In October 4-7 2022 we proudly present

MacSysAdmin Online


In October 4-7 2022

MacSysAdmin Online


We are still working on this...

As usual we plan to present you with great line up
of speakers and interesting topics.

Landscape mode only, please turn
your iPhone sideways.

Are you ready to rumble?

Days
Hours
Minutes
Seconds

Tuesday

Advanced Apple MDM Solution Designed for Security,
Scalability & Exceptional Service Delivery

Welcome

2022
Patrik Jerneheim - MacSysAdmin
Hello and welcome to the MacSysAdmin 2022 Online Conference. Get the latest and greatest on the when and where around this online event.

Please join us for a short session about what to expect from the MacSysAdmin 2022 Online Conference.


macOS Automation

State of the Union

2022
Armin Briegel - scriptingosx.com
Join Armin Briegel in this session about the ever evolving state of automation on macOS.


Leveling Up

Managing admin rights in the enterprise

2022
Rich Trouton - SAP
A fundamental and controversial issue for enterprise Mac admins is the management of admin rights for their user community. Some say granting admin is fine, others think it's a bad idea and yet others have regulatory requirements which govern what can be done.

Like other enterprise environments, SAP has had to deal with the issue of admin rights for their users and developed a tool called Privileges to manage them. Join me for a discussion of the pros and cons of admin rights in general and how SAP arrived at developing and using Privileges for their solution to the issue.


All At Once

2022
Tom Bridge - Jumpcloud
The life of the IT Admin is complicated and fraught. Whether it's managing an MDM Transition, or dealing with security, or preparing a new zero touch workflow, maintaining your workflow and your sanity has never been more important. This talk will cover strategies for keeping your flow, staying in the groove, and attached to what matters most to you.


Addigy

2022
Jason Dettbarn - Addigy
Addigy is your partner in helping to maintain your growing Apple IT ecosystem, with IT teams of all sizes trusting us to manage and secure their Apple devices and minimize end-user downtime.

What's New in IT?

2022
Live Presentation - Apple

Webinar will start at 15:00 CEST - 14:00 BST

This webinar will focus on the latest deployment and management updates. Join this webinar to hear about the latest MDM restrictions, updates to managed software updates and Apple Configurator, and new management capabilities for Mac, iPhone, and iPad, and more.

The webinar use WebEx by Cisco.
Webinar password: STkjxuqd338



How Apple Silicon Macs manage their cores,

and why that's important for users.

2022
Howard Oakley - Eclectic Light Company
Managing processors with multiple identical cores isn't that complex, and a matter of coping with priorities and balancing load. To manage the CPU cores in an Apple silicon chip a decision has to be made as to which type of core to run each thread on. Apple and Intel have chosen different strategies, and in M1 and M2 Macs the allocation of threads to cores is performed by macOS, not hardware.

Currently, macOS determines which cores are available according to the Quality of Service (QoS) assigned to a thread by the app or service. This results in background services being confined to Efficiency (E) cores alone, while higher QoS threads are preferentially allocated to Performance (P) cores but can run on E cores when needed. There are also mechanisms to compensate for differences in the number of E cores in M1 variants. Although the user can demote threads to confine them to E cores, there's no mechanism provided in macOS to promote background threads so they can use P cores.

Some apps now offer the user control over QoS and consequent core allocation, a valuable feature for potentially lengthy tasks such as compression and backing up. For example, when confined to the E cores on an M1 Pro chip, decompressing an IPSW image requires 16 seconds, but on the P cores that same task takes only 5 seconds. As Apple silicon Macs become more widely used, more apps should offer control over thread allocation to different core types.

This core allocation strategy preserves responsiveness to high QoS user tasks without disruption from background services running at low QoS. As this is accomplished in software, it's more flexible and adaptable than Intel Thread Director.


XCreds

macOS login window authentication
to your Open ID Connect Provider

2022
Tim Perfitt - Twocanoes Software
Learn about the open source project for macOS: XCreds. XCreds supercharges the macOS login window to authenticate to your identity provider such as Azure or Google Cloud over Open ID Connect (OIDC). Learn how OIDC works, how XCreds uses it to authenticate your mac, and how to deploy XCreds in your organization to reduct support costs and increase security.


Advanced Apple MDM Solution Designed for Security,
Scalability & Exceptional Service Delivery

...and our Lucky Winners are

Vesa Marjasalo (FI)
Brian McAlister (US)
Erlend Sekkelsten (NO)
Sjur Lohne (SE)

The MacSysAdmin OWC Raffle

Four happy winners in this very exclusive and outright awesome MacSysAdmin OWC Raffle will get this portable little gadget. Are you one...

Wednesday


What are state machines

and why would you want to use them?

2022
Tim Standing - Other World Computing
State machines are used extensively by hardware engineers to handle events in everything from toasters to jet engines. But they’re also a powerful tool for those of us writing software. I have come to rely on them when I write code which communicates with a server or code which can encounter a myriad of errors. In this session, we’ll design and implement a state machine in Python to notarize a file by sending it to Apple’s servers.


Unmasking WindTape

Analyzing an APT macOS malware specimen

2022
Patrick Wardle - Objective See Fundation
The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary. In this paper, we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems.

First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.


External Storage

2022
Jon Hoeg - Other World Computing
High-performance storage solutions perfect for everything from Time Machine backups to Hollywood film production. There is an OWC drive perfect for every project and environment from enterprise to pocket-size.


Security for Humans, revisited

2022
Robin Laurén - Reaktor
What is a human and how does it relate to security? How should one talk about security with humans? What are the relative strengths and weaknesses of humans related to security? Also, are you a human and if so, should you worry?

Apple Platform Security

2022
Live Presentation - Apple

Webinar will start at 15:00 CEST - 14:00 BST

Apple cares deeply about security—both for the user and for protecting organisational data. Apple have built advanced security into their products from the ground up, making them secure by design. Join this webinar to hear about Apple Platform Security.

The webinar use WebEx by Cisco.
Webinar password: ahJJGmu3q73



How to Exfiltrate Data
from a Mac

…and What to do About It

2022
Ed Marczak - Enterprise Security
This security-focused talk lists ways to get data off of a Mac, and what you, the Mac Admin can do about it. We cover why this security is important (and why it sometimes isn’t! Don’t follow the lockdown advice here if you don’t need to!), how to be kind to your end users, and how to secure your corporate data from leaving the company via a Mac. Come for the security tips, stay for the thought exercise, the monitoring and documentation advice, and the guide to security for your coworkers.


The Achilles Heel
of Endpoint Security

2022
Csaba Fitzl - Offensive Security
macOS introduced the EndpointSecurity framework in macOS Catalina to provide a generic security framework for third party applications. All EndpointSecurity client requires the user the provide Full Disk Access rights. If this permission is not granted, the client can't register and operate. While this is a preventive control for installing such software, it turns out to be the "Achilles heel" of the entire concept. Once this permission is revoked, the client becomes non functional, and thus trivial to disarm. To reset FDA permissions we can use tccutil. Originally it could be used to reset ES client permissions without any control, which was an issue.

In this talk I will show the evolution of tccutil, how and what kind of mitigations Apple added to the utility after my report and then how I bypassed it in various ways. Apple then went on and redesigned the whole control embedded in the tool, which I will also discuss. Although it seems to be ok now it is still vulnerable under certain conditions. At the end I will also briefly talk about the untold power of "Full Disk Access", and how it becomes (in my opinion) a single point of failure control in the operating system.


When was the last time you changed your Keychain password?

2022
Charles Edge - krypted.com
Come join Charles Edge in this session about security.


...and our Lucky Winners are

Andreas Henriksson (AX)
Jens Mühlenberg (CH)

The MacSysAdmin OWC Raffle

The two winners in Wednesday's MacSysAdmin OWC Raffle will win this great little box. Will it be you...?

Thursday

We help organizations succeed with Apple

If you do it like this, it'll work

2022
Emily Kausalik-Whittle - Jamf
You're a teaser, you turn 'em on Leave 'em burning and then you're gone Looking out for another Anyone will do You're in the mood for a dance And when you get the chance


Mac Admins Foundation

2022
Emily Kausalik-Whittle - Co-Chair
Chris Dawe - Secretary
Board members Emily Kausalik-Whittle and Chris Dawe provide an update on what's happening with the Mac Admins Foundation, a 501(c)(3) nonprofit organization with a mission to "advance the global community of people who manage Apple devices at large and small scales.


Installomator

– automated software deployment
for Jamf, Mosyle, Addigy, and Microsoft

2022
Søren Theilgaard - ENVO IT A/S
Introducing Installomator version 10! How to use Installomator for deploying software with automatic updates to the latest version. Now with shown progress using swiftDialog.


The BYOD Revolution

User Enrolment:
The Best For Security, Privacy
and Work/Life Balance

2022
Luke Allen - Jamf
During the pandemic, working from home has encouraged us to adapt to remote work. For many, this has meant that our home has also become our office. Coupled with the ubiquitous nature of modern technology it can often be difficult to draw healthy lines between work and play. It’s very easy to ‘quickly respond’ to an email or a Slack message when it pops up during dinner.

Admins can expect to understand how to enable, deploy, and secure User Enrolment and understand the challenges that come with it.

Expect to learn more about what User Enrolment is, why it hasn’t been popular until recently, and why now is the time to support your users with a newer deployment methodology that has privacy and security at the core.

During the session we’ll experience how User Enrolment (BYOD) for iOS/iPadOS can pair with new Focus features to strike the right balance between home and work.

Fundamentals of
Apple Deployment

2022
Live Presentation - Apple

Webinar will start at 15:00 CEST - 14:00 BST

Leveraging Apple within your organisation has never been easier and this webinar will focus on the the fundamentals of Apple Deployment. Join this webinar to learn how to prepare your organisation for deployment and how to manage Apple devices, both organisation-owned and personal devices at a world-class level.

The webinar use WebEx by Cisco.
Webinar password: hiVfhPuV329



The Things I've Learned

2022
Duncan McCracken - Jamf
Come join Duncan McCracken and let him take you on a journey in the world of modern IT.


Managing macOS with Intune

What's new in 2022

2022
Marc Nahum - Microsoft
Come join Marc Nahum for an update on what is new in macOS management with Intune.


Munki, Ventura, and You

2022
Greg Neagle - Walt Disney Animation Studios
Greg will introduce Munki 6, a major new release of the popular software management tool, due this fall. Among other things, Munki 6 can now help you upgrade macOS on Macs with Apple silicon. Greg will also talk about some of the changes in the upcoming macOS Ventura that you may need to pay attention to, and how those will affect Munki, and you!


We help organizations succeed with Apple

...and our Lucky Winner is

Terje Gustavson (NO)

The MacSysAdmin OWC Raffle

One lucky winner in Thursday's MacSysAdmin OWC Raffle will be rewarded this amazing device. Are you the one...?

Friday

The Apple Device Management and Security Platform

Unearth the Secrets of

Secure Token, Bootstrap Token,
and Volume Ownership

2022
Arek Dreyer - Kandji
I’ll never forget the time I couldn’t click “Turn On Filevault” on a freshly-restored test Mac. Ironically it was because I was trying to save time with a clever trick. Spoiler alert: I was foiled by Secure Token.

You don’t often need to think about Secure Token, Bootstrap Token, and volume ownership. But they can have a huge impact on the choices you make for onboarding as well as other workflows. In this session you’ll get the context and details you need to confidently evaluate workflows and changes your organization is contemplating.

This session uses the Apple Platform Security Guide and the Apple File System Reference as a foundation. Understand why Secure Token was introduced way back in macOS 10.13; why the Bootstrap Token feature was introduced to help with deployments that don’t use the traditional unmanaged consumer Setup Assistant workflow; and how the concept of volume ownership comes into play when the person at the keyboard is not an administrator user.

Consumers never have to worry about these concepts. Let’s make sure your users never have to worry about them, either.


Top 5 Ways to Improve

Your Apple End User Experience in AAD/M365

2022
Michael Epping - Microsoft
Grace Picking - Microsoft
Many organizations that use macOS also use Azure AD and M365. There are multiple integration points between Azure AD and Apple devices, and many organizations struggle with understanding the differences in these integrations and the related best practices. We'll discuss how these pieces work deep down and some best practices for deploying them.

Attendees will learn how to improve security and the user experience in environments where their Apple devices are being integrated with Azure AD Conditional Access, how to provide SSO to M365 resources, and how to leverage the latest macOS features to integrate with the Azure AD identity platform as much as possible. We are from the Microsoft identity product group responsible for Active Directory and Azure Active Directory.

This will be a technical session that focuses not only on what can be done to improve user experience and security, but how the underlying Microsoft and Apple technologies can work better together.


Kandji

2022
- Kandji
Powerful device management and security tools IT teams need and the elegant Apple experience users expect.

A Deployment

in the Lonesome October

2022
W. Andrew Robinson - Opn Co. Ltd
Facing global shortages of hardware and still needing to deploy work environments to new joiners with certain, specific special needs in business, what is a Mac admin to do? A cautionary tale.



Compliance

2022
Henry Stamerjohann - Zentral Pro Services
What about proof of a compliant state - where's the benefit for Macadmins? In this session, we'll start with orientation, exploration, and end with a bit of practice, looking at how setting up compliance controls and auditing them can become a domain of interest. Along the way, we'll take a quick look at security frameworks and pick up some techniques and tools you can use to support your organization-wide processes and procedures.


How to Exfiltrate Data
from a Mac

…and What to do About It

2022
Ed Marczak - Enterprise Security
This security-focused talk lists ways to get data off of a Mac, and what you, the Mac Admin can do about it. We cover why this security is important (and why it sometimes isn’t! Don’t follow the lockdown advice here if you don’t need to!), how to be kind to your end users, and how to secure your corporate data from leaving the company via a Mac. Come for the security tips, stay for the thought exercise, the monitoring and documentation advice, and the guide to security for your coworkers.


The Achilles Heel
of Endpoint Security

2022
Csaba Fitzl - Offensive Security
macOS introduced the EndpointSecurity framework in macOS Catalina to provide a generic security framework for third party applications. All EndpointSecurity client requires the user the provide Full Disk Access rights. If this permission is not granted, the client can't register and operate. While this is a preventive control for installing such software, it turns out to be the "Achilles heel" of the entire concept. Once this permission is revoked, the client becomes non functional, and thus trivial to disarm. To reset FDA permissions we can use tccutil. Originally it could be used to reset ES client permissions without any control, which was an issue.

In this talk I will show the evolution of tccutil, how and what kind of mitigations Apple added to the utility after my report and then how I bypassed it in various ways. Apple then went on and redesigned the whole control embedded in the tool, which I will also discuss. Although it seems to be ok now it is still vulnerable under certain conditions. At the end I will also briefly talk about the untold power of "Full Disk Access", and how it becomes (in my opinion) a single point of failure control in the operating system.


The Apple Device Management and Security Platform

...and our Lucky Winner is

Ilkka Vanhatalo (FI)

The MacSysAdmin OWC Raffle

The final and fortunate winner in Friday's MacSysAdmin OWC Raffle will get this incredible box. Do you feel lucky...?