Registration

09:00 - 10:15

Come get your conference badge, your T-shirt, and get ready for four days of tech at MacSysAdmin Conference.

While you eagerly await the start of this year's event you can get a coffee, meet some familiar faces again, and say hello to this year's exhibitors.

Welcome back

10:15 - 10:45
Patrik Jerneheim - MacSysAdmin

Hello and welcome to MacSysAdmin Conference 2023. Get the latest information about the who, when and where around this year's live event.

Join us for a short session about what to expect from MacSysAdmin Conference 2023.

passkeys

10:55 - 11:50
Charles Edge - krypted.com
Joel Rennich - Jumpcloud

Get a better understanding of the science behind passkeys and how they greatly improve both security and the user experience.

In this session you'll learn more of how passkey resistant phishing, techniques for managing passkeys at institutional scale, instead of just on a personal basis, and what changes iOS 17 and macOS Sonoma bring to the table, including some demos of credential providers.

Passkeys are the cornerstone of the modern “passwordless” future. But how do they work, how can you test them, and what emerging threats do they represent. In this session we’ll do a cursory review of Webauthn, the Passkey implementation of the protocol suite, and then show how we can sign up for a Passkey on a website, intercept the Passkey, and store them.

Given that this is made possible by extensions that can load at a few different layers of a modern operating system and browser combination, we’ll also cover some open source projects we’ve created to get telemetry into tools that get access to the APIs we’re using. These can then be morphed to pipeline that information into a SEIM or other tool.

A Double Act

12:05 - 13:00
Speakers - Company

Join the this session at MacSysAdmin to stay ahead in the rapidly evolving Apple ecosystem. Discover the latest updates, best practices, and emerging trends in managing Apple devices and services. From macOS and iOS advancements to MDM and deployment strategies, this session equips attendees with invaluable insights to streamline their Apple-centric operations.

Unveiling the Power of visionOS:

Beyond Entertainment

14:00 - 14:25
Sergi Popov - MacPaw

visionOS might be entertaining, but is that all it has to offer? Let’s figure it out: from the first reality OS rumors to the cutting-edge discoveries. Join the talk to explore its diverse applications and relevance for Mac Admins.

Software Update
in the next era

14:35 - 15:30
Tom Bridge - Jumpcloud

It's hard to see Software Update on macOS and iOS as anything other than a challenge to be overcome. This session will cover how Software Update has operated in the past, how it operates today, and with the next version of macOS due any day, perhaps some discussion of how it will work going forward. Coping techniques are a requirement for this subject, so please feel free to bring any emotional support items necessary for this important discussion (pet, banana, flask, or axe.)

Introduction to
Declarative MDM

15:55 - 16:50
Rich Trouton - SAP

Apple's mobile device management (MDM) protocol is an essential part of maintaining macOS, iOS, iPadOS and tvOS devices at companies, schools and institutions. In its current form, MDM management is designed around a model of the MDM management service telling the managed devices what to do and the managed devices doing it, with the desired state logic residing on the MDM management service's end.

Declarative device management (DDM) introduces a substantial change to this management model, with the individual devices being granted more autonomy to enforce configuration changes and take actions within a defined set of policies provided by the management server. This new approach also enables devices to proactively send status changes back to the management service in place of needing to wait for the management service to poll the device. The overall result is that device information gets reported back more quickly, policies subsequently can be applied faster, while also reducing the load on the management service because of the reduced communication need between the managed devices and management service.

This session will discuss how MDM works today without declarative device management, provide an introduction to DDM and discuss how DDM will add capabilities to device management.

Apple Management 2.0:

Navigating DDM, Future OS Updates, and Compliance

9:00 - 9:25
John Sutcliffe - Addigy

Let us explore the exciting world of Apple Management 2.0, focusing on the latest advancements in Declarative Device Management (DDM), the future of OS updates, and compliance strategies. As Apple devices play a central role in modern workplaces, understanding how to manage them efficiently is paramount. Join us to discover the transformative power of DDM, gain insights into upcoming trends in OS updates, and learn practical approaches to ensure compliance while maintaining a secure and productive Apple ecosystem. Whether you are an IT professional, a business leader, or simply curious about the future of Apple management, this session will equip you with the knowledge and tools needed to navigate the next generation of Apple Management successfully.

A macOS client built

from code

9:35 - 10:30
Henry Stamerjohann - Zentral Pro Services

2023-08-23 17:38, Hamburg:
What if all configuration and packages required for a macOS client could be built from a single source? The configuration profiles, the Munki repository, the Google Santa rules, the Osquery compliance checks, all in one place? What could we achieve with this workflow? Is it even a good idea?

2023-08-24 11:42, Hamburg:
OK, the plan is sound. Let’s send it to Patrik!

2023-10-04 09:32, Gothenburg:
How did we think this was a good idea?

Zero Trust is not Zero Effort:

Planning your Zero Trust strategy

10:55 - 11:50
Graham Gilbert - Airbnb

Many vendors will try to tell you that all you need to do is buy their zero trust product - but is it really that simple? (Here’s a hint: that would make this talk very short)

Over the past year, Graham has been helping to create Airbnb’s Zero Trust strategy. In this session he will share some of what he has learned along the way, from how teams across InfoSec and IT came together to identify goals and highlight gaps in our coverage and most importantly, design a zero trust program that has our end user’s experience at the front of our minds, whilst keeping our Host, Guest and Company data safe with secure, continuously assessed and tiered access to Airbnb data and services.

Why won’t you all

Just Do What I Say?

12:05 - 13:00
W. Andrew Robinson - Opn

“At the intersection of Humanities and Technology lies the Mac Admin. The work we do is strange — we communicate with such a wide range of people, yet we are not usually trained in that craft. We are technologists, but we frequently are working among those that are not such. We know our stuff pretty well, yet the people we work with find what we do a mystery. How can we be better at this weird path we walk? How do we get these people to do the things we know are Good and Proper and Correct? We obviously know what’s best, right? Why won’t these people Just Do What We Say?!

In our time together, I will talk about the work I do as an IT manager, the challenges I found this year that I think many of us face, and I hope to share some thoughts on the insights I came to see this past year. I look forward to seeing you all in person this year!”

35 Years of Great Products from OWC

14.00 - 14.25
Tim Standing - OWC

OWC has been creating cutting edge products for macOS for over 35 years. These include docks, storage products, servers and software. Come hear about the great products we introduced since the last MacSysAdmin including our Accelsior 8M2 PCI card which sustains 24 GB/s and our new Jellyfish Nomad server which provides the performance you need everywhere you go.

Choose your own MITRE ATT&CK® Adventure:

OceanLotus Edition

14:35 - 15:30
Cat Self - MITRE Corporation

Everything is hidden, until you look for it. For those courageous enough to look, where do you start on macOS as a defender, red team, or analyst?

Maybe you’ve heard about this MITRE ATT&CK thing, but it’s just for Windows, right? Fun fact, ATT&CK has quietly covered macOS since 2017 as a free knowledge base of adversary behaviors on real-world tactics, techniques, and procedures seen in actual intrusions.

Using OceanLotus, a real-world macOS intrusion set, we walkthrough how to use ATT&CK for assessments, detection, threat intelligence, and conducting adversary emulation. Walking through our philosophy, approach when using ATT&CK, and common pitfalls we hope to empower you to recognize how to prioritize and discuss how to apply ATT&CK for your organization’s needs. , until you look for it. For those courageous enough to look, where do you start on macOS as a defender, red team, or analyst?

Maybe you’ve heard about this MITRE ATT&CK thing, but it’s just for Windows, right? Fun fact, ATT&CK has quietly covered macOS since 2017 as a free knowledge base of adversary behaviors on real-world tactics, techniques, and procedures seen in actual intrusions.

Using OceanLotus, a real-world macOS intrusion set, we walkthrough how to use ATT&CK for assessments, detection, threat intelligence, and conducting adversary emulation. Walking through our philosophy, approach when using ATT&CK, and common pitfalls we hope to empower you to recognize how to prioritize and discuss how to apply ATT&CK for your organization’s needs.

Platform Single Sign On

15:55 - 16:50
Joel Rennich - Jumpcloud

Platform Single Sign On: Explore what's possible with Platform SSO on a Mac. We will cover what's required to use it, go into details on the various flows that you can have and how it works under the covers. The session will also have live demos of using Platform SSO for just in time user creation at the loginwindow and password synchronization with an IdP. There will also be some conversation around the any current Identity Providers that support Platform SSO.

At the end of this session you should have a much better understanding of what Platform SSO could do for your environment, whether or not you have all the required pieces, and if it will make your admin life easier.

Launch and Environment Constraints Overview

17:00 - 17:25
Csaba Fitzl - Offensive Security

In this talk I will talk about two mitigations which Apple introduced in order to protect against many types of logic vulnerabilities. Launch Constraints was introduced in macOS Ventura, and they can control who can launch a built-in system application and how. Environment Constraints were introduced in Sonoma, and it's basically the extension of Launch Constraints for third party apps. These two features are probably the most impactful when it comes to exploitation. I will review them in detail, how they are set up, what they do exactly, and what kind of vulnerability classes they mitigate. I will also go through a couple of past vulnerabilities, which could not have been exploited with these constraints present. Finally I will walk through how various third party apps should be set up in order to be secure.

What's Up!

09:00 - 09:55
Speaker - Organization

Attending this session is an exhilarating experience, which adds an element of intrigue, generating buzz and anticipation. With knowledge and insights that are likely to be extraordinary, this speaker will provide unique perspectives that ignite inspiration and propel attendees' understanding of cutting-edge technologies and trends in the industry.

Lunch

13:00 - 14:00
Kårrestaurangen - Chalmers Conference Center
Don't forget to wear your conference badge!

Mac Management Made Easy with Microsoft Intune

14:35 - 15:30
Marc Nahum - Microsoft

Latest Feature you need to know. For a MacAdmins who are looking for a comprehensive, enterprise-grade solution for managing Apple products Intune is the modern solution! With new settings and functionalities introduced every month, Intune offers a wealth of options for both MacAdmins and end users alike. Intune integrates seamlessly with Azure Active Directory and Microsoft 365 to provide a complete and fully integrated solution for organization's with Apple management needs. This session will present it.

Automatic Patch Mgmt

15:55 - 16:50
Søren Theilgaard - Envo IT A/S

How to implement automatic patch management using Installomator. A description what Installomator is and what the latest features are. How to implement Installomator for automatic patch management in MDM solutions like Jamf Pro, Kandji, Addigy, and Mosyle.

Learn how to explain

bootstrap token in 120 sec.

09.35 - 10:30
Arek Dreyer - Kandji

Apple engineers are living years in the future, building what we’ll have to deal with some day. Meanwhile, we’re left dealing with the past, even if “the past” isn’t released yet! Maybe some day in the future you won’t need to think about secure token, bootstrap token, volume ownership, and FileVault for macOS.

But today they are still relevant and important. Learn how to explain the architecture of secure token and bootstrap token, if only to explain it to yourself when you evaluate workflows that might require what’s impossible today.

The magic which makes
macOS volumes fast

10:55 - 11:50
Tim Standing - SoftRAID

When you think of the file which holds your favorite photo or a rockin' song, you probably think of a chunk of a bytes on a disk with an index which determines where the chunk starts. Modern volumes are so much more than that. This talk will cover the new features of macOS file system and storage hardware as well as the magic which makes them fast. I'll cover topics like Fast Directory Sizing, Firm Links, Rapid Security Response, Secure Boot and Sealed System Volumes. I'll review recent changes in PCI, Thunderbolt and USB. I'll also uncover some of the unexpected "features" of macOS which can lead to corrupted volumes.

OWC Raffle

11:50 - 12:00
Tim Standing - Other World Computing

Lunch

12:00 - 13:00
Break Area - Chalmers Conference Centre
Don't forget to wear your conference badge!

Mac Admins Podcast - Live

@MacSysAdmin 2023

14:05 - 15:00
Tom, Charles & Emily - Mac Admins Podcast

The MacSysAdmin Q&A session offers invaluable benefits. Engaging with speakers in real-time allows you to seek tailored solutions for your specific IT challenges. Directly posing questions fosters deep understanding, clarifies doubts, and expands your knowledge. The interactive nature encourages networking with fellow professionals, fostering collaboration and idea exchange. Your active participation enriches your skill set, empowering you to implement cutting-edge practices effectively, making every moment invested incredibly rewarding.