Highlights
- ADE Support / TruU Login Window
- Configuration Profile Support
- Augmented Computer Data
Enhancements
ADE Support / TruU Login Window
-
We are pleased to announce support for Apple’s Automated Device Enrollment (“ADE”, fka Device Enrollment Program, or DEP). With ADE support, the Admin can enable Apple Business Manager to work with their MDM (e.g., Jamf Pro) to enable end users to self-enroll a new Mac without support from IT. With this process, the MDM creates an Admin account and enables TruU to:
- Enable FileVault
- Or allow the MDM to enable FileVault / escrow FileVault keys
- Create local accounts
- Use the TruU login window instead of the native macOS login window. The TruU login window enables users to login to their account, switch accounts, and add user accounts (through TruU).
- Enable FileVault
- NOTES:
- TruU fully supports ADE for Jamf Pro. If you are using Microsoft Intune, Intune does not support PreStage enrollment which is needed to customize the Setup Assistant to create a seamless experience for creating user accounts.
- The TruU login window can be enabled for non-ADE deployments by modifying the config file used with the Mac Authenticator.
Configuration Profile Support
- With this release, the Mac Authenticator can get its configuration from a configuration profile distributed by an MDM instead of a config file. Provisioning TruU through a configuration profile is a requirement for ADE. An added benefit of supporting through a configuration profile is that the profile cannot be edited by a user on the computer. On a related note, since the release of Platform v24.157 on May 27th, the config file can be downloaded from the Admin Console as either a json or a plist.
Augmented Computer Data
-
With this release, the Mac Authenticator collects additional hardware data and shares that information with the platform during enrollment and subsequent “heartbeats”. This enriches the context of event data, and the computers drill-down information available in the Admin Console. The enriched data includes:
- MAC Address
- IP Address
- Manufacturer
- Model
- Serial Number
- Processor, and
- BIOS Version (for macOS we present the EFI as the BIOS)
Bug Fixes
- We have fixed an issue where the Mac Authenticator would freeze for a few seconds after clicking the icon in the menu bar.
Known Issues
| Ticket Number | Component | Summary |
|---|---|---|
| WA-18880 | Enrollment | When using Automated Device Enrollment on a slow/poor network, the PreStage Enrollment may fail to download causing the Mac to use the default Apple provisioning process. If this happens, the user will not be able to login to the computer. |
| WA-19094 | PIN Reset | After changing PIN, the screen may flicker between a message to Enter PIN/Enter Password for a few seconds. |
| WA-19268 | Configuration | When MDM policy is used to set up FileVault the user may enter a login loop, where the user is repeatedly asked to login to the computer. To avoid this, enable FileVault through the MDM by using a configuration profile instead of a policy. |
| WA-20065 | Configuration | When configuring a Mac through ADE, the user is not prompted to setup Touch ID through the setup assistant. Users can manually setup Touch ID once logged in to the Mac. |
| WA-19011 | Login | When restarting and moving from the FileVault login screen to the TruU screen a black screen appears momentarily. |
| WA-18875 | Misc. | After an OS upgrade, the user may see a “Smartcard initialization error” on the lock screen. If this happens, restart the computer to resolve the issue. |
MA 24.3 Release Notes MA 24.2.1 Release Notes