In October 3-6 2023 we proudly present

MacSysAdmin Conference 2023

In October 3-6 2023

MacSysAdmin Conference 2023

New year, new ideas...

As usual we plan to present you with great line up
of speakers with interesting topics.

Countdown timer visible
on larger screens.

Turn your device sideways
or go bigger.

Come hell or high water...
We'll do it live!




09:00 - 10:15

Come get your conference badge, your T-shirt, and get ready for four days of tech at MacSysAdmin Conference.

While you eagerly await the start of this year's event you can get a coffee, meet some familiar faces again, and say hello to this year's exhibitors.

Welcome back

10:15 - 10:45
Patrik Jerneheim - MacSysAdmin

Hello and welcome to MacSysAdmin Conference 2023. Get the latest information about the who, when and where around this year's live event.

Join us for a short session about what to expect from MacSysAdmin Conference 2023.


10:55 - 11:50
Charles Edge -
Joel Rennich - Jumpcloud

Get a better understanding of the science behind passkeys and how they greatly improve both security and the user experience.

In this session you'll learn more of how passkey resistant phishing, techniques for managing passkeys at institutional scale, instead of just on a personal basis, and what changes iOS 17 and macOS Sonoma bring to the table, including some demos of credential providers.

Passkeys are the cornerstone of the modern “passwordless” future. But how do they work, how can you test them, and what emerging threats do they represent. In this session we’ll do a cursory review of Webauthn, the Passkey implementation of the protocol suite, and then show how we can sign up for a Passkey on a website, intercept the Passkey, and store them.

Given that this is made possible by extensions that can load at a few different layers of a modern operating system and browser combination, we’ll also cover some open source projects we’ve created to get telemetry into tools that get access to the APIs we’re using. These can then be morphed to pipeline that information into a SEIM or other tool.

A Double Act

12:05 - 13:00
Speakers - Company

Join the this session at MacSysAdmin to stay ahead in the rapidly evolving Apple ecosystem. Discover the latest updates, best practices, and emerging trends in managing Apple devices and services. From macOS and iOS advancements to MDM and deployment strategies, this session equips attendees with invaluable insights to streamline their Apple-centric operations.


13:00 - 14:00
Kårrestaurangen - Chalmers Conference Centre
Don't forget to wear your conference badge!

Have many Macs inside a single Mac:

The talk about Virtual machines.

14:00 - 14:25
Sergi Popov - MacPaw

You may be surprised how efficient and flexible are virtual machines on Mac, and how fast they can be configured. Let’s discover the basics and see how you could configure your first virtual machine from scratch on macOS and Linux.

Software Update
in the next era

14:35 - 15:30
Tom Bridge - Jumpcloud

It's hard to see Software Update on macOS and iOS as anything other than a challenge to be overcome. This session will cover how Software Update has operated in the past, how it operates today, and with the next version of macOS due any day, perhaps some discussion of how it will work going forward. Coping techniques are a requirement for this subject, so please feel free to bring any emotional support items necessary for this important discussion (pet, banana, flask, or axe.)

Introduction to
Declarative MDM

15:55 - 16:50
Rich Trouton - SAP

Apple's mobile device management (MDM) protocol is an essential part of maintaining macOS, iOS, iPadOS and tvOS devices at companies, schools and institutions. In its current form, MDM management is designed around a model of the MDM management service telling the managed devices what to do and the managed devices doing it, with the desired state logic residing on the MDM management service's end.

Declarative device management (DDM) introduces a substantial change to this management model, with the individual devices being granted more autonomy to enforce configuration changes and take actions within a defined set of policies provided by the management server. This new approach also enables devices to proactively send status changes back to the management service in place of needing to wait for the management service to poll the device. The overall result is that device information gets reported back more quickly, policies subsequently can be applied faster, while also reducing the load on the management service because of the reduced communication need between the managed devices and management service.

This session will discuss how MDM works today without declarative device management, provide an introduction to DDM and discuss how DDM will add capabilities to device management.

Demystifying macOS' Background Task Mgmt

17:00 - 17:55
Patrick Wardle - Objective See Foundation

To retain a foothold on an infected system, most Mac malware will persist; installing itself in a manner that ensures it will be automatically (re)launched each time the infected system is rebooted.

In macOS Ventura, Apple's rearchitected core persistence mechanisms and added a new security mechanism that alerts the user any time an item is persisted. As the former is both undocumented and implemented in a proprietary manner this poses a problem for existing security and forensics tools (that aim to heuristically detect malware via unauthorized persistence events). On the other hand, the latter is problematic to malware authors, who obviously want their malicious creations to persist without an alert being shown to the user.

In this talk, we'll indiscriminately provide solutions for all! First, we'll dive into the internals of macOS's Background Task Management (BTM) which, as we'll see, contains a central (albeit proprietary) repository of persistent items. Armed with this information, we'll release open-source code capable of programmatically enumerating all persistent items from BTM, ensuring security and forensics tools regain compatibility. We'll also highlight design weaknesses that malicious code could trivially employ to sidestep the new security features of BTM, such that persistence may still be silently achieved.

Pool Night

19:00 - 23:00
Biljardpalatset - How do I get there from here?

There's nothing quite like the joy of meeting peers in person at the Biljardpalatset, surrounded by laughter and friendly competition. The aroma of sizzling burgers and refreshing drinks adds to the ambiance, making for a perfect evning of camaraderie, shared stories, and creating lasting memories together.

We thank MacPaw for being the main sponsor at tonight's event.

Advanced Apple MDM Solution
Designed for Security, Scalability
& Exceptional Service Delivery

Download the MacSysAdmin 2023 Calendar. Courtesy of Kamal Taynaz.


Apple Management 2.0:

9:00 - 9:25
John Sutcliffe - Addigy

Let us explore the exciting world of Apple Management 2.0, focusing on the latest advancements in Declarative Device Management (DDM), the future of OS updates, and compliance strategies. As Apple devices play a central role in modern workplaces, understanding how to manage them efficiently is paramount. Join us to discover the transformative power of DDM, gain insights into upcoming trends in OS updates, and learn practical approaches to ensure compliance while maintaining a secure and productive Apple ecosystem. Whether you are an IT professional, a business leader, or simply curious about the future of Apple management, this session will equip you with the knowledge and tools needed to navigate the next generation of Apple Management successfully.

A macOS client built

from code

9:35 - 10:30
Henry Stamerjohann - Zentral Pro Services

2023-08-23 17:38, Hamburg:
What if all configuration and packages required for a macOS client could be built from a single source? The configuration profiles, the Munki repository, the Google Santa rules, the Osquery compliance checks, all in one place? What could we achieve with this workflow? Is it even a good idea?

2023-08-24 11:42, Hamburg:
OK, the plan is sound. Let’s send it to Patrik!

2023-10-04 09:32, Gothenburg:
How did we think this was a good idea?

Zero Trust is not Zero Effort:

Planning your Zero Trust strategy

10:55 - 11:50
Graham Gilbert - Airbnb

Many vendors will try to tell you that all you need to do is buy their zero trust product - but is it really that simple? (Here’s a hint: that would make this talk very short)

Over the past year, Graham has been helping to create Airbnb’s Zero Trust strategy. In this session he will share some of what he has learned along the way, from how teams across InfoSec and IT came together to identify goals and highlight gaps in our coverage and most importantly, design a zero trust program that has our end user’s experience at the front of our minds, whilst keeping our Host, Guest and Company data safe with secure, continuously assessed and tiered access to Airbnb data and services.

Why won’t you all

Just Do What I Say?

12:05 - 13:00
W. Andrew Robinson - Opn

“At the intersection of Humanities and Technology lies the Mac Admin. The work we do is strange — we communicate with such a wide range of people, yet we are not usually trained in that craft. We are technologists, but we frequently are working among those that are not such. We know our stuff pretty well, yet the people we work with find what we do a mystery. How can we be better at this weird path we walk? How do we get these people to do the things we know are Good and Proper and Correct? We obviously know what’s best, right? Why won’t these people Just Do What We Say?!

In our time together, I will talk about the work I do as an IT manager, the challenges I found this year that I think many of us face, and I hope to share some thoughts on the insights I came to see this past year. I look forward to seeing you all in person this year!”


13:00 - 14:00
Kårrestaurangen - Chalmers Conference Centre
Don't forget to wear your conference badge!

35 Years of Great Products from OWC

14.00 - 14.25
Tim Standing - OWC

OWC has been creating cutting edge products for macOS for over 35 years. These include docks, storage products, servers and software. Come hear about the great products we introduced since the last MacSysAdmin including our Accelsior 8M2 PCI card which sustains 24 GB/s and our new Jellyfish Nomad server which provides the performance you need everywhere you go.

Choose your own MITRE ATT&CK® Adventure:

OceanLotus Edition

14:35 - 15:30
Cat Self - MITRE Corporation

Everything is hidden, until you look for it. For those courageous enough to look, where do you start on macOS as a defender, red team, or analyst?

Maybe you’ve heard about this MITRE ATT&CK thing, but it’s just for Windows, right? Fun fact, ATT&CK has quietly covered macOS since 2017 as a free knowledge base of adversary behaviors on real-world tactics, techniques, and procedures seen in actual intrusions.

Using OceanLotus, a real-world macOS intrusion set, we walkthrough how to use ATT&CK for assessments, detection, threat intelligence, and conducting adversary emulation. Walking through our philosophy, approach when using ATT&CK, and common pitfalls we hope to empower you to recognize how to prioritize and discuss how to apply ATT&CK for your organization’s needs. , until you look for it. For those courageous enough to look, where do you start on macOS as a defender, red team, or analyst?

Maybe you’ve heard about this MITRE ATT&CK thing, but it’s just for Windows, right? Fun fact, ATT&CK has quietly covered macOS since 2017 as a free knowledge base of adversary behaviors on real-world tactics, techniques, and procedures seen in actual intrusions.

Using OceanLotus, a real-world macOS intrusion set, we walkthrough how to use ATT&CK for assessments, detection, threat intelligence, and conducting adversary emulation. Walking through our philosophy, approach when using ATT&CK, and common pitfalls we hope to empower you to recognize how to prioritize and discuss how to apply ATT&CK for your organization’s needs.

Platform Single Sign On

15:55 - 16:50
Joel Rennich - Jumpcloud

Platform Single Sign On: Explore what's possible with Platform SSO on a Mac. We will cover what's required to use it, go into details on the various flows that you can have and how it works under the covers. The session will also have live demos of using Platform SSO for just in time user creation at the loginwindow and password synchronization with an IdP. There will also be some conversation around the any current Identity Providers that support Platform SSO.

At the end of this session you should have a much better understanding of what Platform SSO could do for your environment, whether or not you have all the required pieces, and if it will make your admin life easier.

Launch and Environment Constraints Overview

17:00 - 17:25
Csaba Fitzl - Offensive Security

In this talk I will talk about two mitigations which Apple introduced in order to protect against many types of logic vulnerabilities. Launch Constraints was introduced in macOS Ventura, and they can control who can launch a built-in system application and how. Environment Constraints were introduced in Sonoma, and it's basically the extension of Launch Constraints for third party apps. These two features are probably the most impactful when it comes to exploitation. I will review them in detail, how they are set up, what they do exactly, and what kind of vulnerability classes they mitigate. I will also go through a couple of past vulnerabilities, which could not have been exploited with these constraints present. Finally I will walk through how various third party apps should be set up in order to be secure.

Game Night

19:00 - 21:00
Liseberg - How do I get there from here?

Spending an evening with peers at the Liseberg game hall brings immense joy. The air is filled with excitement and friendly banter as we indulge in thrilling games and challenges. With a light meal and drinks to fuel our fun, the camaraderie grows stronger, forging unforgettable memories and strengthening bonds that last.

Download the MacSysAdmin 2023 Calendar. Courtesy of Kamal Taynaz.


What's Up!

09:00 - 09:55
Speaker - Organization

Attending this session is an exhilarating experience, which adds an element of intrigue, generating buzz and anticipation. With knowledge and insights that are likely to be extraordinary, this speaker will provide unique perspectives that ignite inspiration and propel attendees' understanding of cutting-edge technologies and trends in the industry.


10:05 - 10:30
Weldon Dodd - Kandji

Mac sysadmins fill a specialized role within an IT team. An Apple expert can provide valuable skills, guidance, and insights to organizations that want to deploy Apple devices. Developing that expertise, and maintaining balance as a technology generalist, is a challenging and rewarding endeavor that can take an entire career to get right.

Building a BYO Program

at Jamf

10:55 - 11:50
Emily Kausalik-Whittle - Jamf

We love "bring your own" (BYO) at Jamf, and Jamf IT has long offered a mobile device BYO program for Jamf employees. When Apple announced account-driven user enrollment (ADUE) for personally-owned mobile devices Jamf's internal IT department was excited to embrace the new enrollment method, as it provides employee access to corporate resources in a secure, transparent way with user privacy at its core. In this session we'll demo the current mobile device BYO enrollment for Jamf employees, discuss how Jamf IT approached implementing ADUE internally, and cover all the bits and bobs involved with enabling BYO enrollment with Jamf Pro (including a peek at federating ABM, mobile AppConfig, and per-app VPN).

Munki-ing around with AI

12:05 - 13:00
Greg Neagle - Walt Disney Animation Studios

Machine Learning. Large Language Models. Artificial Intelligence. There’s been a lot of interest and hype about these subjects recently. Will these technologies pave the way to utopia, or sow the seeds of our destruction? Greg doesn’t hope to answer that. Instead, Greg will share his attempts to learn more about the current state of Large Language Model tools and his efforts to bend them to his will and build a useful tool to use with Munki. As this description is being written, it’s still not clear whether he will succeed or fail in his task. Come to MacSysAdmin in Gothenburg to find out!


13:00 - 14:00
Kårrestaurangen - Chalmers Conference Center
Don't forget to wear your conference badge!

Mastering the Art of Device Off-Boarding:

Enhancing Security and Employee Experience!

14:00 - 14:25
Kavan Joshi - Jamf

Discover the benefits of a well-executed device off-boarding strategy. Enhance security by protecting sensitive information and closely monitoring devices during employee service notice periods. Streamline employee experience with a seamless transition process. Optimize resources, save time, and reinforce your organization's commitment to data security and employee satisfaction. Invest in the art of device off-boarding to safeguard assets and strengthen your organizations reputation.

Mac Management Made Easy with Microsoft Intune

14:35 - 15:30
Marc Nahum - Microsoft

Latest Feature you need to know. For a MacAdmins who are looking for a comprehensive, enterprise-grade solution for managing Apple products Intune is the modern solution! With new settings and functionalities introduced every month, Intune offers a wealth of options for both MacAdmins and end users alike. Intune integrates seamlessly with Azure Active Directory and Microsoft 365 to provide a complete and fully integrated solution for organization's with Apple management needs. This session will present it.

Automatic Patch Mgmt

15:55 - 16:50
Søren Theilgaard - Envo IT A/S

How to implement automatic patch management using Installomator. A description what Installomator is and what the latest features are. How to implement Installomator for automatic patch management in MDM solutions like Jamf Pro, Kandji, Addigy, and Mosyle.

Data Driven IT

17:00 - 17:55
Ed Marczak - Enterprise Security

You deploy Macs, and you deploy settings and software, but how do you know that it’s working? Collect some data, of course! This talk will cover data that you may want to collect, ways to collect it, useful queries, and tools to monitor and alert on this data. No more guessing: use the data that your fleet provides to correct errors and make decisions.

The Bash

19:00 - 23:00
Irish Embassy - How do I get there from here?

The joy of spending an evening with your peers at the Irish Embassy Pub is unmatched. The lively atmosphere, filled with laughter and conversation, sets the stage for an unforgettable time. Indulging in a great buffet and drinks adds to the pleasure, fostering a sense of camaraderie and creating cherished memories that will be talked about for years to come.

We thank Jamf for being the main sponsor at tonight's event.

We help organizations succeed with Apple

Download the MacSysAdmin 2023 Calendar. Courtesy of Kamal Taynaz.


Learn how to explain

bootstrap token in 120 sec.

09.35 - 10:30
Arek Dreyer - Kandji

Apple engineers are living years in the future, building what we’ll have to deal with some day. Meanwhile, we’re left dealing with the past, even if “the past” isn’t released yet! Maybe some day in the future you won’t need to think about secure token, bootstrap token, volume ownership, and FileVault for macOS.

But today they are still relevant and important. Learn how to explain the architecture of secure token and bootstrap token, if only to explain it to yourself when you evaluate workflows that might require what’s impossible today.

The magic which makes
macOS volumes fast

10:55 - 11:50
Tim Standing - SoftRAID

When you think of the file which holds your favorite photo or a rockin' song, you probably think of a chunk of a bytes on a disk with an index which determines where the chunk starts. Modern volumes are so much more than that. This talk will cover the new features of macOS file system and storage hardware as well as the magic which makes them fast. I'll cover topics like Fast Directory Sizing, Firm Links, Rapid Security Response, Secure Boot and Sealed System Volumes. I'll review recent changes in PCI, Thunderbolt and USB. I'll also uncover some of the unexpected "features" of macOS which can lead to corrupted volumes.

OWC Raffle

11:50 - 12:00
Tim Standing - Other World Computing


12:00 - 13:00
Break Area - Chalmers Conference Centre
Don't forget to wear your conference badge!

MacAdmin Tools

13:00 - 13:55
Armin Briegel - Jamf/

A meandering tour through the current landscape of MacAdmins tools from Apple, third parties and the community. How is Apple’s transition to their own silicon and focus on privacy and security changing MacAdmin work? Why is everything in the cloud now? Which solutions can MacAdmins use to adapt? What should we prepare for in the coming years? Prepare for a wild rollercoaster ride, that alternates between high-level overviews and deep dives.

Mac Admins Podcast - Live

@MacSysAdmin 2023

14:05 - 15:00
Tom, Charles & Emily - Mac Admins Podcast

The Mac Admins Podcast is a popular resource for IT professionals and administrators in the Apple ecosystem. Launched in 2017, it offers insightful discussions, expert interviews, and valuable insights on managing Macs, iOS devices, and related technologies in enterprise environments.
Join us for a live sessions.

The Apple Device Management
and Security Platform

Download the MacSysAdmin 2023 Calendar. Courtesy of Kamal Taynaz.