challenges pertaining to our ADFS authentication scheme behaving differently when attached to different networks, and ongoing dialogue with relevant stakeholders not particularly going anywhere, we’re engaging with Apple Professional Services--to the tune of an amount I’m not here authorized to disclose—to have them come onsite for a soup-to-nuts eval of our environment and infrastructure for a period of about two weeks. We’re going to have our Come-to-Jesus moment with our partner divisions and sections, going from there into the future.

My commitment is that the Mac user experience in my enterprise is second-to-none, exceeding that of our Windows users.

Thank-you most kindly for your time and attention! I’m open to any questions.

----------------------------------------
I guess I'm putting this out there to see just how relatable it is, where I might need to punch it up, or it just sucks harder than an Electroluxe! Thanks!