M365 Sensitivity Labels: The Virtue of Simplicity

Microsoft Purview Sensitivity Labels are all the rage these days; many organizations have already implemented them, or are in the process of doing so. Getting them right, however, is not guaranteed. And not getting it right from the beginning, can cause a headache down the road – reorganizing your labels or relabeling your data can … Continue reading M365 Sensitivity Labels: The Virtue of Simplicity →

Easter Adventures with Claude Code (and OpenAI Codex)

This Easter I have been experimenting with improving a script I wrote a few years ago, using Claude Code. The script is a Jamf Self Service script that lets users automatically rename files that OneDrive for Mac is not syncing properly because of illegal characters.I wanted to see if Claude could help:1. Find bugs, improve … Continue reading Easter Adventures with Claude Code (and OpenAI Codex) →

Smart Group workaround to determine which clients have software updates available in Jamf

As Graham Pugh and others have reported, running softwareupdate --list can cause the softwareupdated daemon to hang, also when softwareupdate is run as part of updating inventory in Jamf Pro. Pugh discovered that you can read the number of available updates using the following command: defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist RecommendedUpdates To be able to send notifications … Continue reading Smart Group workaround to determine which clients have software updates available in Jamf →

Simple update reminder for Jamf

On recent versions of macOS, reminding the user to update using Apple's Software Update dialog in System Preferences is often preferable to other update strategies. There are several ways to do it. One well-known solution is Nudge, which works well, but may be a bit too comprehensive for some. If you, like me, prefer simple … Continue reading Simple update reminder for Jamf →

Making sure Preview.app is the default PDF reader

Malware can sometimes come in the form of a PDF that contains embedded scripting language. Luckily, Apple's Preview.app, which is the default PDF reader on macOS, does not support most of Acrobat's features that can enable this type of malware. It is also much lighter than Acrobat Reader, and a great application. Making sure Preview.app … Continue reading Making sure Preview.app is the default PDF reader →

Catalina compatible Jamf Self Service policy to grant users temporary admin rights

If your organization mandates that users run as standard users, one way of allowing them to install software and perform operations where admin privileges are necessary, is to let them grant themselves temporary privileges. There are a few solutions out there already. With the introduction of macOS Catalina, Apple announced they were deprecating Python and … Continue reading Catalina compatible Jamf Self Service policy to grant users temporary admin rights →

Silent Office 365 upgrade using msupdate and Jamf

It is entirely possible to silently upgrade users from Office 2016 VL to Office 365/2019 without user interaction, provided they are already using Outlook with an Office email account. The only thing your users will see, is a window informing them Office is being activated the first time they start one of the Office applications … Continue reading Silent Office 365 upgrade using msupdate and Jamf →

Scripting CIS security recommendations

The nonprofit organization Center for Internet Security (CIS) regularly releases security recommendations for operating systems and software. Their CIS Apple macOS 10.13 Benchmark is for High Sierra, but most of the recommendations are relevant to Mojave as well. They categorize their recommendations into three categories, recognizing that some will negatively impact usability and perhaps aren't … Continue reading Scripting CIS security recommendations →