In October 5-8 2021 we proudly present

MacSysAdmin Online

In October 5-8 2021

MacSysAdmin Online




Patrik Jerneheim - MacSysAdmin
Hello and welcome to the MacSysAdmin 2021 Online Conference. Get the latest on the hows and whats around the when and wheres of this online event.

Please join us for a short session about what to expect from the MacSysAdmin 2021 Online Conference.

Let's Swift Again

Armin Briegel -
Swift allows an administrator to unlock the full potential of the native macOS Frameworks. However, there are a lot of steps necessary to to build and deploy a functional tool or application that may be unfamiliar to MacAdmins.

In this session, we will build a simple interactive tool in Swift with a non-trivial Interface and command line integration. We will use Swift Package Manager to add functionality with external frameworks, Automate the installer package creation with Xcode and scripts and discuss deployment strategies.

Time Machine to APFS

Howard Oakley - Eclectic Light Company
By macOS Catalina, Time Machine to HFS+ disks had reached a crisis. This talk explains those problems, and how backing up to APFS has breathed new life into one of the most important features of macOS.

AutoPkg in the Cloud

Rich Trouton - SAP
To ensure that SAP’s Jamf Pro management service for macOS has the latest software installers available, the Mac@SAP team has long used the open-source AutoPkg and JSSImporter tools to detect and download updates to specified software, perform whatever actions are needed to create software installers and upload them to our Jamf Pro server in Jamf Cloud.

To improve this service while also reducing management overhead, the Mac@SAP team recently moved their AutoPkg to macOS instances hosted in the cloud by Amazon Web Services. However, with change comes new challenges. To satisfy a requirement that all installer packages created for Jamf Pro be signed with an Apple Developer ID Installer certificate, all software where an installer package needs to be created by AutoPkg are signed using an Apple Developer ID Installer certificate issued to SAP. To securely provide this signing certificate to the new AutoPkg instances in AWS, a support system using TwoCanoes Software’s Signing Manager tool has also been set up in AWS to support AutoPkg’s ability to sign these installer packages.

This session will cover how SAP is using AWS's services, AutoPkg, JSSImporter and Signing Manager to swiftly and securely provide software to our Jamf Pro server and from there, to our users' Macs.

Celebrating You, Macsysadmin

Charles Edge -
His name was Gaal Dornick and he was just a country boy who had never seen Trantor before. That is, not in real life. He had seen it many times on the hyper-video, and occasionally in tremendous three-dimensional newscasts covering an Imperial Coronation or the opening of a Galactic Council. Even though he had lived all his life on the world of Synnax, which circled a star at the edges of the Blue Drift, he was not cut off from civilization, you see. At that time, no place in the Galaxy was.

The OWC MacSysAdmin Raffle

The first happy winner in this very exclusive and outright awesome OWC MacSysAdmin Raffle will get this portable little gadget. Are you the one...

...and our Lucky Winner is

Mike Hendrickson (US)


A Pragmatic Approach
to Endpoint Security

Graham Gilbert - Airbnb
When trying to keep macOS secure, it can be tricky balancing the needs of your organization with the needs of your users. It is vital that your users aren't so hamstrung by your security posture that they aren't able to use their computer. We will look at the tools and techniques Airbnb uses to secure it's macOS fleet, combining open source with in house software to allow us to be Hosts to our employees and to the Airbnb community.

Empire or Federation?

Which star do I want to be?

Andrew Robinson - Hofstede Insights Japan
There is a critical time for an employee or organization member — critical for the IT team, too. What is that inflection point in time and how can technology tools and some personalized manual work greatly improve the experience for all involved?

All of this while asking the age-old questions - local admin or non privileged user; The Federation or The Galactic Empire?

The OWC Sponsor Session

Tim Standing - Other World Computing

Join us for a tech session with our sponsor OWC.

Coming soon!

What about mutual TLS?

Henry Stamerjohann - Zentral Pro Services
There is no doubt that the Transport Layer Security (TLS) encryption protocol is essential for most services that users and devices connect to nowadays.

It sounds interesting that a client-side certificate can also be included in a managed Mac scenario, providing a further safeguard for trusted communication in both directions. Because with such a mutual TLS connection, a true two-way validation takes place, where both parties, the client and the server, authenticate each other via their public/private key pair. Consequently, the server can authenticate the identity of the client, and only authorised clients can connect.

Ok, this sounds really exciting, but how does this work in detail, and what are those use cases that benefit from mutual TLS? Can we make use of this in general operations on our managed Macs?

Let's find out - this talk will present some case studies and explore them in more detail.

Why Your Security Team Says, 'No'

Ed Marczak - Enterprise Security
Do you work with a Security Team that often tells you, “no”, when you suggest a great new project? Of course you do! If you work with a Security Team, there is often a good reason for this, but it can be frustrating to hear. Why do we need computer security? What does a Security Team look like, and what do they do? Both IT and Security can do a lot more to hear each other, be transparent, and come up with optimal solutions that support end-users while keeping company data safe.

This talk is aimed at both Enterprise IT and Security professionals to help them bridge the gap that so often keeps these groups from seeing eye-to-eye.

The OWC MacSysAdmin Raffle

The winner in Wednesday's OWC MacSysAdmin Raffle will win this great little box. Will it be you...?

...and our Lucky Winner is

Brian McAlister (US)


Inclusive Design for Mac Admins

Emily Kausalik-Whittle
macOS has an incredible list of built-in accessibility features to make the operating system inclusive and accessible to as many people as possible, including those with disabilities. Mac admins play an important role in ensuring electronic information and technology (EIT) is accessible. This session provides an overview of macOS's built-in accessibility features, discusses how and why to plan for accessibility in engineering efforts, where accessibility and inclusion intersect with how we administer devices, and highlights tools available to make testing for accessibility and inclusion a part of Mac administration efforts.

Automating CIS Benchmark Reporting and Remediation

Mischa van der Bent - Jamf
Learn about a better, faster, and easier way to report and remediate CIS Benchmarks. We will introduce a new reporting script, with optional remediation. This script is designed for Big Sur and Monterey and has flexible deployment options for Jamf Pro.

Fireside Chat

The 2021 Great Resignation

Andrina & Ian Kelly - Jamf
He had steeled himself just a little for the Jump through hyper-space, a phenomenon one did not experience in simple interplanetary trips. The Jump remained, and would probably remain forever, the only practical method of travelling between the stars. Travel through ordinary space could proceed at no rate more rapid than that of ordinary light (a bit of scientific knowledge that belonged among the items known since the forgotten dawn of human history), and that would have meant years of travel between even the nearest of inhabited systems. Through hyper-space, that unimaginable region that was neither space nor time, matter nor energy, something nor nothing, one could traverse the length of the Galaxy in the interval between two neighboring instants of time.

AutoPkg Everything

how ETH Zürich extends their
AutoPkg framework beyond packages

Graham Pugh - ETH Zürich
At ETH Zürich, our needs for automation have led to us developing AutoPkg processors that allow us to write recipes not only for importing packages for testing, but also for interacting with our Test Reporting system and for staging approved software to production. We are also extending our use of AutoPkg recipes beyond the deployment of just packages, so that we can version control and test our configurations (including scripts and profiles where possible) using the same processes as our package deployments.

Graham will explain the workflows that are used at ETH, give an overview of the processors he has developed to achieve it, and hopefully inspire others to extend their AutoPkg framework beyond the basics!

The OWC MacSysAdmin Raffle

Two lucky winners in Thursday's OWC MacSysAdmin Raffle will be rewarded this portable device. Are you one...?

...and our Lucky Winners are

Peter Thorn (DK)
Timo Lemberg (DE)


Provisioning in a Pandemic

Greg Neagle - Walt Disney Animation Studios
When Walt Disney Animation told all their employees to work from home starting in March 2020, the Technology team needed to figure out how to support this new normal. One of the problems to solve was deploying Macs to remote users. Greg walks us through his team’s challenges and successes.

Managing macOS
with Microsoft Intune

Neil Johnson - Microsoft
Marc Nahum - Microsoft
You have Intune licenses, and you have macOS devices to manage, where do you start? What can you do with Intune? And what are we planning in the future.

Review & Roadmap

Chase Doelling - JumpCloud
Managing macs remotely is a new twist on an old onboarding challenge. See how JumpCloud is supporting your entire environment of mac and non-mac devices including: zero touch deployments, Monterey support, iOS enrollments, and more.

User Trust & IT Codes of Ethics

Tom Bridge - JumpCloud
What's IT management? IT management is the art and practice of keeping systems, people and networks working together aligned on a common set of goals for the accomplishment of a task. Sometimes this is a business process task. Sometimes this is as simple as making money as a business. Sometimes this task is more focused around philanthropic goals or nonprofit aims.

No matter what it is though, its task is pretty clear. Keep the computer systems and their attended functions and security focuses working together to accomplish that mission.


Joel Rennich - Jamf
In this session we'll cover some of the basics of providing Zero Trust Network Access and show some examples of this at work using some open source tools. Included in the session will be modern authentication via an Identity Provider of your choice, how to use that to secure applications that don't know anything about modern authentication and then how to make it fairly seamless for your users.

This will in no way be a comprehensive treatment of ZTNA and you shouldn't expect it to be such. Definitions and opinions about ZTNAs are like utfarts, in that almost all places have at least one, and most places have many, but this session should give you some ideas to begin forming your own opinions.

Also, we may cover faster than light travel.

The OWC MacSysAdmin Raffle

The final and fortunate winner in Friday's OWC MacSysAdmin Raffle will get this speedy box.
Do you feel lucky...?

...and our Lucky Winner is

Butch Barrows, Camden (US)