Skip to content

Endpoint Management Meeting – September 16, 2021

By: John Straffin

The recording of the September 16 Endpoint Management Meeting is now available.

Items of note:

  • Patch Patch Patch! (Google Chrome, Adobe, Windows zero-days.)
  • Windows 11 coming soon. Please test thoroughly before attempting to deploy to production machines. Enterprise ISOs may not be available on the release date.
  • Windows 11 and Windows 10 21H2 are two *different* OSes, with Windows 10 being supported alongside Windows 11 until at least 2025.
  • Testing ConfigMgr 2107, will likely update Production within the next few weeks.
  • Jamf Pro
    • Jamf released 10.32.1, likely to update in the next week or two.
    • The connection between Apple GSX and Jamf Pro has been re-established, with device warranty information being updated.
    • Disabling QuickAdd on Jamf Pro due to issues with device supervision and profile installation.
    • Over 300 macOS devices are not properly managed in Jamf Pro, likely due to using QuickAdd packages incorrectly. These devices need be corrected ASAP.
    • MANY IT Admin NetIDs currently used as User for devices in Jamf Pro. OITDE will be blanking the User value in Jamf Pro for any User with more than 5 devices. (For shared devices, a blank User is better than a generic/shared account.)
  • BigFix can now run PowerShell scripts natively in Actions.
  • “Reboot scripts” for macOS and Windows are still in development, should have something available for local testing soon.
  • End-of-Life operating systems: Windows 10 2004, macOS 10.14, and CentOS 8 (non-“Stream”) all go out of support by the end December, possibly earlier (in the case of macOS). Upgrade now and avoid the hassle later! For Windows, as always, we recommend sticking to the “Fall/H2” releases which have
  • UPDATE: Zoom update to at least 5.7.5 has been pushed off from September 21 until October 5.
  • CrowdStrike
    • CrowdStrike versions earlier than 6.18 will lose the ability to connect to CrowdStrike servers on October 19, 2021. If you have computers that are not auto-updating to the latest approved versions (currently 6.28), please contact OITDE for assistance as soon as possible.
    • ITSO policies have been updated to explicitly require CrowdStrike (versus a generic “anti-virus software”) and Planisphere will soon start to enforce this requirement in the same way it enforces endpoint management (warnings for 16 days, the quarantine).
    • Reminder: CrowdStrike is currently a required deployment on all Duke University endpoint management tools. OITDE is monitoring the state of these deployments but, if you find supported devices that do not have CrowdStrike installed, please let us know.
    • Note: CrowdStrike is required on servers as well.
    • As CrowdStrike is deployed to all Duke University computers centrally, in order to eliminate confusion and competition, OITDE will be deleting department-specific CrowdStrike assets in Jamf Pro, BigFix, and ConfigMgr by the end of September.
    • Adding to the issue, CrowdStrike deployments to macOS have gotten more interesting, with different profiles required for macOS 14/15, macOS 11 (Intel), and macOS 11 (M1).
  • Group Policy for Windows Hello available to allow for use of Duke Unlock.
  • UNC is also now using Duke’s (open-sourced) code for WebAuthN (the tech behind Duke Unlock) and are making great strides in adoption. If we’re going to stay ahead of them, we need to get more folks using Duke Unlock!
  • New automated system for Adobe Creative Cloud renewals coming in the next week or two so, if you (and your users) can wait to request renewals until that system is available, that’d be great…
Categories: EMM