I took the SUP-2024 exam last month, September 20, 2024 and i only got 68%. The passing mark is 75%

I thought everything was covered by the built in 14hour course by Apple. I only studied for 5 days by reading through the course and googling some free or limited 2023 practice exams (some of which had wrong answers too). I noticed how there were a lot of questions that weren't in the 14hour course, and how I should've actually read every article (about 130+ URLs?) in "Review the Learning Objectives" portion of the Apple training site.

So over the course of almost a month, I chose to slowly study a few hours a day instead of cramming everything in a short amount of time. I was able to make about 640 flash cards on Brainscape to help me review the topics.

I will try to take the exam again soon. I hope i didn't overstudy and cram my brain again. There's a lot of topics covered after all. Please wish me luck!

This is the link to my Brainscape study: https://www.brainscape.com/p/6499Y-LH-DAFMC

This is the link to Apple's "Review the Learning Objectives": https://it-training.apple.com/tutorials/support/supx02/

If you're bored, maybe you can also say hi in case i'm live on Twitch. my Twitch is also iggyneer.

Best of luck, we have a time limit after all, in case a new SUP-2025 releases in a few months 😂

Some background. I have Macs managed in Jamf Pro using Meraki MR for wireless. 802.1x works perfectly fine if manually connecting.

I am trying to push out this SSID using a Jamf profile. I've followed the documentation from Jamf including uploading the identity certificate. Auto join is ticked and the profile is pushed to the device but at not point is the device prompting for the users credentials to join the SSID.

Have I misunderstood and will the device only auto connect if I supply credentials within the profile itself?

The network is shown as a known network in the Wifi drop down menu.

Hello we have a problem with setting's on MacBooks or in the network configuration

When colleagues hava a long password for the wifi on our network the crash when typing the password

so the get the screen of not connecting, please troubleshoot the wifi.

But our question is is this a problem with our network or settings in mac

Hi,

Do you know when the IT training sessions will include the new OS versions, such as iOS/iPadOS 18.x and macOS 15.x?

I understand that you can't download apps from the App Store using a Managed Apple ID. This makes me wonder what is the purpose of having them at all?

Hi.

Does anyone know how to programmatically (via Apple Shortcuts, or command line/scripting) toggle a Filters & Proxies mobileconfig profile? Ideally in macOS and iOS.

In short, I have a NextDNS config profile installed. However, when I connect to certain public wifi hotspots it interferes with my connection and I have to toggle it to disabled (and then subsequently forget to re-enable it).

I would like to have it for example, be disabled when I connect to certain SSIDs or simply create a widget/automator action that I can use to quickly toggle it (instead of delving deep into System Settings). I have searched around here on Reddit as well as on the WWW - but it seems niche enough to have not been very well addressed! I attempted to create multiple Locations in my network settings but this doesn't seem to work.

Thanks in advance!

https://preview.redd.it/wvzzpgh8j5ud1.png?width=964&format=png&auto=webp&s=7b247201a75eeb4c6bcd3ebe4ffdef1b94582676

Afternoon all,

I have deployed the app Charles Proxy via our MDM (Intune) and I have it working to install etc just fine, but the missing part is bloody helper tool it needs to configure itself for proxying on macOS!

I have tried automating this by moving / re creating the helper tool and preference etc, so far no joy and I found a few articles on this method so tried to push my own but no good.

I am using pkg app type deployment from Intune with a post install script or plan to, but the script is yet (testing localyl) to set the permissions as expected.

https://community.jamf.com/t5/jamf-pro/allow-standard-user-to-enable-macos-proxy-when-use-charles-web/m-p/232970

https://community.jamf.com/t5/jamf-pro/application-requires-admin-rights-after-installing/m-p/234140/highlight/true

Anyone else got this to work?

#!/bin/zsh

# Define log file
LOG_FILE="/Library/Logs/Microsoft/IntuneScripts/CharlesProxyHelper.log"

# Create the log directory if it doesn't exist
if [[ ! -d "/Library/Logs/Microsoft/IntuneScripts" ]]; then
    /bin/mkdir -p "/Library/Logs/Microsoft/IntuneScripts"
    /bin/chmod 755 "/Library/Logs/Microsoft/IntuneScripts"
fi

# Log function to append to log file
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

log_message "Starting Charles Proxy postinstall script..."

# Unload and remove any existing LaunchDaemon for Charles ProxyHelper
if [[ -e "$3/Library/LaunchDaemons/com.charlesproxy.helper.plist" ]]; then
    log_message "Found existing LaunchDaemon, unloading and removing..."
    /bin/launchctl unload "$3/Library/LaunchDaemons/com.charlesproxy.helper.plist" 2>&1 | tee -a "$LOG_FILE"
    /bin/rm -f "$3/Library/LaunchDaemons/com.charlesproxy.helper.plist" 2>&1 | tee -a "$LOG_FILE"
fi

# Copy the ProxyHelper to PrivilegedHelperTools
log_message "Copying ProxyHelper to /Library/PrivilegedHelperTools..."
/bin/cp -f "$3/Applications/Charles.app/Contents/Library/LaunchServices/com.xk72.charles.ProxyHelper" "$3/Library/PrivilegedHelperTools/" 2>&1 | tee -a "$LOG_FILE"
/usr/sbin/chown root:wheel "$3/Library/PrivilegedHelperTools/com.xk72.charles.ProxyHelper" 2>&1 | tee -a "$LOG_FILE"
/bin/chmod 544 "$3/Library/PrivilegedHelperTools/com.xk72.charles.ProxyHelper" 2>&1 | tee -a "$LOG_FILE"

# Create a new plist for the LaunchDaemon
log_message "Creating new LaunchDaemon plist..."
cat << EOF > "$3/Library/LaunchDaemons/com.charlesproxy.helper.plist"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.charlesproxy.helper</string>
    <key>MachServices</key>
    <dict>
        <key>com.charlesproxy.helper</key>
        <true/>
    </dict>
    <key>Program</key>
    <string>/Library/PrivilegedHelperTools/com.xk72.charles.ProxyHelper</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Library/PrivilegedHelperTools/com.xk72.charles.ProxyHelper</string>
        <string>--install</string>
    </array>
    <key>StandardErrorPath</key>
    <string>/tmp/com.charlesproxy.helper.log</string>
    <key>StandardOutPath</key>
    <string>/tmp/com.charlesproxy.helper.log</string>
</dict>
</plist>
EOF

log_message "Setting correct permissions on plist..."
/bin/chmod 644 "$3/Library/LaunchDaemons/com.charlesproxy.helper.plist" 2>&1 | tee -a "$LOG_FILE"

# Load the new LaunchDaemon
log_message "Loading the new LaunchDaemon..."
/bin/launchctl load "$3/Library/LaunchDaemons/com.charlesproxy.helper.plist" 2>&1 | tee -a "$LOG_FILE"

log_message "Charles Proxy postinstall script completed."

exit 0

Is it possible to delete a keychain login item from all users on a mac? Ideally scripted form our MDM (Jamf).

This works for the current console user, but I owuld like it to go clear form each user if possible:

security delete-generic-password -l "Jamf Connect"

Greetings everyone!

This is my first time managing MacOS devices so forgive me if I appear to be clueless.

I want to create a script that i can use to deploy to Mac devices in my org to change the existing admin password on there to a newly set password and want to deploy this using intune.

I've tried searching up online for scripts and have tried a couple so far - the script runs successfully but the admin password is still the same.

Here is one example of the script i've last used that was successfully deployed but the password still remains the same -

# !/bin/bash

# Variables

username="admin"  # Replace with the admin username

new\_password="Test123456!"  # Replace with the new password

# Change the password

sudo dscl . -passwd /Users/$username $new\_password

# Update the keychain password (optional)

security set-keychain-password -o old\_password -p $new\_password /Users/$username/Library/Keychains/login.keychain

echo "Password for user $username has been changed."

Any help around this would be greatly appreciated!!!

Thanks!

Hello folks,

I'm trying to set up MS defender for our iPhones but they're not in Intune only JAMF, I can install it onto the phones via the app store but can't figure out how to link that to Intune in a way which doesn't involve enrolling all 400 odd devices we've got in Intune.

I've tried to configure MS Defender using the JSON creation in the configurator but haven't had any luck.

Any ideas?

I've got our org setup with XCreds for Azure AD. We're using MFA as well. I have some users that have Yubico USB keys and I have one as well. For MFA with my test account, all of the options I have enabled in my Microsoft Account show up with XCreds for MFA: Outlook App Approval, Text Message, etc... EXCEPT my Security Key.

For any other service we have with MFA with Azure AD auth, I have the key as an option.

I wonder if there is something I need to do/add on the App Registration in the Azure portal that isn't in the XCreds docs?

Hey everyone,
We’ve been using ABM and Intune successfully to enroll PCs via the Company Portal (users download and sign in). For our older Mac users, we’ve been asking them to download the Company Portal as well manually. However, we’re now trying to set up Zero-Touch enrollment for new Mac users enrolled through ABM from the start.

The new Macs show up in Intune viam ABM, but they aren't associated with the user, and these two new users can’t download any apps from the App Store—not even free ones.

Has anyone else faced this issue with user association or App Store restrictions? Any advice would be appreciated!

**** Post-edit:

Sorry for the delayed response. Everyone's contributions have been very enlightening and encouraging. This might be too much information, but I landed this IT role organically so I am still trying to grasp the essence of what I'm doing. On the other hand, it seems to me that Microsoft is constantly either changing the rules or restricting their standard operating procedures. Additionally, I noticed that there are different ways to approach solutions. In this particular case, I'm going with what Cozmo85 and Entegy are saying. I appreciate everyone's answers.

Hey all,

I have a bunch of Macs that just will not process management commands (like lock or wipe) sent from Jamf.

They install profiles and run policies just fine. Other computers process commands just fine.

All of the affected machines are DEP (with a handful of exceptions, UIE is disabled). There are a range of OS versions ranging from 12.5.0 (the main reason this one is being locked) up to 14.5. All of them are checking in to Jamf, some of them every 15 minutes for several months.

I'd be willing to believe that some are blocking Apple's servers, but others barely know how to log in to the machine.

Any ideas?

EDIT: They are all managed. I do not have physical (or remote) access to them.

Has anyone enabled this feature in your organization?

We are trying to meet a compliance that says to block all incoming connections by default & then just allow the ones you need. Each time we turn this on it breaks Zscaler even though we add Zscaler to the allowed list. Once it breaks Zscaler then no traffic can make it to or from the internet.

My coworker thinks the "Block all incoming connections" is more of a lockdown mode and doesn't honor the allow list. Can anyone confirm this?

This setting is in System Settings -> Network -> Firewall -> Options ->

I'm running MacOS 15.1 but most of our company is still on 14.7 for now.

1. any macos guys here why cant we package an application as it tried to install or use the following folder - var/folders/zz/ [13:29] really annoyin [13:29] Hi there - we're a typical corp using JAMF and we're having a problem packaging an application as it tries to write into Failed to create installer package: ProcessError(terminationStatus: 1, output: Optional("xattr: [Errno 1] Operation not permitted: '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/com.cyberark.CyberArkEPM.304287562120500.scripts/Install CyberArk EPM.app/Contents/CodeResources'\nxattr: [Errno 1] Operation not permitted: '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T ZScaler /Applications/ZscalerDigital Guardian (DLP) /Applications/DGNetopsFilter.appCrowdStrike /Applications/Falcon.appQualys /Applications/QualysCloudAgent.appMicrosoft Defender /Applications/Microsoft Defender.app 12:42 Wondering if anyone knows why we get this error I am wondering if its something within our build? 12:43 something to do with SIP /EDR or any other mac tool already tried some things with to troubleshoot I've seen the
2. [14:05]https://community.jamf.com/t5/jamf-pro/cyberark-epm-deployment/m-p/231656/page/2 theres some old stuff here as were using Jamf but any ideas along the bottom seems to be some interesting workaroundsJamf Nation

There are a couple of iMac that my company wants to wiping our proprietary data from it and give it out as charity. Being relatively new to the Apple ecosystem, I am finding a challenge getting into the recovery mode. I hold the command key + R but the pc still boots normally

I need some help here

We are testing out smart card auth for office 365 since MS Remote desktop does not support forwarding fido2 from macos. We have a fairly small test group and two users are having issues.

The two users that are having issues can use the yubikey smart card cert over remote desktop. Locally one of them does not get the cert prompt at all and the other only sees their mdm cert. I've had them try to get the cert prompt both with office 365 login and https://certauth.cryptomix.com/

To test I have them fully quit out of Chrome or Safari plugin they yubikey wait for it to stop flashing and then launch chrome or safari and try and login.

Other users with the same version of chrome (129), safari (18.0), and macos 14.7 don't have issues. The MDM cert is from Kandji and the smart card cert is from ADCS and all certs were created with the same template over remote desktop to the same windows server and the cert is loaded in slot 9a for everyone. For the user that does not see any cert prompt they created a new user profile on their mac and it still does not show up, they tried another mac running I think macos 13 with the same key and it showed the prompt.

I know we can use things like fido2 and company portal to turn the mac into more or less a fido2 key but management want's to limit the number of options we direct users to use for day 1 🤷.

Hi everyone, I'm new to macOS management and responsible for overseeing 20 iMacs (iMac21,1). I'm currently facing some challenges with user control and system management. At the moment, I have to install software manually on each machine, and users are making unauthorized changes like removing icons, resetting passwords, opening some apps and settings for fun and more.

Is there a way to use one iMac as a central server to control all the others using any software or network solution (preferably free cost? I also need to restrict user permissions so students can only browse the web (blocking sites like YouTube and TikTok), and have access to just the Desktop and Downloads folders—without being able to edit, access any software, or make any changes to settings, icons, or files.

Any advice or recommended tools would be greatly appreciated!

I'm working with a team that'll be doubling headcount from 10 to 20 over the next year. Currently all folks use a Mac and are based in the US. We may hire and need to procure Macs for folks overseas in the future as well.

Making sure our macs are assigned to ABM seems like step 1. What are some thoughts on a very easy MDM solution to implement. The team likely won't have an IT resource for a few years, so I'll be left with managing the assets (finance guy). The only thing we want to be able to do with an MDM is wipe the machines when a employees rolls off. I don't really want to spend time/effort implementing anything beyond that.

Hello,

I am discovering the jungle of MDM solutions for macOS. I have for the moment setup Apple Business Manager and I would like to have my users sign in with Google Workspace SSO.

I have tried Jamf Now (free for < 4 devices) but I finally understood that getting a solution that “easily” does SSO with Google Workspace is a paid extra service (and for Jamf you need to have already dozens of devices).

Is there a solution that is free for a small number of devices ? I am aware of sso.tax so it might not exists…

What would you do ? Also, what features should I be looking for from an MDM considering I have a tiny (non-US based) startup of less than 5 people ?

EDIT: added that the business is not in the US, so no ABE.

FleetDM seems to be the only self host option on the MDM market that covers all O/S right now, has anybody tried it out?

I inherited an issue. Our Jamf Pro lost connection to Intune a year ago. My supervisor wants the Macs back in Intune. Do I need to terminate the connection and redo it? If I do that, will I have to do anything with the 50 something devices to get them to sync again?

Me again! The guy flailing about trying to understand stuff cause our main mac guy is on vacation!

Apparently he setup computer labs to NOT have iMovie installed. But I've got an Instructor who needs it.

I might be able to figure this out eventually but I've never done it so anything anyone can send me to help me get across the finish line faster would be stellar! I've got till next Wednesday to figure it out!

We use JAMF Pro so how can I use that or some other means to push iMovie out to 30 computers in a lab? Or is my only option to sit at each one and download it?

Thanks!

Hey,

We are expanding a repair business from windows / android to also cover iOS devices and macs and I need to set up a content cache in a rack.

How do you people manage remote macs? I saw that VNC is rather insecure, does Apple Remote provide any additional security?

We have a very narrow ISO 27001 scope and wouldn’t like to pick additional systems to manage outside standard Apple tools, but I am open to advice!

Okay, I'm not actually sure how to word thing to get any sort of useful Google result so sorry if this is easier than I'm imagining.

So where I work we've mainly had one guy doing Mac support for about 30 years. I'm trying to learn what I can as fast as I can but it's a slow process. Our main Mac guy has gone on vacation and of course now is when everything blows up.

I've got a situation where in one of our labs, there seems to be a couple of local accounts that were created but hidden. I know nothing about this. When I log in with our Admin accounts, these accounts do not show up. I can't see their home folders. But I CAN log in with these accounts at which point they do show up in the accounts list and I do see their home folder and whatever else.

How do I reveal these accounts so that I can modify passwords or whatever? If I install software under the lab admin account, will it be available for these hidden accounts? Why would our main Mac guy have chosen to hide these?

Thanks.

Hi all! I am loosing my mind with this connection to AD and I really hope there's someone who can steer me in the right direction at least.

So here's the issue, I succesfuly bind MacBooks to the Active Directory, no issues there, if I log off there's the "Others.." option to log in with network account, the object is created in AD and everything is great!

HOWEVER, after restart the option to log in with network accounts disappears, there's a red dot in the upper right corner that says "Network accounts unavailable". I then login with local user and try to unbind the computer but I get an error "Unable to access domain controller", (I'm able to ping the domain controller) In the Users & Groups section in the System settings network account server is there and has a green dot, when I click on Edit it says "This domain is responding normally."...

I feel like I'm missing something in the setup and most probably something isn't set right on the domain controller. Does anyone have any idea where to look, what to try?

PC's are joining the domain no issue.

I would very much like to avoid using NoMAD/Jamf.

Thanks!