Jamf 100
5 steps for Device Enrollment Program (automated enrollment)
1) Connect MDM with Device Enrollment 2) During activation device checks with Device Enrollment 3) Auto MDM enrollment returns enrollment details 4) Device enrolls with your MDM server 5) Config tasks begin automatically
How many data partitions does the iOS file system utilize? What are they?
2 User / OS
Which model(s) of Apple TV support the App Store?
4th & 5th Generation
What is a computer group?
A manually created group of computers
What happens when a "Lock Computer" command is issued?
A pin is set and is applied at the Firmware level
How are configuration profiles deployed?
APN's
What are the 4 types of Jamf user accounts?
Administrator: R/W/D Auditor: read only Enrollment: can only enroll devices Custom: granular management
If a configuration profile is scoped to all computers excluding the Germany building, which computers will receive the profile?
All computers except Germany group
Why are property list files an important concept for IT administrators?
Allows administration to control user experience, gain insight into user preference based on the plist of the given APP
What are the three main components of Jamf Pro?
Apache Tomcat, Java, MySQL
Where can apps be deployed from?
App Store, Volume Store (formally VPP), or In-House Apps
Which service allows organizations to purchase applications in volume?
Apple Business Manager (Volume Store)
Which service allows organizations to purchase applications in volume?
Apple Business Manager / Volume Store
Which macOS applications can be used to update an Apple TV?
Apple Configurator 2
What does integrating with GSX allow organizations to accomplish?
Apple Global Service Exchange service and repair management (track warranty and purchase info)
What does Jamf Pro require in order to establish trusted communication to Apple's Push Notification service?
Apple ID
What is required to update a 4th generation Apple TV?
Apple ID
Which Apple service is required for remote commands?
Apple Push Notifications Service (APNs)
Besides Jamf Pro, which additional service is required to issue remote commands?
Apple Push Notifications Services (APN's)
Which service allows organizations to create Managed Apple IDs?
Apple School Manager
Jamf Pro supports MDM for Apple TVs running which OS?
Apple TV Software 7 or later, or tvOS 9 or later.
Where is the Terminal app located in macOS?
Application / Utilities
Name the 4 default base directories in the Macintosh HD partition:
Applications, Library, System, Users
Which privilege set grants Jamf Pro users read-only access?
Auditor
Which privilege set would provide a user read-only access to Jamf Pro?
Auditor
Why create a script
Automation
Why are static groups beneficial
Because you can create a group and add computers from other groups to receive similar tasks.
The result of an inventory search can be exported into what three formats?
CSV, XML, TXT
Where could a Jamf Pro server be located?
Cloud (company.jamfcloud.com) or On Prem (company.com:8443)
Which attributes can be used to search for a computer in Jamf Pro inventory
Computer name, serial, department, building
Where can Mac App Store apps be configured for deployment through Jamf Pro?
Computers / Mac App Store
Which configuration profile is unique to tvOS?
Conference Room Display
What is the function of Scope?
Control which computer receive what management
Which privilege set would enable enrolling mobile devices, but not computers?
Custom
Why might an organization enroll mobile devices using User-Initiated Enrollment rather than, or in conjunction with, automated MDM enrollment?
DEP is not available in all countries, Deployed previously without management, or for personally owned devices
Which page allows monitoring the status of commonly viewed items in Jamf Pro?
Dashboard
Name the 2 types of enrollment:
Device Enrollment Program, User initiated
Where can Conference Room Display be configured in Jamf Pro?
Devices/ configuration profiles / conference room display
What do configuration profiles allow IT administrators to accomplish?
Enforce passcode parameters, network configurations, restrictions
Which privilege set would an IT administrator use for an individual who needs to enroll only computers, but not mobile devices?
Enrollment
What are three methods to allow users to enroll their mobile device with Jamf Pro?
Enrollment portal, via email with custom URL, SMS (text)
Name the previous and current disk format
Extended Journaled 10.12 and earlier APFS (apple file system) Mac OS 10.13 and higher
How can content be added to the Dock?
Finder, applications, drag down to doc.
What configuration is required during the macOS Setup Assistant to complete activation?
First Local Account (given admin automatically)
How are static device groups beneficial?
Fixed group that must be updated manually
Which type of partition map (scheme or partition table) does Mac OS (and most OS for that matter) use?
GUID (GPT)
How can a Jamf Pro user update a computer's asset tag in the inventory?
General / Edit
How can a mobile device name be changed through an inventory record?
General / Edit
When integrated with Jamf Pro, which service can display warranty expiration for enrolled computers?
Global Service Exchange (GSX)
How do devices communicate with Jamf Pro?
Initiated by Jamf Pro (JP) JP issues Push Notification, mobile devices retrieve, then refer back to JP to complete task
What are the three components of MDM?
Jamf Pro Server, APN's, iOS Devices
Besides enrollment completed as part of the PreStage Enrollment, what additional configuration options are possible?
LDAP authentication and bind, block removal of MDM profile, enforce local user account security
Limitations
Limitations reduce the initial target of computers based specific users, network segments
When an app is deleted, what happens to its data?
Local Data deleted, data backed up to iCloud or server saved
Name the 4 default volumes on APFS:
Macintosh HD- sys boot volume Preboot- hidden containing info to boot each sys volume Recovery- hidden, includes utilities for troubleshooting VM- virtual memory volume created when High Sierra and later start up
Which additional features are available through a PreStage Enrollment in tvOS?
Make MDM mandatory, Auto advance through tvOS setup, Skip tvOS setup Assistant
What is a managed app?
Managed Apps allow IT administrators to automate the removal of apps on devices that become unmanaged, prevent the backup of app data, and force apps to update from Jamf Pro.
What happens if an exclusion is added to the scope of a configuration profile without a target?
No effect on any computers
What is the earliest version of macOS to support MDM?
OS 10.7
Exclusions
Omit specific targeted computers, computer groups, buildings, departments, users, network segments
What is an Exclusion?
Omit specific targeted computers, computer groups, buildings, network segments
What are the 4 System preferences categories plus the 5th bonus one?
Personal Hardware Network System 3rd party software (appears once 3rd party apps are installed)
What can Spotlight be used for?
Quickly search for files, apps, and content
What are the five Jamf Pro apps?
RECON: computer enrollment ADMIN: manage scripts, packages, dock items COMPOSER: package building to deliver software and profiles IMAGING: imaging and provisioning computers REMOTE: issue remote management tasks
What are three ways macOS can be installed on a Mac?
Recovery Partition, Internet Recovery, Mac App Store
What is a Limitation?
Reduce the initial target of computers
Why should configuration profiles be separated based on functionality?
Reduces complexity when configuring scope and troubleshooting issues
What is the purpose of scope within Jamf Pro?
Scope is the users, computer, mobile devices that receive remote management tasks (apps, configuration profiles, etc)
What else needs to be configured after adding an App to Self Service?
Scope still needs to be configured correctly to deploy apps
Where is Jailbreak Detection located?
Security
Why would an organization decide to use a PreStage Enrollment?
Security, Authentication, setup simplification
Where is hardware, storage, and naming information located on an iOS device?
Settings / General / about
Where are network connections configured on a mobile device?
Settings / Wi Fi
What does Conference Room Display accomplish?
Similar to SAM, CRD allows easy screen sharing via AirPlay, prevents the modifying of settings
what are the 2 types of groups?
Smart group / static group
How can mobile devices be updated to the latest iOS version through a remote command?
Static device group, action, send remote command, select Update iOS
Where would users change their local user account password within OS X?
System Preferences / Users & Groups / Change Password
Which app can be used to navigate tvOS with an iOS device?
The Remote App
How do property list files impact the user experience?
The control and save user preference allowing users to create their own specific experience.
Targets
The initial pool of computers based on all computers, specific computers, computer groups, buildings, departments, users, or user groups
What is the role of the macOS Recovery and which utilities are found there?
To Re-Install OS X Network Utility Terminal Disk Utility
Why would an administrator use Apple Configurator 2 to enroll an Apple TV?
To enroll devices that are not part of or supported by MDM automated enrollment.
Which partition stores user data in iOS?
User Partition
Which directory contains system resources for macOS?
Utilities
What can be accomplished using remote commands?
Wipe Device, Update inventory, restart device
Where does an IT administrator change the attribute fields displayed in a mobile device search?
account preference (per user setting)
What is an Apple ID?
account used to manage and download content purchased from the App Store
If a configuration profile was scoped to target All Mobile Devices with an exclusion for the Sydney building, which device(s) would be impacted?
all devices would receive the configuration except Sydney
How do the 5 (RACIR) apps help IT administrators?
allow IT admins to manage and support devices
Why should configuration profiles be separated based on functionality?
because profiles can effect one another whether intended to or not. This will also help with troubleshooting
How are configuration profiles deployed?
by leveraging APNs and MDM
Where can Processor Speed be located in an inventory record?
computer / hardware
How does enrolling a computer differ from enrolling a mobile device using User-Initiated Enrollment?
computers receive additional software, Binary and management account
What is the function of the iOS Control Center and how is it accessed?
depending on model swiping top left or swiping up from bottom
Which attributes can be used to search for a mobile device in the Jamf Pro inventory?
device name, serial number, building, deparment
Why might one create an additional partition on a disk? Which application can accomplish this?
duel boot Disk Utility
During which step of the iOS Setup Assistant does a mobile device communicate with automated MDM enrollment?
during activation
During which step of macOS Setup Assistant do computers communicate with automated MDM enrollment?
during activation process
How can a script be easily run within the Terminal app?
enter sh into the prompt then drag the script into the terminal window
Where is iOS version located in a device's inventory record?
general
Why are user accounts with custom privileges useful?
giving granular / specific privileges
What is a device group?
groups of devices to be used as targets
Where can S.M.A.R.T. Status be located in an inventory record?
management / computer groups
What do configuration profiles allow IT administrators to accomplish?
management of devices
Scope
must be defined to install configuration profiles through APNs
Which two User-Initiated Enrollment methods allow users to access the enrollment portal?
navigate to a predefined URL Receive an email link
How do computers communicate with Jamf Pro?
on the computer the Jamf Binary uses APNs to communicate with Jamf
How can APNs help IT administrators?
perform management tasks on MDM capable devices
What does the .plist file extension stand for and how are they used by macOS?
preference file it is an XML file in binary and holds the user specific preferences for an app
Where can Shared iPad be enabled in Jamf Pro?
prestage enrollment
Define Enrollment regarding Jamf Pro
process of adding device to Jamf Pro for management enrollment creates an inventory record in the JP data base
What are three specific examples of MDM functionality for computers?
remote command, profiles, and configurations including app installs
Where can Auto-Correction and Predictive keyboard be configured in Settings?
settings / general / keyboard
Where is a notification for available operating system updates located on an iOS device?
settings / general / software update
How does automated MDM enrollment help organizations?
simplify content deployment and management
What are the 3 things that are used to configure Scope?
targets, limitations, exclusions
What is a Target?
the initial pool of computers all computers, specific computers, groups, buildings, departments, users, user groups
What happens if no scope is defined for a management task in Jamf Pro?
then the configuration will not be sent to any devices
Which version of tvOS is required for automated MDM enrollment?
tvOS 10.2
List three specific examples of MDM functionality for mobile devices.
wirelessly configure, update and deploy content
