ITS technicians will be migrating all ITS-supported Macs from NoMAD to Jamf Connect for user authentication.

Prerequisites

• You have Jamf Pro access with the following permissions:

  • PreStage Enrollment edit

  • Object deletion

  • Site tagging

  • Static group assignment

Instructions

Part 1: Before we have the computer

1. Log into Jamf with your NetIDadmin.

2. Check the serial number to ensure that the computer can support Jamf Connect. Generally, this should be a computer that can support the newest version of macOS (version 15 Seqouia). You can check a computer’s model on Jamf, or on the Apple warranty website.

   Open

   

3. In the ticket, send the client instructions to back up their data. You can use the Data Backup Confirmation Jira form, published externally. The client must respond to this with a confirmation that the data is backed up. If they request assistance with data backup, they will have to book an appointment with an FTE.

4. Once we receive confirmation from the Jira form by the client that they have sufficiently backed up their data, we can send the drop-off canned response in Jira.

Part 2a: We have the computer - prepare for imaging

1. Check the serial number of the computer to make sure we are working on the correct machine.

2. Check for litigation holds and capture the image if needed. Follow instructions here: https://uconn.atlassian.net/wiki/spaces/AIT/pages/3446636862

3. Search for the computer via its serial number in Computers → Search Inventory.

   Open

   

4. Find the current PreStage assignment and click on it.

5. Navigate to Scope → Edit. Then search for the computer via its serial number and then un-check it. Then select Save.

6. Return to the computer’s page in Jamf and then delete its Jamf object. This cannot be undone.

7. Assign a modern PreStage for the computer. Navigate on the sidebar to Computers → PreStage Enrollments. If the computer will be used by a single user, select JAMF CONNECT - LAPTOP, DESKTOP. If the computer will be shared in a lab or other multiple-user environment, select JAMF CONNECT - LAB.

8. Navigate to Scope → Edit, search for the computer via its serial number, make sure it is checked, then select Save.

Part 2b: We have the computer - imaging

You will now fully erase the computer and install the newest supported version of macOS. If the client computer runs Apple silicon (M1, M2 Pro, etc.), use Method 1. If the computer runs an Intel processor (i5, i7, etc.) or otherwise runs into issues with Method 1, use Method 2.

Method 1 (Apple Configurator)

You will need a second Mac with Apple Configurator installed for this process.

Follow the instructions provided by Apple to restore the Apple silicon Mac: https://support.apple.com/en-us/108900

Method 2 (Internet Recovery)

You will need access to a hard-wired Internet connection (Ethernet).

Follow the instructions provided by Apple to install the newest supported version on the Mac: https://support.apple.com/en-us/102655

Part 2c: We have the computer - enrolling into modern management

The computer should be at the “Hello” screen ready to proceed with out-of-box-experience (OOBE) setup. You should have the computer connected to hard-wired internet (Ethernet).

1. Navigate through the setup prompts. This will include steps such as as selecting a region and language.

   1. If it asks you to create a user account or sign in with an Apple Account/ID, the PreStage enrollment was not assigned properly. Stop here and ensure the assignment was set correctly. Then restart the computer and try this step again.

2. When asked to enroll under management for University of Connecticut, select Enroll. This step may take a few minutes.

3. If asked, enable Location Services.

4. When the computer is at the UConn-branded Microsoft Entra ID login screen (click to expand → ), enrollment is complete.

5. In Jamf, search for the computer via its serial number. Select the computer object then select Edit.

6. Under the Site dropdown, select the appropriate tag for the device. For ITS-managed machines, select MWManagedWorkstation. In the Asset Tag field, add the UConn inventory tag (Cxxxxx). Then select Save.

7. Add the staff member who will be assigned to this asset. This is usually the person who is the reporter for the ticket. Navigate to the User and Location section, then select Edit.

8. Search for the assigned employee via their published name (UConn email name), then select Search.

9. Select the employee’s NetID.

10. Select Save.

11. Add the computer to appropriate static groups. On the sidebar, navigate to Computers → Static Computer Groups. Most single-user machines managed by ITS will be placed in mwManagedWorkstation - Staff / Faculty, and shared machines will be placed in mwManagedWorkstation - Lab.

12. Select the static group and navigate to Assignments → Edit. Search for the computer via its serial number and ensure that it is checked. Select Save.

13. Allow the computer to be left online for about 15 minutes to receive policies and configuration profiles.

14. You can now send the canned response for device pick-up for the client.

Part 3: We return the device - optional first-time sign-in setup

If the client wants, we can assist with the first-time sign-in. If they do not want to set it up at the time of pick-up, inform them about FileVault. After the second sign-in of the computer, they may be prompted to enable FileVault. They must allow it if prompted. If they defer or deny it, they will run into issues in the future with updates that can only be fixed by wiping the computer again.

1. Have the client log into their computer using their UConn email and password.

2. Download any standard-issue applications from Self Service.

3. Set up OneDrive with folder sync/backup.

4. Demonstrate administrator rights self-elevation.