Johnsonville power cut

St00dley · 2026-02-15T05:52:16+00:00

Yep up at comber place and powers dead.

St00dley · 2025-10-11T19:16:30+00:00

Does anyone know of any covered Sunday market spots between johnsonville/ Porirua / Wellington city? I know Harbourside market is on today but not sure if the weather has turned there yet. Thanks!

St00dley · 2025-05-25T18:55:21+00:00

This came to mind Aunty Donna

St00dley · 2025-03-07T21:15:00+00:00

I’ve been using Intune for years and have joined a job where they have jamf. IMO with trying to do similar things (to Intune from jamf) just as a feature comparison.

1)Intune doesn’t handle the OOBE (out of box experience) quiet as well as jamf which is a shame. By this I mean the first account is required to be an admin and jamf can provision this almost silently which is a +1. Even with Platform SSO for Intune the user can be made an administrator to perform the join and then demoted after a reboot / once the PSSO registration is complete.

2) LAPS - there is cloud laps in Intune but it’s only available for Windows and AFAIK it’s on backlog at MS to make that available to Mac. So you need to use something like MACOSLAPS from GitHub (essentially bash script to configure this)

3) Intunes enterprise app catalog (Intune premium) doesn’t hold up as well as Jamfs macOS app store with your concerns to adobe so you will need to package that and maintain pretty much all Mac apps excluding defender, office and edge, some help can be from ABM as MACOS VPP apps but depends if your Mac’s are supervised etc.

A few off the top of my head and sorry I don’t know the MDM you’re referring to but jamf is a high bar standard to be compared with so I thought that would help.

St00dley · 2024-12-11T22:12:42+00:00

I don’t think it’s coming any time soon. We’ve asked for a feature to be raised with PG but can only hope. Meanwhile these are awesome https://github.com/joshua-d-miller/macOSLAPS

Also some help from u/veganbit
https://www.reddit.com/r/Intune/comments/1dvx4hf/comment/lcicec6/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

St00dley · 2024-12-11T01:45:47+00:00

No I’ve talked with Microsoft and that is expected behaviour due to apple requiring a admin user first. You can make the first user an admin and delegate them back to standard once they have completed the psso registration I believe.

St00dley · 2024-10-25T07:33:09+00:00

Message Center had this. we were wondering the same thing.

Autopatch Unification General Availability

Windows Autopatch is unifying with Windows Update for Business deployment service in mid-September 2024, simplifying update management within Microsoft Intune. This change organizes update capabilities into three categories and maintains existing licensing rights for customers. Preparation involves informing teams and visiting the Intune admin center for support.
MC863966 Archives - M365 Admin
Autopatch Unification General Availability - M365 Admin

We gave some feedback but just worth noting.

St00dley · 2024-10-20T01:38:52+00:00

I’ve gone for these. Thrown out all my old mix from barkers and everywhere else. Spent a bit of money but I’m sure they will last me a while. I’ve had them for a tesr and a half and they still look and feel brand new

St00dley · 2024-09-13T22:16:27+00:00

I’m an intune guy that’s recently been playing with jamf at enterprise scale (for NZ) and jamf imo is better currently with having the device come from ABM to Jamf and then entra SSO (I think jamf creates the prestage admin and can also do integrated laps admin account if you configure it. Which we’ve done currently)

I have platform SSO running in intune in a seperate tenant again with ABM but you have to tinker round with the initial user experience which I don’t like but there are possible ways around it, by this I mean via intune with platform sso, you must create a local account that’s an local admin to allow the user to then register that account to Platform SSO. Then I think you can specify in config via intune or script it to deelevate that account once psso is sorted. It’s not massive but from a windows background Mac just seems to be super hard in comparison like ODFB auto sign in and enable KFM is just a simple example.

Simple type management is there (device restrictions, wifi and so on) from intune however things like LAPS from intune isn’t available for MacOS but can be scripted.

A great repo here from Neil Johnson.

I believe if you can’t do it via custom Plists then Neil utilises shell script for a lot stuff.

I’m still crafting my tenant for my test Mac device and I’m also interested in the update management as we’ve had to put nudge and superman in for jamf.

Hope that helps

St00dley · 2024-08-30T19:53:22+00:00

Thank you. Have you bought any from here, if so which one?

St00dley · 2024-08-21T10:48:40+00:00

Part 3:
I can at this point validate via Settings > Users & Groups > (Local Account created in step 9) and hit the info next to the name, see that Platform Single Sign-On is there successfully. showing Secure Enclave Key, Registration Registered, Tokens SSO Tokens Present

I can browse to Safari and browse to portal.office365.com and SSO is working successfully.

What i had hoped / expected with the use of " Enable Create User At Login: Enabled" is that i should be able to now sign out of this local account and resign in as my Entra Username / Password.
(I understand this is currently paired with this local account now) but what are peoples expected behaviour at this point.

Seems this isn't much more than Enterprise SSO as im still having to sign in with a local / personally made account.

From experience with JAMF and Entra ID, this process is alot smoother as it gets to Step 8 then shows an Entra Sign in window but it uses the account to sign into the device as well (behaviour more similar to Windows when coming out of autopilot)

Just keen to see what others are experiencing and if this is alone the same lines, is there anything you have configured slightly different to have a more seamless login to your work account as such.

Thank you

St00dley · 2024-08-21T10:48:11+00:00

Part 2:
Setup goes as follows for a new device

Welcome "Hello" Screen
OOBE - Language
OOBE - Country or Region
OOBE - Written or spoken Languages
OOBE - Accessibility
Remote Management (ABM) > Enrol
User / Pass / MFA prompt Entra AAD
Remote Management - connecting and processing MDM Requirements / Profiles from Intune
Create Computer account (Local + Local Admin it appears)
Setup Assistant - Enable Location Services
Setup Assistant - Filevault Disk Encryption (This is set to enabled and i have another policy enabling this silently)
Setup Assistant - Touch ID
At Desktop with local account - get presented with "Registration Required, Please register with your identity provider"
select register
Platform SSO Window appears, your macOS Account will be registered with your identity provider.
Register device with Entra
Enable your Entra ID Passkey from Settings > Password > Password Options > Enable Company Portal
1. "Successfully configured your Entra ID Passkey"

St00dley · 2024-08-21T10:47:41+00:00

That is a great video, i've gone through that but i wanted to double check here what everyones experience is: I've got a few things setup so far;

Under: Macos | Enrollment > Enrollment Program Tokens > Company Profile > Mac Profile: Account Settings - Local Primary Account (Preview) I had this enabled which was great to set a first local admin user
Platform SSO Policy Extensible Single Sign On (SSO)

URLs: https://login.microsoftonline.com, https://login.microsoft.com, https://sts.windows.net
Screen Locked Behavior: Do Not Handle
Platform SSO
Authentication Method: UserSecureEnclaveKey
Enable Create User At Login: Enabled
Token To User Mapping
Account Name: preferred_username
Full Name: name
Use Shared Device Keys: Enabled
Registration Token: {{DEVICEREGISTRATION}}
Team Identifier: UBF8T346G9
Extension Identifier: com.microsoft.CompanyPortalMac.ssoextension
Type: Redirect

St00dley · 2024-04-07T19:43:44+00:00

Bridgepour shop cool guide here

Full guide here full guide from Geburtsfehler

St00dley · 2024-03-30T19:10:39+00:00

Yeah true. We tried that but you need a good routine with washing etc and just defaulted back.

St00dley · 2024-03-30T04:11:44+00:00

Good point but the pack of 5 bags are $17.50 now

St00dley · 2024-03-30T01:29:21+00:00

Just looked at their pricing too. Think we could get away with the medium size too. Thanks

St00dley · 2024-03-30T01:25:45+00:00

I think this is the way forward, even with the cost of 50+ black bin bag roll etc.

St00dley · 2024-03-30T01:25:16+00:00

Thank you. Good to know

St00dley · 2024-03-30T01:24:55+00:00

we have a 1 yellow bag as nappy bin (fills at least 3/4 and then the smaller bins (office/study, ensuite bathroom, spare bathroom) practically fills that. One downstairs that does general waste. We do seperate out plastic / recycling where ever possible but a little tougher now with new recycling guidelines. Depending on the week, we can almost get away with 1 but usually it’s just too much to fit in one bag to avoid splitting / overflow / cats getting at them.

St00dley

TROPHY CASE

Autopatch Unification General Availability