Description

This section describes the various settings we use within JAMF to manage endpoints, including Mac laptops, desktops, and iOS devices.

New Computer Setup - Move Into Jamf

After you receive a new computer that you have ordered from Coupa, you will need to reach out to euc-help@mit.edu (End User Computing group) and have them move the machine into the Center for Real Estate site within Jamf.

Below is a template for contacting them, or you can use this link.

Hello,

We have a new computer. Can you please move '[Serial Number]' into the Center for Real Estate site within Jamf?

Thank you,

Accessing Jamf

Go to https://mv-ezproxy-com.ezproxyberklee.flo.org/ and login using your kerberos ID. Access is controlled with moira group ep-cre.

To Enroll an Endpoint

1. Go to https://mv-ezproxy-com.ezproxyberklee.flo.org/enroll
2. Manual enrollments do not automatically install software (covered in kb)
3. If computer enrolled manually, it will not be automatically encrypted. Need to unencrypt then reencrypt via JAMF
   1. Can set up advanced search
   2. In the search, we can customize to show additional columns
      1. “Last Inventory Update” -> Happens once per day, and it updates the list of applications and stuff on the computer.
      2. Extension Attributes -> Custom scripts that have been written specific to MIT
      3. To force encryption on devices… computers > Policies – configure a policy. Use “IS&T Filevalut 2” for disk encryption configuration

Manual Trigger of New Mac Setup

If you already have a Mac setup and do not wish to wipe the device, run the following command after enrollment to run the setup scripts:

...

This is mentioned in the Jamf Pro - enrolling devices without DEP KB article.

CRE Site Settings

Site name: Center for Real Estate

When you want to work with your machines, be sure to select your site from the dropdown menu near the top-right of the page.

Site categories - used when uploading files and creating policies. Be sure to assign a category or else your files may be deleted.
CRE-Apps
CRE-Maintenance
CRE-Printers
CRE-Scripts
CRE-Test

Moira Group:

• ep-cre – Members of this Moira group have access to your site. Let us know if you'd like to add or remove users/lists in this group.
• ep-techs - This is a low traffic mailing list that you will receive emails from regarding upgrades / changes to software and issues as they occur.

Notes

• Automatic Device Enrollment (ADE) is the new term for Device Enrollment Plan (DEP). Both terms mean the same thing and are used interchangeably.
• Since the later versions of Jamf/OSX, all devices enrolled in a Jamf site are automatically supervised, regardless of whether or not they are enrolled in DEP/ADE.
• Can I use Jamf to execute a script? (Not sure, ask Matthew Hershberger)
• How do I know what machines I have enrolled in DEP? A: No way to tell, just need to email euc-help@mit.edu and then they can send us a list.

Uses device serial number

...

Due to permissions issues, you will not be able to upload or delete packages irectly. Just let us know at euc-help@mit.edu if you need something uploaded or removed.

Help

For help with JAMF, email euc-help@mit.edu.

See Also

• Production Server: https://mv-ezproxy-com.ezproxyberklee.flo.org/
• Enrollment Link: https://mv-ezproxy-com.ezproxyberklee.flo.org/enroll/ 
• MIT Knowledgebase: http://kb.mit.edu.ezproxyberklee.flo.org/confluence/x/qWtBCQ
• Jamf Pro administrator's guide: https://www.jamf.com/resources/product-documentation/jamf-pro-administrators-guide/
• Jamf Nation user forum: https://www.jamf.com/jamf-nation/discussions