I wanted to ask a general question directed to all friends and admins of Jamf.
How did you set up your test environment? Do you work with a VM e.g. with Parallels or similar? Or do you have an extra device that is integrated into Jamf and test with it? The advantage of the VM is the snapshot, which is more or less a reset button.
Yes, we use Parallels VMs for testing. Per (what we believe is supported by Apple plus the potential next) OS version we have 4 VMs. Two of these are running plain macOS, the two others beta releases. One of each is enrolled in our production MDM, the other in the test MDM.
The snapshots are extremely helpful for testing. To get a clean VM you just go back to the proper snapshot - so much quicker than doing a complete re-install. The issues with Parallels on Big Sur made testing there very difficult. And for M1 based Macs it's yet another story...
I struggle a bit with this now for a few reasons:
1) While snapshots are tremendous productivity boons overall they are also space hogs and my company has decided to only buy Macs with minimal storage as the belief is that everything should be stored on a server. It doesn't help that FileVault effectively doubles your storage requirements for a VM (why FV-enrypt a VM? so the screenshots match... but you're right in many cases that's not strictly required.)
2) MDM enrollment and serial numbers present challenges, mostly insofar as if I want to rebuild/re-enroll a VM but also want to keep a snapshot of it active in its current fully built and "deployed" state. My solution is to just crib serial numbers from the decommissioned elements of the fleet... but it means I need to have at least 2 distinct serial numbers.
I'd really love to get some more automation wrapped around our virtualized Mac processes. Luckily M1 is not on our horizon yet but I think virtualization there will be moot (although there's a part of me still hoping Apple makes a datacenter VDI play with an M-based silicon card that can be plugged into any server for virtualized Macs. Just a part of me mind you because were they to do something I'm sure there would be enough gotchas that getting true macOS VDI would be outweighed by them for many practical use cases and getting real physical Macs would be preferred.)
In my ideal world I'd have a TB of storage, 6 uniquely serialized VMs, each snapshotted at clean OS install and fully enrolled/built production phases with a few intermediary steps along the way also saved. Just can't do it on 250GB!
ADDENDUM: One trick I have just figured out in the last few days is, if I am just testing early functionality (ABM/DEP stuff, manually creating first user and config setup, enrolling in MDM, et cetera) and am willing to sit through an entire OS install from scratch, I can just delete/remove the existing primary disk drive and add a new one. In this case I am booting from a physically attached USB stick that has been assigned to the VM with the serial number set.
Yes, storage is an issue, and Apple storage is still quite expensive. But external SSD's have a reasonable price tag and work fine. For the serial numbers I sometimes re-used the ones from retired devices, but recently just started to make some up - after checking they are not yet in our MDM. Would be bad luck if a made up SN would be DEP enrolled somewhere ;)
I use one VM for testing any new configs to my automated deployment, then I have 3 physical machines to match the general hardware that our userbase has, which now includes M1's. I do all my package building on a 2018 Mac Mini through VM's in VMWare Fusion. I keep the configured VM around for a week or so on an external drive and then delete it when I no longer feel its needed.