When you suddenly go from a mostly on-campus support model to fully remote for months at a time, you need to adapt. In this post, we’ll learn briefly about Hamilton College’s workflow history and what they did to make the switch to zero-touch. We’ll also discuss the steps and tools used to make a zero-touch enrollment from a system configured to work on campus.
A little history
Before making the transition from hands-on deployment Desktop Systems Administrator, Adam Wickert, had particular goals in mind for what he’d like this move to achieve. For instance, he wanted to use prestage enrollment, along with DEPNotify and NoMAD. He also wanted to ensure that he could ship a device to the end user and have them be able to log in and complete the setup process.
Even though the goals were clear, the workflows at Hamilton College had been changing over the last few years. Four years ago, they were using Deploy Studio before switching over to Jamf Imaging a year later. Then last year, they switched to Apple’s Automated Device Enrollment (or Device Enrollment Program, DEP) before finally taking the final step to Zero-Touch Deployment. Because they had previously started with package installations and weren’t strangers to the Jamf platform, it became easier to migrate away from a hands-on experience in the end.
Imaging or automatic enrollment?
Imaging shares many of the basic goals of auto enrollment, such as preparing devices, installing necessary software in a uniform way, and continuing to ensure devices are managed and sending information back to IT. However, doing things ‘the old way’ in terms of imaging isn’t a viable way to run things now. With T2-equipped Mac devices, the need for firmware updates and macOS security changes, standard imaging no longer works as it should. And if those hurdles weren’t enough, now with an entirely remote workforce imaging was simply out of the question.
On the other hand, with Automated Device Enrollment you can cut down the sheer number of workflows needed while creating an effective, streamlined experience. But why do we need Automated Device Enrollment? Here were some of Wickert’s main takeaways:
- Devices are automatically assigned to a mobile device management (MDM) solution during setup assistant
- MDM then takes over and installs required profiles while allowing other installs.
- Automatically allows UAKEL and UAMDM approval – this cuts down on the number of clicks from the user needed to get everything successfully set up.
- And arguably most importantly, devices can be configured regardless of location and without the need to physically touch them.
We’re remote! What do we need?
When Hamilton College got the call to flip everything to a remote environment due to the COVID-19 pandemic, they needed to assess their needs. Although the college was already a Jamf customer, they had yet to migrate to the cloud distribution service. These were the main needs Wickert identified right away:
- JSS needed to be available off campus
- Cloud-accessible package repository was lacking
- Self-service installers needed (with remote software a must)
- Secondary options required for when something goes wrong
After ascertaining the specific needs of Hamilton College, Wickert was able to then establish the steps necessary to create a successful enrollment workflow with the devices and resources at his fingertips. It’s important to still go through a checklist of steps when setting up a workflow (even if you believe you’re set to go) because in some cases you may not be fully prepared. Wickert outlined the following steps in Hamilton College’s transition to help illustrate.
Step 1: Check and confirm current state of Jamf policies, profiles, packages, groups etc.
Step 2: Sign up for Apple School Manager (ASM) or Apple Business Manager (ABM)
Step 3: Obtain customer number for Apple orders
Step 4: Connect ASM or ABM with Jamf Pro
Step 5: Set Auto Assign to your Jamf Pro instance
Step 6: Add existing inventory into Jamf (and remove any devices that have been disposed of)
Step 7: Create settings to add new inventory to Jamf automatically
Tools, scripts and more
But what are the details of prestage enrollment and how do you go about deployment? Adam Wickert goes into detail explaining the tools and processes of making Zero-Touch Deployment a reality in this JNUC 2020 virtual session.
Want to learn more? Register here to get access to the on-demand recording of this session and start making your move to seamless deployment.