Tag Archives: MDM

Munki makes MDM manageable

Posted on by
Reply

How to deploy applications using munki and simplemdm

You want to deploy apps to Macs but you also want to keep them up to date, fear not, we have a way. If you are using SimpleMDM for Mac management but hate the way MDMs deploy applications then listen up it’s easy(*) to set up Munki and use the power Autopkg to deploy and update all your apps. Note: SimpleMDM also offers a short list of curated apps to deploy without any extra setup but these instructions are for those who want to choose the apps they want to deploy. If that’s you then read on.

Managed Software Centre is the AppStore for all your apps you want your Macs to have

SimpleMDM: The basics

Macs are enrolled into SimpleMDM, then assigned to Groups. Groups have profiles assigned to them to enforce and escrow FileVault or set other policies. Simple enough, right?

Ok, what about apps?

SimpleMDM Category setting for a Munki’s Managed Software Centre

When you have apps in your Catalog you can assign a Munki category to the applications to make it show up in a nice group using Managed Software Centre (the client facing app).

With Apps in your Catalog you can manage them with Assignment Groups which are created as Munki (or not-Munki aka Standard). Next select Managed or Self-Serve, two concepts which make sense to Munki admins. One set of apps is required and will be installed without asking, and the other group is presented to the end user to choose as needed (they’re optional).

API key options. Allow Munki plugin access

API key

How do we get applications we want into SimpleMDM? Two ways exist. Import them manually and deploy via MDM or setup up Autopkg. For this we need the API key. Note: Only the munki plugin permissions are needed. Put the key into the Autopkgr.app SimpleMDM integration or set them as an environment variable and use autopkg in Terminal.

Autopkgr app choose autopkg recipes to use

Select recipes using Autopkgr (Linde Group) from the curated list of recipes created by IT Admins around the world or create your own recipes. What used to be a painstakingly difficult process by hand is now much easier with Recipe Robot by Elliot Jordan to help fish out the AppCast / Sparkle / Download URLs and transform into a nice autopkg recipe to be used by Munki (and ingested into SimpleMDM). 

autopkg run -v Postlab.munki.recipe  -k MUNKI_REPO_PLUGIN="SimpleMDMRepo" -k MUNKI_REPO="" -k extract_icon=True
MunkiImporter
Using API key provided by environment variable.
MunkiImporter: Using repo lib: MunkiLib
MunkiImporter:         plugin: SimpleMDMRepo
Managed Software Centre notification

Managed Software Centre

Once Macs are enrolled and added to a SimpleMDM Group with the Munki assignment then the Managed Software Centre app will allow users to use the Self-Serve portal to install optional apps. Managed apps will install invisibly in the background.

The beauty of this integration is that Munki is awesome and works well. It is battle tested by many companies and organizations around the world. Using autopkg and its recipes to check for updates allows for a seamless automation of new apps into your catalog and then onto your fleet. Updated Macs are happy Macs.

Reference:

SimpleMDM Munki integration blog post

Device Enrolment Program

Posted on by
Reply

Apple’s DEP allows you to have new Macs (and old) quick added to your MDM. Signing up for the Device Enrolment Program allow you to use Mobile Device Management with your Macs  and iOS devices.

You’ll need an email address that is not associated with an Apple ID and you’ll need your DUNS number among other things.

Program requirements are spelled out in the help documents.

You’ll need your DUNS number. Don’t know it? Look it up!

Basic intro to DEP for Business