Weekly News Summary for Admins — 2023-03-31

Apple was busy this week. As expected, we got the macOS Ventura 13.3, iOS 16.4, and sibling platform updates. (New emojis!) We also got the long awaited Apple Music Classical app (iOS only), Apple Pay Later (where available, i.e yet another US only service), and updates to several apps. Apple also announced the dates for this year’s WWDC: June 5–9 in a similar format to the past year. All sessions pre-recorded and online with a viewing event at Apple Park for the Keynote.


(Sponsor: SentinelOne)

A Guide to macOS Threat Hunting and Incident Response

As enterprise Macs become increasingly targeted with cross-platform malware and infostealers, it’s more important than ever to ensure security teams know how to hunt for and respond to macOS compromises.

Continue Reading Here >>


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📸Focus

Jason Snell from SixColors has released the “Apple in the Enterprise” report card with lots of interesting data and even more enlightening comments from many fellow Mac and iOS admins. Now, that this is the third edition, the report includes a graph with the previous two scores for each section, and we can start to see some trends.

🌼macOS Ventura 13.3 and iOS 16.4

macOS

iOS and iPadOS

Guides

Other Platforms

Applications

Apple Support

Community

📰News and Opinion

🎤Conferences

More information on upcoming conferences and archives of past conferences on my conferences page.

🦣Social Media

  • John C. Welch: “One thing remote work has screwed is the ability to learn how the people I don’t work with, but support, work. I called it “Support by Walking around” not just for the “it’s too minor for a ticket, but since you’re here” problems that I could see were developing into bigger problems. That was invaluable in and of itself. But it also, over time, gave me a way to see how the people I supported actually worked. How they needed to work, how their actual workflow functioned.” (thread)

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

📺To Watch

🎧To Listen

🎈Just for Fun

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-03-24

Apple released the release candidates for macOS 13.3, iOS 16.4, and all the siblings. Are you ready for the release next week?


(Sponsor: SentinelOne)

Session Cookies, Keychains, SSH Keys and More: 7 Kinds of Data Malware Steals from macOS Users

Stealing valuable data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware campaigns have done it.

Continue Reading Here >>


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🦣Social Media

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

🎧To Listen

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-03-17

The newsletter this week is coming at an unusual time of day because I am traveling. If I missed any links because of the travels, please let me know!


(Sponsor: SentinelOne)

The Complete Guide to Understanding Apple Mac Security for Enterprise

Everything you need to know to understand the strengths and weaknesses of the security controls built into Apple Macs and the macOS platform.

Continue Reading Here >>


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📸Focus

Jason Snell has put out the call for the next incarnation of the “Six Colors Apple in the Enterprise Report Card.” If you are interested you can read last year’s report here. The questionnaire is open to all MacAdmins but you need to fill it out before March 22nd deadline.

📰News and Opinion

🦣Social Media

  • William Smith on Mastodon: “Happy to announce the Jamf Training Catalog introduced in 2018 and only available to customers is NOW available to anyone with a free Jamf Account. No customer requirement going forward.”
  • Mike Lynn on Mastodon: “[…] avoid attempting to manage the end user experience as much as possible – or allowing your organization to dictate to you, as the subject matter expert, that settings of this nature MUST be enforced to a specific value. No two people agree on a sane default experience. Managing for security? Yes, great. Managing look and feel? Please do not

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

📺To Watch

🎧To Listen

🎈Just for Fun

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-03-10

Apple announced a new yellow iPhone color this week, which invokes spring thoughts, but here in the Netherlands we have had the most wintry weather this season. I hope spring comes quickly after this last effort of winter.


(Sponsor: SentinelOne)

Hunting for Honkbox: Multistage macOS Cryptominer May Still Be Hiding

Learn how Honkbox hides on macOS and evades detection. This post contains details of a previously undocumented variant, along with further IOCs and behaviors for threat hunters and SOC teams.

Continue Reading Here >>


Spring will also bring the “Spring updates” of macOS and iOS and we did get another round of betas this week. These updates which are about half way between Apple’s major platform updates often come with significant changes, especially for admins. From what we can tell from the betas, the changes this year seem be on the “less impactful” side. A welcome respite for MacAdmins.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS and iOS Updates

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-03-03

This is the time of the year where we get regular updates for macOS, but not that many new features. It is also time where MacAdmins adopt the new versions, either by choice or because the 90 day deferral limit has expired for good a while back. This is a busy time for MacAdmins.


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


We also got the second beta for macOS 13.3 and iOS 16.4 and Apple is testing the new Rapid Security Response technology again. It is encouraging that they are testing this “in the field” and hopefully that will make a big difference in reliability.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📸Focus

It is here! The second edition of the wonderful and encompassing guide to everything Mac and iOS management: Apple Device Management Second Edition by Rich Trouton and Charles Edge. Many congratulations to them!

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

🎧To Listen

🎈Just for Fun

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-02-24

After a few weeks of releases, this week was a bit quieter. Still a nice selection of posts and articles, thanks to all the authors who share their experience.


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

⚙️macOS and iOS Updates

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

🎧To Listen

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-02-17

Surprise update week! We got a security update for the Apple platforms and the new betas for macOS 13.3 and iOS 16.4


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


The security update is overshadowed by a fraction of managed clients booting to recovery during the update, which can be problem to overcome, when you have managed recovery lock.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🌼macOS Ventura and iOS 16

⚙️macOS and iOS Updates

🦣Social Media

  • Brian Stucki: “Right on schedule, the x.3 update of Xcode requires the most recent macOS. (In this case, Ventura.)”

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

📺To Watch

🎧To Listen

🎈Just for Fun

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-01-27

Update week! As expected, we got the updates for macOS 13.2, iOS 16.3, and all the other updates that go along with these.


(Sponsor: SentinelOne)

The Complete Guide to Understanding Apple Mac Security for Enterprise

Everything you need to know to understand the strengths and weaknesses of the security controls built into Apple Macs and the macOS platform.

Continue Reading Here >>


📸Focus

The day before macOS 13.2 was published was the day that a 90 day major upgrade deferral limit on macOS ran out. Because of the, well…, state of what is software update on macOS, this has some interesting and some unexpected side effects. (I talked about the state of software update in my Year 2022 summary.)

When you are managing a 90 day deferral on major macOS updates, a user on an MDM enrolled Mac will now see the full (~12GB) macOS 13 upgrade in the Software Update pane. Apple is withholding the smaller delta upgrade option from managed Macs because of a bug in macOS 12.3 through 12.6 that resulted in the delta upgrade ignoring the major deferral time, and using the minor deferral time instead. This bug was fixed in 12.6.1.

The user will see 13.0, and not 13.1 or 13.2, since those were released less than 90 days ago still fall under the limitation. However, after the Mac has completed the upgrade to 13.0, the 13.1 and 13.2 updates are minor updates and will fall under the (likely much shorter) minor upgrade deferral time. This means that after going through the trouble of upgrading to 13.0 the user will immediately see that 13.1 is available and then, whenever the minor deferral period for 13.2 is over, see the 13.2 update as well. This might lead to two or three updates within a few days, which is not the experience we want for our users.

The major deferral period is only useful for the first 90 days after the release of a major version of macOS. Afterwards it is actually somewhat detrimental, as it doesn’t prevent the major upgrade, but does prevent the user getting to the latest minor version in one step. I recommend MacAdmins that have set a major deferral to change its value to match the minor deferral period now, to avoid getting users getting double-hit by the upgrade-then-update workflow. Also, since 13.1 and 13.2 are offered as delta upgrades, this will reduce the download volume and overall time for the upgrade.

The other side-effect, however, is that delta-upgrades and updates can be started by non-admin users, which may or not be beneficial to your particular plans and workflows. Full updates (i.e. 13.0 on managed Macs), on the other hand, require admin privileges to start. This may give admins who want some extra time to defer upgrades to 13.0 a bit more time, because the trick of blocking the macOS Installer application for the full 13.0 upgrade will work, at least until the 90 day deferral on 13.1 expires.

In case you were wondering, that will be March 13. Apple has a support page for this.

When Apple prepares to release macOS 14 (Sequoia, I have been expecting macOS “Sequoia” for years…) in September, remember to change the major deferral back to your preferred value. Or you can follow Fraser Hess’s advice and ‘Embrace the upgrade.’

To be able to fully ’embrace the upgrade,’ you need to be downloading and testing the betas, not only with major updates, but through out the year. As Ed Marczak points out, MacAdmins really need to be signed up for AppleSeed for IT and actively testing the beta releases with their deployment. Testing with the betas should give you the time to verify and report issues, and, even when they can’t be fixed in time, be prepared with temporary update deferrals or instructions for the support team and users on how to mitigate the issues.

MacAdmins should also be following the MacAdmin news, events, and posts in the community, but if you are reading this news summary, you already are! When you happen to talk with someone who was blind-sided by all this, then please recommend they subscribe!

🌼macOS Ventura 13.2 and iOS 16.3

Note: links to support articles should go to the US versions as localizations might take a while to be available. Nevertheless, the Apple web site might redirect you to the localized version. You can select the localization in the lowest right corner of a Apple support page.

macOS Ventura 13.2

macOS 13.2 (22D49), 12.6.3 (21G419), 11.7.3 (20G1113)

iOS 16.3 and iPadOS 16.3

Apple Platform Deployment Guide

Other Systems

Applications

Apple Support

Community

📰News and Opinion

🦣Social Media

  • Adam Codega on Mastodon: “You can’t use traditional methods to check app versions of apps like Chrome that update silently, the app version on disk is going to be the latest but the app version running in memory is going to be older. There’s a one liner you can use to check the running version of Chrome but I recommend using a custom config profile or CBCM and setting Chrome to notify and enforce a restart after X time.”
  • Adam Codega on Mastodon: “Zoom can be set to automatically restart itself under certain conditions: ‘Auto install an available update when the device is idle. Idle devices must be: No current meeting, phone call, or contact center engagement, No upcoming meeting within 30 minutes, Screen is locked or screen saver is active'”
  • Ed Marczak on Mastodon: “Apple isn’t perfect with communication to admins, but I am shocked—SHOCKED!—at the number of admins that don’t: a) pay attention to betas, and have a robust testing group (or at least have one of their own devices on the beta track) And b) Just don’t pay attention to any Apple docs and comms. Hey MacAdmins: help yourselves. Have a testing plan for new releases, and help the people that you serve have a smooth upgrade. Get onto Appleseed and read the release notes.”
  • mwichary on Mastodon: “TIL after all these years: In macOS Finder you can press space to do a quick preview. But hold ⌥ and space, and the preview goes full screen. (Annoyingly, you cannot press space to exit, though.)” (‘esc’ key for exit)

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

📺To Watch

🎧To Listen

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-01-13

Happy New Year 2023!

Back after the winter holiday break and things are already going strong!


(Sponsor: SentinelOne)

7 Ways Threat Actors Deliver macOS Malware in the Enterprise

Learn how to build more resilient defenses by understanding the vectors threat actors use for initial compromise on macOS endpoints.

Continue Reading Here >>


Many of you seem to have taken the time to post a lot of interesting articles and tools. Many interesting posts and releases. Thanks to everyone!

MacDevOpsYVR 2023 is announced for June 21-22, 2023 in Vancouver, Canada! (Speaker Application form at bottom of that page)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Highlights

News and Opinion

macOS Ventura and iOS 16

macOS and iOS Updates

Social Media

  • Andrew MacKenzie on Twitter: “Installomator is my new benchmarking tool. for everything in $(Installomator.sh) ; do Installomator.sh $everything ; done Also my new speedtest.”
  • Adam Tomczynski on LinkedIn: “To help you learn and prepare for the Apple Device Support exam, I created flashcards with the documentation provided by Apple.”

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!