I first became aware of Jamf Setup Manager during JNUC 2023. It is a tool for provisioning Macs and at that time it was in private beta. Developed by Jamf consulting engineers in Europe, it was recommended to me as a means of provisioning before any user logs in.
Jamf Setup Manager’s primary mode is to run during Setup Assistant, the Mac’s out-of-the-box experience. Running during Setup Assistant was a dealbreaker for us as we were committed to using Auto Advance as an optimization for our technicians. After testing, I archived my configuration profile and moved on.
It’s now a little over a year later, and we’ve implemented three distinct provisioning processes, all with Jamf Setup Manager at the heart of them. So, what prompted this change?
Background
When I took my current job in July 2022, one of my major objectives was to fix MacBook provisioning. Because I was the first formal Mac admin at my employer, Mac provisioning had been a mostly manual, haphazard affair. My new team met for three days in September that year, working out a DEPNotify-Starter-based process1. We had two whiteboards: one filled with every problem in the manual process, and the other with all the steps we wanted in the new process. Turns out, that was foundational work for evaluating and building out processes in other provisioning tools.
Replacing DEPNotify
The process we built in 2022 worked really well for our help desk technicians, but it had some shortcomings. It had manual steps I wished I could have automated. It doesn’t work for drop-shipping MacBooks to employees.
But the worst part is that it uses DEPNotify, which should now be considered technical debt. DEPNotify hasn’t been updated in over four years, and there are now modern alternatives. Jamf itself has released more than one replacement.
In the meantime, some other things have changed. We now have Jamf Connect, which has its own Notify. We moved to Mac mini in our Zoom Rooms. They have a separate provisioning process, scripts driving swiftDialog.
On the Jamf Setup Manager front, version 1.1 shipped and addressed our two biggest issues: it can run at the login window, meaning it’s compatible with Auto Advance; and it can wait at a chosen point for the data entry portion to be complete. I was glad to find my configuration profile from last year and started testing the 1.1 beta. I filed some bugs which were resolved before 1.1 shipped.
Considering the alternatives
We wanted to find a tool that would cover three provisioning processes: MacBooks, Zoom Rooms Mac minis, and server Mac minis. (The latter had not yet been automated.) Preferably, the tool could run either before or after login and would allow us to enter data such as asset tag. We looked at Jamf Connect Notify, swiftDialog, Jamf Setup Manager, and Jamf Pro’s macOS Onboarding. DEPNotify was listed only for comparison purposes. Open our full comparison table.
Jamf Connect Notify was the first to get axed from consideration. While it is in a shipping product and Jamf Support is available, there have not been updates to this feature in years. Second, it was never going to work for Zoom Rooms. For multiple reasons, Jamf Connect doesn’t fit on a Zoom Rooms computer. Plus, Jamf Connect Notify only runs before login, and Zoom Rooms must be installed while a user is logged in.
In third place was macOS Onboarding. While it was the simplest to implement, it was deemed to be the least flexible. Any interactivity or data entry would have to be created in a Jamf Pro policy, probably with a swiftDialog script.
The decision
Deciding between building custom processes around swiftDialog and implementing Jamf Setup Manager wasn’t straightforward. Both would meet our needs. In fact, I had helped that along by contributing code that allowed swiftDialog to run at the login window. Initially, I expected to be writing a couple of swiftDialog scripts.
But in my research I came across comments Armin Briegel made in a presentation about the fragility of editing scripts that changed how I saw the problem space. We were deciding between a script-driven paradigm and a configuration-driven paradigm. swiftDialog, DEPNotify and its sister, Jamf Connect Notify don’t perform any of the work of provisioning. They report progress to the user/technician2. There’s a script that’s doing the work and telling the tool what to report. By comparison, Jamf Setup Manager and macOS Onboarding are kicking off policy installs based on configuration and also reporting on what they are doing. Our DEPNotify-Starter script is over 1000 lines. Almost all changes to it require a full wipe and re-provision of a Mac to ensure that the change is good and didn’t break anything.
Together, my team came to the consensus that while scripting was the most flexible option; it was also the most complex. Jamf Setup Manager was just right for us—moderate in both flexibility and complexity.
To make it less complex to configure, I jumped into the Jamf Setup Manager community in Mac Admins Slack, and contributed a profile manifest that allows for iMazing Profile Editor to build a configuration profile.
Now we have built out all three provisioning processes with Jamf Setup Manager. I hope in future posts to provide more details including how JSM helped us address problems in our existing MacBook provisioning process.
Part 2: Building Mac mini servers with Jamf Setup Manager
Part 3: Building Zoom Rooms Mac minis with Jamf Setup Manager
Part 4: Building MacBooks with Jamf Setup Manager
macadmin.fraserhess.com 
Leave a comment