MacOS Deployment - Switching from DeployStudio

RobertWPS
Conversationalist

MacOS Deployment - Switching from DeployStudio

Has anyone used Meraki for MacOS "imaging" and deployment?

 

We used DeployStudio but with the new APFS file system on High Sierra, it has taken the Monolith approach to imaging and deployment away without jumping through a few hoops.

 

Does Meraki do an out of the box DEP deployment like JAMF advertises?


Thanks

15 REPLIES 15
MRCUR
Kind of a big deal

I think you will find Meraki SM to be rather limited when it comes to macOS management. There are not many pieces that SM can handle for Macs and I've not found anyone who has pulled off a "touchless" DEP Mac deployment with SM as others have for Jamf/AirWatch. 

MRCUR | CMNO #12
jared_f
Kind of a big deal

@RobertWPS Meraki SM is getting some great updates to Mac management and I think you are going to be surprised. DEP enrollment with Meraki SM is fully capable and I am (and a few others here) using the beta software for deploying the agent via DEP and the improved software management. This new feature I am using in beta has been great with software deployment. 

 

What exactly are you deploying? If it is a lot of packages and DMGs, this new feature really improves that and the great thing is that when the device falls in and out of scope of the software the packages remove. Also, as evident with Apple stripping down OSX Server to just profiler manager now, Apple is switching/pushing profiles for management now. 

 

We are using Jump Cloud for our LDAP management and this allows me to schedule scripts and other management tools when Meraki comes short (and I am sure will be improved soon).

 

I am not sure if you are in the beta program if not, I am sure @Melissa can help you out if you would like to become apart of it!

 

While Meraki is not equal in Mac management to Jamf. It is clear that they have some competition coming to me because their iOS management is almost near equal to Jamf.

 

 

Find this helpful? Click the kudos button. Thanks!
MRCUR
Kind of a big deal

@jared_f That definitely sounds like quite the update to macOS management with SM. If there's a beta, I'd love to try it out @Melissa!

MRCUR | CMNO #12

Personally I don't think SM it quite ready for Deployment of Macs, it's close but as far as configuring the machine for full use it can't do it.

 

Before a user even touches the machine we make a bunch of configuration changes most of which are pre set as part of the image which is installed via deploy studio. If we relied in the OS that shipped with the machine and SM there would be a lot of manual configuration to be done.

 

User accounts, LDAP integration, Adobe CC install and registration. Database launchers and other various shortcuts and files added to the users desktop.

 

@BlakeRichardson I use Composer created by Jamf to do most of this. It lets me compile everything I need to do into a .pkg and I push with Meraki.

Find this helpful? Click the kudos button. Thanks!
Melissa
Meraki Alumni (Retired)
Meraki Alumni (Retired)

@MRCUR I would love to include you in the beta! Can you please send me a private message with your contact details to go forward?

Melissa
Meraki Alumni (Retired)
Meraki Alumni (Retired)

In case it's helpful, SM now has a Self Service Portal that may come in handy when setting up macOS devices. You can use this to create a bank of app store apps, non-app store apps, or scripts (any packages) for users to download on their own! 

 

More here - https://documentation.meraki.com/SM/Other_Topics/Systems_Manager_Self-Service_Portal

jared_f
Kind of a big deal

@Melissa Thank you for adding this. I totally forgot about the Self Service portal and that is was capable of installing packages on a Mac. I am going to add it to our users docks today.

Find this helpful? Click the kudos button. Thanks!
jared_f
Kind of a big deal

@Melissa So I uploaded a .pkg to Meraki and scoped it out to my Macbook. I also disabled the auto-install option. I went to the Self Service portal and went to the app section of my device and I cannot trigger the install of that software. Maybe I am mis-understanding what Self Service can do. I am trying to move away from pushing loads of software to our users to more of this get what you need. This will also be great for printers so I don't have to install 5 printers!

 

Thanks!

Jared

Find this helpful? Click the kudos button. Thanks!

@MelissaI would love to be apart of this as well. I tried to send you a PM but it appears that option is absent on your profile.

RobertWPS
Conversationalist

@jared_f thanks for the reply.

 

Pretty much just looking to do a deployment process including an IT dept management account for ARD, pre-load printers, turn off sharing, pre load software (browsers etc).  We are a Google school so very minimal configuration, but still don't want to just hand them over out of the box without at least some TLC.

 

I certainly welcome the change in philosophy of using DEP + MDM instead of the manual process of deploystudio.

 

We have a webex set up with JAMF to get a better idea of their solution.  Have been VERY pleased with Meraki's SM for our iPads though for sure and want to stay brand loyal since they've worked well with us.

jared_f
Kind of a big deal

@RobertWPS That seems like something the SM beta program can accomplish. I have scripts for creating management accounts and I have seen other printer scripts out there. As long as you can download those .pkg / .dmg files and upload them to Meraki deployment of software should not be a hassle. I will post some of them tonight.

 

The thing I liked about Jamf was their Self Service program. I had a few reasons for not proceeding, but I think you guys should pick an option that best suits you. As a side note about ARD, with the agent not being deployed via DEP you can remote into machines from the dashboard. 

 

Jared

Find this helpful? Click the kudos button. Thanks!
sshort
Building a reputation

@RobertWPS @jared_fThis is a good thread, just chiming in with my current setup and what my team is moving towards. As mentioned earlier, Apple is deprecating NetInstall in the macOS Server app which I've used for years to get a "base image" on a Mac.

 

Current setup: Use System Image Utility in macOS Server and import a standard App Store macOS installer to create a NetInstall image. I don't join to a domain or anything fancy, but I do include a .pkg installer for Munki.

 

-Our Macs are enrolled in DEP, so Meraki pushes an enrollment profile to the Mac when we run through the Mac Setup Assistant. When we reach the desktop various profiles are pushed to the Mac based on tags.

 

-We open Managed Software Center (Munki) to install our remaining .pkgs and installers (including the Systems Manager agent)

 

Future setup: We just enrolled in the SM agent beta previously mentioned in this thread, the goal being to eliminate Munki for our other configuration .pkgs and app installs and just utilize Meraki. Due to Apple eliminating NetInstall in the near future you can create "one last" clean NetInstall image using the macOS 10.13.3 installer from the App Store. That should work in the foreseeable future, but will become burdensome as subsequent updates roll out and you end up "manually" updating each Mac during setup. Apple might have a fully fleshed out solution in the future, but for now I envision it will be like the iMac Pro where any re-images are based on an active internet connection and the recovery partition erasing the existing volume.

jared_f
Kind of a big deal

Hi All,

 

I have been moving a lot of packages and scoping them with auto-installed disabled so our users can use their LDAP credentials and download what they want. One issue we had was if we scoped it with any auto tags the installer would not appear in the SSP. This is in regards to the beta.

 

Thanks to @Melissa for helping me out on this!

 

Jared

Find this helpful? Click the kudos button. Thanks!

Hi all,

 

Any big updates on macOS deployment since a year ago? We have been enrolling some new mac devices in DEP, but every time I try to push settings through Meraki DEP, I get no results on the macOS device. I'm new to the MDM world, but what am I missing? This documentation article/video is a great walk-through for iOS devices, but it seems completely ineffective for macOS. Am I missing something, or should the process be essentially the same?

 

My ideal main objectives are:

  1. Skip/restrict parts of the initial setup process in Apple Setup Assistant
  2. Create local admin account
  3. Push/install Meraki Profiles & Agent
  4. Push/Install our 3rd party IT agent & antivirus
  5. Install/configure multiple network & printer settings
  6. (Everything would be the same/global until this point) Create local user account - specific to user

Not sure if these are things I'd need the beta software for or what, but any help or guidance would be appreciated!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels