Apple Device Management: A Unified Theory of Managing Macs, iPads, iPhones, and Apple TVs, 2nd Edition
- Length: 854 pages
- Edition: 2
- Language: English
- Publisher: Apress
- Publication Date: 2023-03-31
- ISBN-10: 1484291557
- ISBN-13: 9781484291559
- Sales Rank: #1565096 (See Top 100 Books)
Working effectively with Apple platforms at a corporate or business level includes not only infrastructure, but a mode of thinking that administrators have to adopt to find success. A mode of thinking that forces you to leave 30 years of IT dogma at the door. This book is a guide through how to integrate Apple products in your environment with a minimum of friction. Because the Apple ecosystem is not going away.
You’ll start by understanding where Apple, third-party software vendors, and the IT community is taking us. What is Mobile Device Management and how does it work under the hood. By understanding how MDM works, you will understand what needs to happen on your networks in order to allow for MDM, as well as the best way to give the least amount of access to the servers or services that’s necessary. You’ll then look at management agents that do not include MDM, as well as when you will need to use an agent as opposed to when to use other options. Once you can install a management solution, you can deploy profiles on a device or you can deploy profiles on Macs using scripts.
With Apple Device Management as your guide, you’ll customize and package software for deployment and lock down devices so they’re completely secure. You’ll also work on getting standard QA environments built out, so you can test more effectively with less effort.
This thoroughly revised and expanded Second Edition provides new coverage and updates on daemons and agents, declarative management, Gatekeeper, script options, SSO tools, Azure/Apple Business Essentials integrations and much more.
You will
- Deploy profiles across devices effectively and securely
- Install apps remotely both from the app store and through custom solutions
- Work natively with Apple environments rather than retrofitting older IT solutions
Who This Book Is For
Mac administrators within organizations that want to integrate with the current Apple ecosystem, including Windows administrators learning how to use/manage Macs, mobile administrators working with iPhones and iPads, and mobile developers tasked with creating custom apps for internal, corporate distribution.
Table of Contents About the Authors About the Technical Reviewer Preface Chapter 1: The Evolution of Apple Device Management The Classic Mac Operating Systems Network Protocols Early Device Management NeXT Mac + Unix = Mac OS X Server Apple Remote Desktop Ecosystem Coexistence iOS Device Management Mobile Device Management Apple Device Management Programs Enterprise Mobility iOS + Mac OS X = macOS One More Thing: tvOS Imaging Is Dead? macOS – Unix = appleOS Moving Away from Active Directory The Apple Admin Community Conferences Online Communities User Groups Summary Chapter 2: Agent-Based Management Daemons and Agents Use Lingon to See and Change Daemons and Agents Easily Controlling LaunchDaemons with launchctl Deeper Inspection: What Does the App Have Access To? Third-Party Management Agents Addigy FileWave The Once Mighty Fleetsmith Jamf Manage User Accounts with Jamf More Automation Through the Jamf Framework Munki Munki LaunchDaemons Customizing a Munki Manifest Munki Managed Installs Updating Software That Munki Didn’t Install Nested Manifests Removing Software with Munki Optional Software Installation Featured Items Building a Repository and a Catalog of Software Distributing the Manifest File osquery Install osquery Running osquery Logging and Reporting Chef Install Chef Edit a Recipe Puppet Use Git to Manage All the Things The Impact of UAMDM and Other Rootless Changes to macOS Rootless Frameworks Miscellaneous Automation Tools Summary Chapter 3: Profiles Manually Configure Settings on Devices Use Apple Configurator to Create a Profile View the Raw Contents of a Profile Install a Profile on macOS Install a Profile on iOS Install a Profile on tvOS View a Profile from macOS View a Profile from iOS View a Profile from tvOS Remove a Profile on macOS Remove a Profile on iOS Remove a Profile on tvOS Effects of Profile Removal Use the Profiles Command on macOS Using the Profiles Command MCX Profile Extensions Summary Chapter 4: MDM Internals What MDM Can Access Apple Business Manager and Apple School Manager Buy Apps to Distribute with MDM Apple Push Notifications Check-Ins: Device Enrollment MDM: Device Management MDM Commands Automated Enrollment, or DEP The Reseller DEP API The Cloud Service DEP API mdmclient Device Supervision UAMDM Enrollment Commands The Impact of UAMDM Third-Party Kernel Extension Management Team Identifier Bundle Identifier Using Team Identifier by Itself in a Third-Party Extension Profile Privacy Control Management Enable APNs Debug Logging App Deployment Gift and VPP Codes Volume Purchase Program Managed Open-In Host an .ipa on a Web Server Sign and Resign macOS Applications App Notarization Summary Chapter 5: iOS Provisioning iOS Provisioning Prepare an iOS Device Using Apple Configurator Install Apple Configurator Create Blueprints Manage Content Add Certificates for 802.1x with Profiles to Blueprints Install Apps with Apple Configurator Automate Enrollment with Apple Configurator Download MDM Profiles Configure Automated Enrollment in Apple Configurator Change Device Names Using Apple Configurator Change Device Wallpaper with Apple Configurator Prepare a Device Debugging Apple Configurator Logs Using an ipsw Operating System Bundle to Restore Devices Device Supervision Using Manual Configurations Automating iOS Actions The Apple Configurator Command-Line Tools Use libimobiledevice to Automate Device Management Use Basic libimobiledevice Options Dig in with Additional Management Commands Troubleshooting Commands Using AEiOS to Create Workflows Caching Services What’s Cached? Caching Service Configuration Summary Chapter 6: Mac Provisioning macOS Startup Modifier Keys macOS Provisioning with ADE DEPNotify Octory macOS Provisioning Without ADE Installation Create a Workflow Imagr Upgrades and Installations Reprovisioning a Mac Virtual Machines Parallels UTM Summary Chapter 7: Endpoint Encryption iOS Encryption Overview Enabling Encryption on iOS macOS Encryption Overview Secure Token Bootstrap Token Enabling Encryption on macOS FileVault Recovery Keys FileVault 1 and the FileVaultMaster.keychain File Creating an Institutional Recovery Key Enabling FileVault 2 Encryption for One or Multiple Users Enabling FileVault 2 Encryption Using One or Multiple Recovery Keys Disabling FileVault 2 Encryption Listing Current FileVault 2 Users Managing Individual and Institutional Recovery Keys Removing Individual and Institutional Recovery Keys Recovery Key Reporting Reporting on FileVault 2 Encryption or Decryption Status Summary Chapter 8: Securing Your Fleet Securing the Platform Mac Security Signed System Volume System Integrity Protection SIP-Protected Directories View SIP Protections Interactively Runtime Protections Kernel Extension Protections Managing System Integrity Protection Signed System Volume and csrutil Running csrutil Outside of the Recovery Environment Custom System Integrity Protection Configuration Options System Integrity Protection and Resetting NVRAM User-Level Protections Detect Common Vulnerabilities Manage the macOS Firewall Combat Malware on macOS XProtect and Gatekeeper lsquarantine Using lsregister to Manipulate the Launch Services Database Changing File Handlers MRT Signing Applications ClamAV Threat Management on iOS macOS Binary Whitelisting Compliance Centralized Log Capture and Analysis Writing Logs Reading Logs Organization and Classification Comparisons and Searches OpenBSM Audit Logs Using praudit Reverse Engineering Administrator Rights on macOS Summary Chapter 9: A Culture of Automation and Continuous Testing From Manual to Automated Testing Scripting and the Command Line Command-Line Basics Basic Shell Commands Shell Scripting Declaring Variables Expanding on Z Shell Altering Variables (Mangling) Standard Streams and Pipelines If and Case Statements For, While, and Until Statements Arrays Exit Codes More Advanced Shell Script Logic Passing Arguments to Shell Scripts Manual Testing Build a Test Matrix Automated Testing Graphical-Based Testing Sikuli Expect Scripting Posting Issues to Ticketing Systems Simulating iOS Environments with the Xcode Simulator Managing Simulated Devices Copy Content into the Simulator API Orchestration Use cURL to Work with APIs Use Postman to Work with APIs Release Management Summary Chapter 10: Directory Services Manually Bind to Active Directory Bind the Easy Way Bind with the Directory Utility Test Your Connection with the id Command Use dscl to Browse the Directory Programmatically Binding to Active Directory Bind to Active Directory Using a Profile Beyond Active Directory All the Benefits of Binding Without the Bind Apple Enterprise Connect Apple Kerberos SSO Extension Summary Chapter 11: Customize the User Experience Getting iOS and iPadOS Devices in the Hands of Users macOS Planning the macOS User Experience Transparency Consent and Control Protections on User Home Folders Using Profiles to Manage User Settings Using Scripts to Manage User Settings Modifying the macOS Default User Template Customize the Desktop Customize the User Preferences Configure the iOS Home Screen Custom App Stores Test, Test, Test Summary Chapter 12: Identity and Device Trust Use IdPs for User Identities REST and Web Authentication JSON Use JWTs As Service Accounts Bearer Tokens OAuth WebAuthn OpenID Connect SAML Cookies ASWebAuthSession Work with Azure Active Directory View SAML Responses Use Jamf Connect to Authenticate to an IdP at the Login Window Configure Jamf Connect Login Alternatives to Jamf Connect Use Azure AD for Conditional Access Configure the Jamf Integration with Intune Beyond Authentication Multifactor Authentication Microsoft Authenticator MobileIron Access Conditional Access for Google Workspace Obtain Your CustomerID from Google Workspace Provision a Google Cloud Function Resource Enable the Necessary APIs Create a Service Account Create Your Google Cloud Function Write Your Script Duo Trusted Endpoints Managed Apple IDs Continued Managed Apple IDs in Schools Managed Apple IDs for Business Webhooks Working with the Keychain Summary Chapter 13: The Future of Apple Device Management Balanced Apple Scorecard The Tools The Near Future Privacy Controls The Apple Product Lines Apps Evolutions in Software Design and Architecture The Evolution of Apple Software Apple Apps Productivity Apps Apple Services Apple Device Management Programs Getting Apps to Devices Manage Only What Is Necessary The Future of Agents Other Impacts to Sandboxing iOS, macOS, tvOS, and watchOS Will Remain Separate Operating Systems Will iOS Become Truly Multiuser? Changes in Chipsets You’re Just Not an “Enterprise” Company Apple Is a Privacy Company Summary Appendix A: The Apple Ecosystem Antivirus and Malware Detection Automation Tools Backup Collaboration Suites and File Sharing CRM DEP Splash Screens and Help Menus Development Tools, IDEs, and Text Manipulators Digital Signage and Kiosks Directory Services and Authentication Tools Identity Management Imaging and Configuration Tools Log Collection and Analysis Management Suites Misc Point of Sale Print Servers Remote Management Security Tools Service Desk Tools Software Packaging and Package Management Storage Troubleshooting, Repair, and Service Tools Virtualization and Emulation Honorable Mention Appendix B: Common Apple Ports Appendix C: Configure macOS Lab Virtual Machines with UTM Appendix D: Conferences, Helpful Mac Admins, and User Groups Appendix E: Set Up a Test Okta Account Index
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/Apress
2. In the Find a repository… box, search the book title: Apple Device Management: A Unified Theory of Managing Macs, iPads, iPhones, and Apple TVs, 2nd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.