Posted on 01-10-2023 04:14 PM
Hey All JS Friends - this is my first post.
tl;dr background info
Over the scope of my time on this MDM (since Zuludesk...) I looked over my shoulder at Jamf Pro and wondered if we had made the correct choice (I was a total MDM newb and was taking information from a firehose). I knew that Jamf professional services supported best-practice engineer-assisted rollouts, but I "bit down and chewed on the low-budget choice and some learning as I went. Then Jamf purchased Zuludesk and voila I was now a Jamf customer. At a CITE conference Jamf session, I started asking about upgrading our School MDM to Pro to "use Jamf Connect." Instead, they helped us set up Pro services to review my MDM build and working conventions / set up Jamf Connect.
end tl;dr
Fast forward to my issue:
Deploying Jamf Connect using Azure IDP (which also enhances security with MFA) is easy (Jamf Connect App, Custom Profile, and Logo image are added to a macOS Device Group).
-in our environment, I allow local fallback (until the next Azure password change) and allow a couple of local admin accounts local access...
I have found LAPS on Jamf Pro info, but nothing on school. (So instead of trying to figure out what in the Pro instructions I can use, then opening a ticket to see if a Jamf tech can help me get on track, I figured I'd give this forum a try!) It would be nice to have randomized admins in the field (but still makes me wonder how users can self-install apps from the Web, or if I'll have to create in-house packages for any one-offs...).
My second concern is that in our MS-CHAPv2 WiFi environment makes the first Jamf Connect Azure auth fail. So for now I'm installing Connect with macOS devices connected via hub and Ethernet. (This works with the local fallback... but clearly every subsequent password change will require the same "hack.") So the thought is to push out a cert to use for WiFi...
If anyone has any ideas or examples of how cert-based WiFi may be working in your environment, please let me know.
Thanks Again!
Posted on 01-27-2023 08:25 AM
FYI, dear JS/JC community. I sent this link to a Jamf tech (helping me work on an entirely different JC issue). Anyways, after 2 weeks and 70 reads with zero response it makes sense to have Jamf Engineers helping (as I've clearly stumped the community).
* Once we figure this out, I'll post an update jic anyone else decides to deploy JC on JS and wants LAPS integration or is using a similar wifi model.