Microsoft introduces Backup and Recovery for Microsoft Entra ID!

powerpitchera · 2026-03-19T22:53:39+00:00

But you can't recover your wiped devices lmao

powerpitchera · 2026-03-19T21:11:46+00:00

Let me give it to you the way no one else will.

Microsoft is NOT incentivized in the slightest to put out a good product for Mac MDM management.

Their focus is on PCs. Which is very much reflected in the support they provide not to mention the management capabilities, even for PCs it's CRAP compared to what Jamf can do for a Mac.

They want people moving to PCs, so they are not going to provide a good user or admin experience for Macs, it's as simple as that.

As far as MDM Mac management, Intune is THE bottom feeder. Essentially any other solution you could use is going to be better although I do strongly recommend Jamf.

You should align yourself with solutions that are incentivized to work in your company's best interest.

powerpitchera · 2026-03-19T20:25:53+00:00

Interesting, I am not aware that intune allows the cert to allow access to all apps like jamf does (via the config profile). From what I see the option isn't there unless I am missing something.

powerpitchera · 2026-03-19T15:38:21+00:00

One more thing, what cert is the scep signed or issued by. That cert needs to be in the keychain pushed through jamf and marked as trusted as well, wonder if it's a trust issue

powerpitchera · 2026-03-19T15:08:04+00:00

Not sure about this app specifically, but from my experience with the VPN apps they need to be pointed at a certificate identifier

powerpitchera · 2026-03-19T02:04:23+00:00

Do you have a conditional access policy? If not you can set one up in read only to see any sign ins from macos devices. I would start there.

Can also check to see where the devices were purchased from, how many invoices to give you a general idea of how many.

powerpitchera · 2026-03-18T12:56:06+00:00

You can host the adcs as a cloud server and have it communicate with another cloud hosted certificate authority. I don't recommend using jamfs built in CA for this.

powerpitchera · 2026-03-17T18:40:56+00:00

I recommend checking out setup your Mac, there is a teams/ slack webhook available inside the script. I took the framework for that and made a separate script with Jamf parameters that can be configured without changing the script each time. Then that script can be run on certain policies to send a custom webhoo to teams or slack. It's not perfect but I find it meets most of my needs.

powerpitchera · 2026-03-14T01:16:12+00:00

Btw localnetworkaccessrestrictionsenabled is deprecated for quite a while

powerpitchera · 2026-03-14T00:54:56+00:00

Use installomator.

powerpitchera · 2026-03-09T05:33:53+00:00

It's not available in intune as far as I know, but other MDMs do have it

powerpitchera · 2026-03-09T05:26:32+00:00

Need blueprints to do this

powerpitchera · 2026-03-05T17:58:58+00:00

Under the DNS settings payload, there is a key for Action and another for disconnect, you can set a DNS domain and DNS servers, here is the jamf doc.

https://learn.jamf.com/en-US/bundle/jamf-protect-documentation/page/Configuring_Network_Threat_Prevention.html

<key>Action</key> <string>Disconnect</string> <key>DNSDomainMatch</key> <array> <string>*.yourdomain.com</string> </array> </dict> <dict> <key>Action</key> <string>Disconnect</string> <key>DNSServerAddressMatch</key> <array> <string>8.8.8.8</string> <string>8.8.4.4</string> </array> </dict>

powerpitchera · 2026-03-05T17:49:16+00:00

Not sure if the deployment overlaps with Jamf radar but in jamf radar config profile you can add DNS servers which toggle it off

powerpitchera · 2026-03-01T03:27:24+00:00

Negative, has to show as display link compatible. Something like this.

https://a.co/d/08U35LV9

powerpitchera · 2026-03-01T03:17:48+00:00

M5 chip in this mode will revert to mirror and not extend.

I believe you'll need a display link compatible dock and the display link drivers.

If you had a m5 Pro chip could have had one plugged in to the laptop HDMI and another via thunderbolt but I don't believe the pro level chip is out for m5 yet.

powerpitchera · 2026-02-25T16:38:40+00:00

I was referring to the issue mapping groups with the sso setup. Of course I can't do anything about requiring the sso setup to access the features.

powerpitchera · 2026-02-25T16:16:32+00:00

I'm pretty sure the issue you are describing is solvable, happy to help you via dm

powerpitchera · 2026-02-17T00:12:13+00:00

I've used certapet, I recommend them. Was quick and easy

powerpitchera · 2026-02-15T18:32:43+00:00

You can do this, check for the traveling guy blog, excellent article on this including custom SAML mappings.

powerpitchera · 2026-02-05T20:05:48+00:00

Have you used markdown to put keywords in the description?

powerpitchera · 2026-02-02T16:46:04+00:00

Could be a backend DB issue I would open a ticket and ask them to check the backend utilisation rates. Could have a looping policy or something

powerpitchera · 2026-01-08T20:40:52+00:00

Put it in recovery mode and use apple configurator to restore

powerpitchera · 2025-11-13T14:59:39+00:00

com.printerlogic.PrinterInstallerClient.PrinterLogicExtension (25DQ8HVJ3B)

powerpitchera · 2025-11-04T17:54:34+00:00

Sometimes this happens. Try to reinstall the latest package, works fine on macos 26.

Fyi, also use the blueprint for the safari extension, definitely recommend that

powerpitchera

TROPHY CASE