Archive for February, 2023

Apple Device Management Second Edition book now available for purchase from Amazon, Apple Books and Apress

February 27, 2023 1 comment

As covered previously, I worked with my colleague Charles Edge to update our Apple Device Management book with new information for a new second edition. I’m delighted to announce it’s now available for regular sale from Amazon, Apple Books and Apress, our publisher!

Just like First Edition, Second Edition is a quality item stuffed with useful information. Also like First Edition, Second Edition is suitable for any gift-giving occasion in addition to being the perfect something for yourself. For those who have asked about it being available in electronic format, it’s available in the following formats depending on the seller:

  • Amazon: Available for the Kindle
  • Apple Books: Available in ePub format
  • Apress: Available in PDF format

One thing to be aware of is that First Edition was also initially available via Apple Books, then later disappeared. I don’t know if that will happen with Second Edition, but if you want to get it for Apple Books my advice is to get it now and avoid disappointment and future regret.

Categories: Books, Personal

Providing Jamf Pro computer inventory information via macOS configuration profile

February 25, 2023 4 comments

Jamf Pro can store and make available a lot of information about a particular computer and who is using it as part of the computer’s inventory record, but it can be challenging to access that information from the computer itself.

Screenshot 2023-02-25 at 1.59.32 PM

It is possible to use an API call to access this information, using either the Jamf Pro API or Jamf Pro’s Classic API, but that means providing a way to authenticate to the API. This may pose some security issues as you will need to both:

  • Provide a way for the computer to access those authentication credentials
  • Protect the authentication credentials from potentially malicious third parties

Fortunately, there is an alternative way to provide at least some inventory information without needing to make an API call. Jamf Pro provides a number of variables which can be used in macOS configuration profiles and it’s possible to leverage those variables to build a profile whose task is providing information from the computer’s inventory record in Jamf Pro in a way which can be accessed from the managed computer. For more details, please see below the jump.

Read more…

Certificate expiration affecting macOS App Store and VPP apps

February 13, 2023 Leave a comment

Mac admins who have previously installed macOS apps from the Mac App Store (MAS) or the Volume Purchase Program (VPP) may be seeing some of those apps displaying warning messages on launch that the application is damaged.

Screenshot 2023 02 07 at 5 37 40 PM

When observed, this behavior may be appearing because the certificates Apple has been using to digitally sign apps have recently expired, on February 6th 2023 or February 7th 2023. (Both expiration dates have appeared in signing certificates on the apps I’ve checked.)

Screenshot 2023 02 13 at 11 39 25

When the code signing is detected as being invalid, Apple’s security tools are blocking launch as a consequence. In most cases, it appears that the code signing is still appearing as valid despite being past the expiration date.

Update: February 13, 2023 – I’ve received feedback from @macmuleblog after posting that they have seen damaged apps from VPP where they had a valid code signing certificate, so the root cause for the damaged apps may be different than what I initially posted. My apologies for any confusion caused.

Both the Apple Mac OS Application Signing certificate used to sign the apps, and the Apple Worldwide Developer Relations Certification Authority intermediate certificate are showing expiration dates that are now in the past.

Screenshot 2023 02 13 at 9 32 17 AM

Screenshot 2023 02 13 at 8 56 28 AM

In the cases where I’ve experienced applications reporting as damaged, uninstalling the app and reinstalling it seems to have addressed the issue. Hopefully Apple is working on getting the issue handled by re-issuing apps which are signed with a certificate signed with a new expiration date in the future.

Update: February 13, 2023 – It looks like Apple had previously begun the code signing effort I requested above. When I checked Microsoft’s To Do app, I saw that the Apple Mac OS Application Signing certificate used to sign the app and the Apple Worldwide Developer Relations Certification Authority intermediate certificate are showing expiration dates in the future.

Screenshot 2023-02-13 at 10.54.24 AM

Screenshot 2023-02-13 at 10.54.28 AM

%d bloggers like this: