An organization can order a device from Apple or a reseller and have it sent directly to an employee. It enables certain management styles and workflows that were not possible before. On macOS the manual (“user-approved” MDM enrollment) cannot be automated and cannot even be performed over remote control. The process with Configurator can be automated, aside from the manual connection. However, Apple provides two means to supervise an iOS device: with DEP and by manually connecting an iOS device to a Mac with Apple Configurator. This is similar to “supervised” iOS devices. Furthermore, Apple states that going forward, the “approved” level of MDM (either by DEP or explicit user interaction) will be used for more configurations in the future. When a Mac’s system volume is erased and macOS is re-installed the process starts over, keeping the Mac managed by the same MDM.Īpple has also made DEP+MDM a requirement to manage Kernel Extensions without user interaction. They have been pushing to this for a few years now and it has also been the way to manage iOS devices.ĭEP is a process where a new device (iOS or Mac) is registered to your organization at purchase and you can assign it to your Mobile Device Management server through Apple’s website.Īt it’s very first boot, the Mac will check with Apple’s DEP servers and get the MDM’s information, register with the MDM and then the management settings take over, adding configuration, software and, with some management systems, local tools to install and manage non-AppStore software. Deployment Strategies Going Forwardĭevice Enrollment Program and Mobile Device Management (DEP + MDM) is certainly Apple’s deployment method of choice. Even if that is not the case, then it is a safe assumption that future Mac releases will contain the T2 system controller or something similar and have the same Secure Boot features (or lack thereof). There is speculation that the current TouchBar MacBook Pros might get Secure Boot added in a future update to 10.13. MacAdmins will all need to plan ahead and look at the options that are on the table for Mac management going forward. Also it is to be expected that all new hardware from Apple going forward will have Secure Boot and probably not NetBoot. So the news of NetBoot’s demise has not been exaggerated. But this gives us enough confirmation of facts to know: There are probably a few more details which will come out as other admins get their iMac Pros in the following days and weeks. the iMac Pro does not only kill imaging and NetBoot, but also the remaining EFI ROM tones (also noted in this support article, startup chimes already went away with 2017 MacBook and MacBook Pro models, thanks to Arek for pointing that out).for Bootcamp, Secure Boot will verify the Windows bootloader.Secure Boot requires an internet connection when it attempts to fix the boot files.FileVault/Full Disk Encryption is not enabled by default.reseting the NVRAM will reset SIP, but not the Secure Boot setting.re-enabling Full Security in the Secure Startup Utility requires an internet connection.you can still erase the system volume without a local administrator’s password.you cannot disable Secure Boot or enable External Boot before the first installation as there is no local administrator.a local administrator’s password is required to disable Secure Boot or enable External Boot.macOS build for the iMac Pro is 17C2120 the iMac Pro will not NetBoot, even with Secure Boot disabled.Update: Tim Perfitt now as an excellent detailed post on his findings here. Most of this happened on Twitter, which is a quite hard to put together afterwards, so here is a summary: (there were several members of the Mac Admin community involved, thanks to all of them!) Tim Perfitt of Twocanoes Software ( Winclone, SD Clone, etc.) got an iMac Pro.įor obvious reasons he immediately looked at the details of the new boot process, and has found some details that were speculated or unknown so far. Please check it out: “ macOS Installation for Apple Administrators“ I have written a book which expands on this topic and is regularly updated.
0 Comments
Leave a Reply. |