Welcome to my blog
Join me on my journey as I share my insights and experiences on all things Apple, Business and Entrepreneurship!
Join me on my journey as I share my insights and experiences on all things Apple, Business and Entrepreneurship!
If you're trying to streamline macOS deployments in JAMF, there’s always that moment where you realize: the built-in experience gets you *close*, but not all the way there.
Local LLMs have rapidly evolved beyond text and are now capable of producing high-quality images directly on-device. For users running Apple Silicon machines—especially M-series Mac Studios and MacBook Pros—this represents a major shift in what’s possible without relying on cloud services. Just a few years ago, image generation required powerful remote GPUs, subscriptions, and long processing times. Today, thanks to optimized models and Apple’s Metal acceleration, you can generate and edit images locally with impressive speed and quality. The result is a workflow that is faster, private, and entirely under...
As a Mac admin, I'm always on the lookout for tools that make my life easier and more efficient. Recently, I stumbled upon Pique - a brilliant Quick Look plugin created by Henry Stamerjohann that allows you to view file contents in a syntax highlighted way.
Recently, after some bad experiences with OpenAI's ChatGPT and CODEX, I decided to look into and learn more about running local AI models. On its face it was intimidating, but I had seen a lot of people in the MacAdmins community posting examples of macOS setups, which really helped lower the bar for me both in terms of approachability and just making me more aware of the local AI community that exists out there today.
A few days ago I released a review of QuickPKG, a tool I love and use almost daily. What I really love about packaging and QuickPKG is that no matter what Mobile Device Management (MDM) solution I'm working with at any given moment, it provides a universal way to create a quick package to import into JAMF, Mosyle, or any MDM. This consistency is particularly valuable when switching between projects or environments, as the process remains the same regardless of the specific MDM being used.
I use QuickPKG when I need to turn an application, DMG, or ZIP file into a package quickly without wasting time in a heavier packaging workflow. This post follows the same path as my video: what QuickPKG is, where to get it, how I run it, what a simple packaging example looks like, and where I think admins need to be careful about potential pitfalls that can arise from using this tool.
As promised I am continuing to look for ways to build out my JAMF Github Repo. One of the items that I have been working heavily with in my role is the macOS Compliance Project and as I am a JAMF administrator that means leveraging the JAMF Compliance Editor. The JAMF Compliance Editor gives you the ability to rapidly configure, tailor and deploy a custom baseline with the macOS Compliance Project.
If you are new to either the macOS Compliance Project or JAMF Compliance Editor, I would recommend watching and reading the following videos and blog posts on the topic. Familiarizing yourself with these resources will help ensure a smoother understanding of the project's requirements and functionality. This will also enable you to better navigate the tools and make informed decisions about your compliance setup.
As organizations continue to embrace Bring Your Own Device (BYOD) strategies, ensuring security without compromising user experience remains a challenge. This post outlines a minimum baseline for BYOD restrictions across iOS, Android, macOS, and Windows devices—providing a foundation for companies to secure personal devices while allowing employees the flexibility to work from their own hardware. While these recommendations represent best practices, they are not a one-size-fits-all solution. Each company has unique security needs, regulatory requirements, and risk tolerances, meaning these restrictions can be improved upon, debated, or modified to better...
Alright, so today we're going to be talking about the management of bring your own device BYOD for Android devices. There's a lot of information out there for the management of iOS devices and you can do that with pretty much any Apple MDM on the market. We just happen to use Jamf where I work, but you could use anything from Braavos to SimpleMDM to Kanji or JumpCloud. Mosyle is also a great option.
It really depends on your company's needs. For example, many companies need to hire 1099 contractors and in such a case they come with their own devices but not the correct security settings or enforcements. Remember BYOD is a security construct. The idea here is that you should be securing the company's sensitive data in all forms. This may involve implementing policies for contractor-owned devices, ensuring that all devices accessing company data meet minimum security standards, and regularly reviewing and updating these standards to stay ahead of emerging threats.
As I continue to build out my JAMF Github Repo, it was no surprise that JAMF Extensions are one of the key and fundamental elements and features that gives JAMF its edge as an MDM. Scoping is a crucial part of what makes an MDM effective, allowing for granular control over device management. The ability to group, report, and then scope to specific custom values is what sets it apart from other MDM solutions, providing a level of precision that's essential for large-scale deployments.
As I work on building out my JAMF Github Repo, I am constantly looking at sharing some of the configurations that have worked for me and saved me time and effort. Many of these came from the JAMF Library, but some I wrote specifically due to tools and workflows that I had to tackle in my very own ecosystem. In fact, a significant portion of these custom scripts were born out of necessity, addressing specific pain points or requirements that weren't covered by existing solutions.
Contributing to open-source projects on platforms like GitHub can significantly enhance your skills and expand your network. This article focuses on how to contribute to a GitHub repository, using the "Awesome Mac Admin Tools" repo as an example. Whether you're a seasoned developer or new to coding, you'll learn how to fork a repository, make modifications, and submit pull requests. The process is straightforward, but understanding the basics of Git and GitHub is essential for successful contributions.
For those who have worked with macOS for a while, the struggle of managing secure tokens on macOS is a very real one. Let's start off with the basics. What is a secure token? In essence, it's a small hardware device that stores sensitive information, such as passwords or encryption keys, in a secure environment.
Ok so now that we have Portainer up and running, it's running securely so now we are ready to set up SNIPE-IT. Here are the steps to add SNIPE via Portainer. The first step is logging into Portainer. Upon logging into Portainer you will click on "Local" under Environments. This is the default Environment. Next, navigate to the "Stacks" tab and select the option to create a new stack. In this case, we'll be creating a new stack for SNIPE-IT.
Here's the expanded paragraph: Ok so I've done a lot of research on reverse proxies and they are great at protecting your internal assets by hiding them from direct access, but there are some inherent security flaws that you have to live with if you want perfect security. Lets face it, there is no such thing as perfect security, but we can get pretty close. In fact, the more secure something is, the more complex and vulnerable it becomes in other ways.
At this stage, we are assuming that you are still connected to the Raspberry Pi via a monitor. If you're already SSH'd into the machine, then you're one step ahead. In either case, please ensure that you have a stable connection and can access the terminal or command line interface without any issues.
The first step in setting up SNIPE-IT is to set up the platform that it will run on. Luckily, the best platform and most economical option is a Raspberry Pi. We are using a Raspberry Pi 3 in this case. Before we get too far, we need to pick the operating system that the Raspberry Pi will use. This decision will determine how easily we can install and manage SNIPE-IT's dependencies and requirements.
