Skip to content

Apple Business Manager in Okta Workflows

A few months back, Apple released an update to Apple Business Manager and Apple School Manager to allow API access to customers. Apple has thoroughly documented the API.  I tried to implement the new API in Okta Workflows, and got it mostly working, but I wasn’t happy with it. Apple requires an assertion which can live up to 180 days. Once you have that assertion, you can request a bearer token, and with that bearer token, you can perform API calls.  Bart Reardon created a shell script that requests that assertion. What I had done was take that assertion generated by the script, and used it as an input. That… Read More »Apple Business Manager in Okta Workflows

Getting AppleCare info from Apple Business Manager API

Thanks so much to Dmitriy for posting this image to #toronto on the Mac Admins Slack. Also thanks to Arek to posting about it on LinkedIn, where I saw it. Both of them are awesome Mac Admins that I’ve had the pleasure of learning from. They’re also pretty great guys, too. With this new update to ABM shows AppleCare coverage, but the question is, can I get that data from the API? The answer is Yes. To get AppleCare information, make a call to https://api-business.apple.com/v1/orgDevices/REDACTED/appleCareCoverage The returned results looks like this:

SFIcons

I’ve wanted to make a simple app for quite some time, but I have had a hard time learning Swift. The Problem I sometimes need to create an icon for my Munki repo. I often use SF Symbols when I do that, and it’s really easy. But I want to make it look more like a macOS icon. So I played with making an app that layered the SF Symbol over a coloured square with rounded corners. The problem was getting the image out of there. Failed Solution So instead I decided to ask Google Gemini to help me make it. It SUCKED! Solution I switched to ChatGPT and it… Read More »SFIcons

macOS Device Compliance

I use two Smart Groups in Jamf to define how many devices are in compliance in regards to macOS version. The Smart Groups are pretty simple: The problem is that only gives us a snapshot of a moment in time, rather than historical data. My solution was to log that data in a Google Sheet. I created a new Okta Workflow. The Workflow kicks off once a day at 1 am PST. I want to store the date and time, so I need to convert it into the appropriate format. This will give me 2024-04-09 and 10:49:00 PST (based on time I’m writing this). It stores that values as dateReturn… Read More »macOS Device Compliance

Automating MDM Renewals Using Jamf and Okta Workflows

Hi, We have some computers that are in Jamf. Sometimes Jamf doesn’t like to play nice and renew the MDM on the device. To start you’re going to need an Advanced Computer Search in Jamf. The fortunately have a criterion called “MDM Profile Expiration Date” and we set that to less than 11 days. Alright, you got that? Great! Next you need to get the ID for that Advanced Computer Search. You can find that in the URL In the example above, it’s 888. In Okta Workflows, create a new flow, give it a name and tell it that it’s a Scheduled Flow. I’m not explaining every little thing. Here’s… Read More »Automating MDM Renewals Using Jamf and Okta Workflows

Toronto Mac Admins Meetup

We had a Toronto Mac Admins meetup this past Tuesday (January 30, 2024). I’m gonna embed the video for you folks.

Mac Admins @ Penn State University

I was recently at Penn State University in State College, PA for the annual MacAdmins conference. I was there with my co-worker Rebecca. The two of use presented two topics and they’ve made their way to YouTube.

Running GlobalProtect CLI only on Linux

I just spent 3 hours on a Zoom with a colleague trying to figure out what the issues our Linux users were facing when running GlobalProtect. To install the CLI-only version, you must first you download the files, untar/detar/whatever it… Then you run the installer script Woo hoo! It’s installed! Kinda, there’s a few things missing. Default Browser In the document /opt/paloaltonetworks/globalprotect/pangs.xml, add the following line in the <settings> section… Point to your Portal In the document /opt/paloaltonetworks/globalprotect/pangs.xml, add the following line in the <PanSetup> section… Save the document and exit. Reboot You don’t need me to tell you how to do that… reboot your computer. globalprotectcallback: URLs Create the… Read More »Running GlobalProtect CLI only on Linux

Custom Commands for Mosyle

Hat Tip to another Adam. I recently discovered these when poking around in Adam Codega’s Github. There’s a couple especially I want to draw attention to. BatteryHealthCA.sh This little script will get the battery service level, plus tell you the number of power cycles the battery has had. It will appear as something like “Normal (256)”. Battery condition is normal and has had 256 cycles. From there in Mosyle, you can create a Smart Device Group where the criteria is for that field is like “Service Recommended” as you can see below. Here’s the direct link. KernelPanicCA.sh This script will tell you how many kernel panics a device has had… Read More »Custom Commands for Mosyle

fdesetup

I’ve used a few different MDMs in my time as a MacAdmin, I’ve written about my transition from WorkspaceONE to Mosyle and I really much prefer it. I noticed today that one user isn’t using FileVault. I have a deferral set to 5 times. Which now I’m thinking might be a bit high. I was wondering how many times that user has deferred FileVault. I saw you could use fdesetup to see info about deferral. So I made a quick and dirty script for that. I used Mosyle to blast it out to all devices with Filevault off (that required having a smart group), and told it to run on… Read More »fdesetup