Welcome

2022
Patrik Jerneheim - MacSysAdmin
Hello and welcome to the MacSysAdmin 2022 Online Conference. Get the latest and greatest on the when and where around this online event.

Please join us for a short session about what to expect from the MacSysAdmin 2022 Online Conference.

macOS Automation

State of the Union

2022
Armin Briegel - scriptingosx.com
Join Armin Briegel in this session about the ever evolving state of automation on macOS.

Leveling Up

Managing admin rights in the enterprise

2022
Rich Trouton - SAP
A fundamental and controversial issue for enterprise Mac admins is the management of admin rights for their user community. Some say granting admin is fine, others think it's a bad idea and yet others have regulatory requirements which govern what can be done.

Like other enterprise environments, SAP has had to deal with the issue of admin rights for their users and developed a tool called Privileges to manage them. Join me for a discussion of the pros and cons of admin rights in general and how SAP arrived at developing and using Privileges for their solution to the issue.

All At Once

2022
Tom Bridge - Jumpcloud
The life of the IT Admin is complicated and fraught. Whether it's managing an MDM Transition, or dealing with security, or preparing a new zero touch workflow, maintaining your workflow and your sanity has never been more important. This talk will cover strategies for keeping your flow, staying in the groove, and attached to what matters most to you.

Addigy

2022
Jason Dettbarn - Addigy
Addigy is your partner in helping to maintain your growing Apple IT ecosystem, with IT teams of all sizes trusting us to manage and secure their Apple devices and minimize end-user downtime.

How Apple Silicon Macs manage their cores,

and why that's important for users.

2022
Howard Oakley - Eclectic Light Company
Managing processors with multiple identical cores isn't that complex, and a matter of coping with priorities and balancing load. To manage the CPU cores in an Apple silicon chip a decision has to be made as to which type of core to run each thread on. Apple and Intel have chosen different strategies, and in M1 and M2 Macs the allocation of threads to cores is performed by macOS, not hardware.

Currently, macOS determines which cores are available according to the Quality of Service (QoS) assigned to a thread by the app or service. This results in background services being confined to Efficiency (E) cores alone, while higher QoS threads are preferentially allocated to Performance (P) cores but can run on E cores when needed. There are also mechanisms to compensate for differences in the number of E cores in M1 variants. Although the user can demote threads to confine them to E cores, there's no mechanism provided in macOS to promote background threads so they can use P cores.

Some apps now offer the user control over QoS and consequent core allocation, a valuable feature for potentially lengthy tasks such as compression and backing up. For example, when confined to the E cores on an M1 Pro chip, decompressing an IPSW image requires 16 seconds, but on the P cores that same task takes only 5 seconds. As Apple silicon Macs become more widely used, more apps should offer control over thread allocation to different core types.

This core allocation strategy preserves responsiveness to high QoS user tasks without disruption from background services running at low QoS. As this is accomplished in software, it's more flexible and adaptable than Intel Thread Director.

What are state machines

and why would you want to use them?

2022
Tim Standing - Other World Computing
State machines are used extensively by hardware engineers to handle events in everything from toasters to jet engines. But they’re also a powerful tool for those of us writing software. I have come to rely on them when I write code which communicates with a server or code which can encounter a myriad of errors. In this session, we’ll design and implement a state machine in Python to notarize a file by sending it to Apple’s servers.

Unmasking WindTape

Analyzing an APT macOS malware specimen

2022
Patrick Wardle - Objective See Fundation
The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary. In this paper, we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems.

First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.

External Storage

2022
Jon Hoeg - Other World Computing
High-performance storage solutions perfect for everything from Time Machine backups to Hollywood film production. There is an OWC drive perfect for every project and environment from enterprise to pocket-size.

Security for Humans, revisited

2022
Robin Laurén - Reaktor
What is a human and how does it relate to security? How should one talk about security with humans? What are the relative strengths and weaknesses of humans related to security? Also, are you a human and if so, should you worry?

How to Exfiltrate Data
from a Mac

…and What to do About It

2022
Ed Marczak - Enterprise Security
This security-focused talk lists ways to get data off of a Mac, and what you, the Mac Admin can do about it. We cover why this security is important (and why it sometimes isn’t! Don’t follow the lockdown advice here if you don’t need to!), how to be kind to your end users, and how to secure your corporate data from leaving the company via a Mac. Come for the security tips, stay for the thought exercise, the monitoring and documentation advice, and the guide to security for your coworkers.

When was the last time you changed your Keychain password?

2022
Charles Edge - krypted.com
Come join Charles Edge in this session about security.

Installomator

– automated software deployment
for Jamf, Mosyle, Addigy, and Microsoft

2022
Søren Theilgaard - ENVO IT A/S
Introducing Installomator version 10! How to use Installomator for deploying software with automatic updates to the latest version. Now with shown progress using swiftDialog.

Managing macOS with Intune

What's new in 2022

2022
Marc Nahum - Microsoft
Come join Marc Nahum for an update on what is new in macOS management with Intune.

Munki, Ventura, and You

2022
Greg Neagle - Walt Disney Animation Studios
Greg will introduce Munki 6, a major new release of the popular software management tool, due this fall. Among other things, Munki 6 can now help you upgrade macOS on Macs with Apple silicon. Greg will also talk about some of the changes in the upcoming macOS Ventura that you may need to pay attention to, and how those will affect Munki, and you!

Unearth the Secrets of

Secure Token, Bootstrap Token,
and Volume Ownership

2022
Arek Dreyer - Kandji
I’ll never forget the time I couldn’t click “Turn On Filevault” on a freshly-restored test Mac. Ironically it was because I was trying to save time with a clever trick. Spoiler alert: I was foiled by Secure Token.

You don’t often need to think about Secure Token, Bootstrap Token, and volume ownership. But they can have a huge impact on the choices you make for onboarding as well as other workflows. In this session you’ll get the context and details you need to confidently evaluate workflows and changes your organization is contemplating.

This session uses the Apple Platform Security Guide and the Apple File System Reference as a foundation. Understand why Secure Token was introduced way back in macOS 10.13; why the Bootstrap Token feature was introduced to help with deployments that don’t use the traditional unmanaged consumer Setup Assistant workflow; and how the concept of volume ownership comes into play when the person at the keyboard is not an administrator user.

Consumers never have to worry about these concepts. Let’s make sure your users never have to worry about them, either.

Top 5 Ways to Improve

Your Apple End User Experience in AAD/M365

2022
Michael Epping - Microsoft
Grace Picking - Microsoft
Many organizations that use macOS also use Azure AD and M365. There are multiple integration points between Azure AD and Apple devices, and many organizations struggle with understanding the differences in these integrations and the related best practices. We'll discuss how these pieces work deep down and some best practices for deploying them.

Attendees will learn how to improve security and the user experience in environments where their Apple devices are being integrated with Azure AD Conditional Access, how to provide SSO to M365 resources, and how to leverage the latest macOS features to integrate with the Azure AD identity platform as much as possible. We are from the Microsoft identity product group responsible for Active Directory and Azure Active Directory.

This will be a technical session that focuses not only on what can be done to improve user experience and security, but how the underlying Microsoft and Apple technologies can work better together.

Kandji

2022
- Kandji
Powerful device management and security tools IT teams need and the elegant Apple experience users expect.

A Deployment

in the Lonesome October

2022
W. Andrew Robinson - Opn Co. Ltd
Facing global shortages of hardware and still needing to deploy work environments to new joiners with certain, specific special needs in business, what is a Mac admin to do? A cautionary tale.

Compliance ✅

2022
Henry Stamerjohann - Zentral Pro Services
What about proof of a compliant state - where's the benefit for Macadmins? In this session, we'll start with orientation, exploration, and end with a bit of practice, looking at how setting up compliance controls and auditing them can become a domain of interest. Along the way, we'll take a quick look at security frameworks and pick up some techniques and tools you can use to support your organization-wide processes and procedures.

The Achilles Heel
of Endpoint Security

2022
Csaba Fitzl - Offensive Security
macOS introduced the EndpointSecurity framework in macOS Catalina to provide a generic security framework for third party applications. All EndpointSecurity client requires the user the provide Full Disk Access rights. If this permission is not granted, the client can't register and operate. While this is a preventive control for installing such software, it turns out to be the "Achilles heel" of the entire concept. Once this permission is revoked, the client becomes non functional, and thus trivial to disarm. To reset FDA permissions we can use tccutil. Originally it could be used to reset ES client permissions without any control, which was an issue.

In this talk I will show the evolution of tccutil, how and what kind of mitigations Apple added to the utility after my report and then how I bypassed it in various ways. Apple then went on and redesigned the whole control embedded in the tool, which I will also discuss. Although it seems to be ok now it is still vulnerable under certain conditions. At the end I will also briefly talk about the untold power of "Full Disk Access", and how it becomes (in my opinion) a single point of failure control in the operating system.