Mac

Posted by Charles Edge on June 24th, 2015

We have some devices that we support that are running iOS 7. But iOS 7 is old and so we can’t support every option on the platform. So what should you expect to be supported on iOS 7?

  • Open In management – Protect corporate data by controlling which apps and accounts are used to open documents and attachments
  • App Store Licensing – iOS 7 supported managing licenses via VPP; however, it was through codes that were distributed in Excel spreadsheets. Bushel supports managing VPP licenses. But we do not support managing these types of codes and therefore do not currently support VPP on iOS 7.
  • DEP. Originally, DEP was called Streamlined Enrollment – DEP enables us to automatically enroll devices during activation and we support doing so on iOS 7.
  • Open In Management was introduced in iOS 7 and so we support that feature going back to iOS 7. Because Bushel cannot manage apps on iOS 7 though, we cannot manage Managed Open In for apps.
  • Lock Screen. Bushel can control lock, wipe, reset passcodes, etc. Bushel cannot manage Activation Lock Bypass for iOS 7 as that feature is not actually available on iOS 7.
  • Custom Payloads (e.g. those created in Configurator that run alongside Bushel):
    • New User Accounts
    • Enterprise Single Sign-on
    • Per app VPN
    • AirPlay Profiles
    • Disable Cellular Data in Apps
    • Disable Airdrop
    • Disable Find My Friends
    • Disable Host Pairing
    • Disable OTA PKI Updates
    • Disable Touch IDs to unlock devices
    • Deploy fonts via profiles
    • Web Content filtering
    • Controlling AirPrint

Overall, Bushel is not as helpful for iOS 7 as it is for iOS 8 and iOS 9. But we can do a lot of the basic tasks that many environments look to us to do. Before you plan on integrating Bushel into your business processes for iOS 7 and below, we strongly recommend testing each feature to verify that the feature actually works.

Posted by Charles Edge on June 12th, 2015

Bushel.com was updated this afternoon. Here is whats new.
Help Center
We’re going to try using Zendesk’s Help Center feature to manage our help articles. The feature essentially provides a simple CMS for providing support for our fantastic users. If you go to Bushel.com, there is now a link in the header called “Support”. It takes you to support.bushel.com.
From there, you can navigate into various Bushel topics to find the fix for a number of things you might be looking for. It also has a great search ability, helping you find all kinds of things we’ve written up here (and much more as time goes on). Here are other quick notes about this update:
  • You can leave comments on articles. This might help us keep making our content better.
  • You can rate the articles with a thumbs up or thumbs down. We can use this to determine the article’s quality and it can help guide us to more articles specifically designed to help you!
  • The Help Center has a feature called “Communities” where you can ask questions and request features. We haven’t started working on this just yet, but we may!
  • We’ve seeded the Help Center with the FAQs from Bushel.com. The intent is for the Help Center to be the source of all Bushel support content.
Chat Widget
You’ll also notice a new widget in the bottom right. If all goes well with this new system, the Bushel app will eventually get this same widget. I think the new workflow is pretty great. Look for more updates to this in the future.
Screen Shot 2015-06-11 at 10.01.38 PM
Everything Else
  • Banners and Logos ZIP files added for Affiliates (how fun is this, there’s a press page coming soon)
  • Environment detection scripts made better
  • More code cleanup (these last two things you’re likely not gonna’ care about.

Oh, and there’s an update to the web app coming in the next few days that you’re hopefully gonna’ love!

Posted by Charles Edge on June 11th, 2015

When you enroll devices into Bushel, you’ll be prompted for a name and email address. We use these two fields to setup the mail profile for users and display who has that device. You can see who a device is assigned to by clicking on the device in Bushel and checking out the Assigned To card, shown here.

Screen Shot 2015-06-11 at 9.45.41 AM

There will be times when you need to move the device to another user. To do so, you can either Unassign the device, which will blank out these settings or you can click on “Assign device” to configure a new Name and Email address for the user.

Screen Shot 2015-06-11 at 9.49.26 AM

And be careful, because when you reassign a device, the profiles will change, which at a minimum will remove and re-add mail accounts. If you do this en masse, be prepared for re-caching all the mail.

You can also use this method to deploy a generic profile to devices using a script or a tool like Apple Configurator.

Posted by Charles Edge on June 11th, 2015

We have a number of customers that are getting started with Bushel when they were already using another Mobile Device Management (MDM) solution. If you’re planning on migrating away from a different tool and using Bushel, there are a few things we’ve found that you might find helpful:

  • Co-existence for iOS. A device cannot be enrolled in two MDM solutions concurrently. This means if you want to install the Bushel enrollment profile on an iOS device, you’ll first have to use the Settings app to remove the Profile of the previous solution.
  • Co-existence for Mac. If you’re using a system for Macs that isn’t an MDM, then you can use both. For example, if you have the Casper binary installed on a device then the device could comfortably be in Casper and MDM with no problem. In fact, you could use your other management system to run the profiles command on your machines to automate the Bushel enrollment process. If the other solution is an actual MDM, then you’ll need to unenroll the device from the other solution before you install the Bushel profile.
  • Removing profiles. Most MDM solutions will allow you to mass unenroll devices by revoking the enrollment profile. This means that you can delete a device from an MDM and then you won’t have to remove the profile on the device itself. Time saver!
  • Mail. No MDM can remove a mail account. If you used an MDM to deploy a mail account then unenrollment from a previous MDM will also remove the account. Therefore, you may find users re-caching mail during such a migration. If so, I’d only do a few devices concurrently so their mail caches quickly. I’d also make sure your users know what’s going on so they don’t think contacts, calendars, etc are lost during the re-download of all their stuff.
  • FileVault. Oh, FileVault. If you deployed a FileVaultMaster.keychain using another solution, you will want to remove that or we won’t be able to properly manage FileVault. To do so, simply remove  the FileVaultMaster.keychain file from /Library/Keychains. Bushel must encrypt systems in order to escrow keys. Therefore, if the device has FileVault running, you’ll need to disable FileVault manually in order for us to grab the key and keep a copy of it.
  • Hidden Users and FileVault. Some solutions create a hidden account for use with administering Macs. When you attempt to enable FileVault on these accounts, they won’t appear in the list of available accounts to setup for FileVault access. Therefore, you will need to run a command in terminal to do so “sudo fdesetup add -usertoadd <NAMEOFUSER>”. This would be true no matter whether you were using Bushel (or another MDM) to enable FileVault or doing so manually. It’s the hidden nature of that administrative account. You could change the UID to be above 500 as well; however, that’s much more work than the easy fdesetup command provided here.

Posted by Charles Edge on May 15th, 2015

Two-factor verification on your AppleID helps to keep everything nice and secure. Once enabled, you will need any two  of the following to access your iCloud account: The password to your Apple ID, a device trusted in the portal (we’ll trust devices during this process) or a recovery key (which we’ll create during this process). In other words, don’t lose your recovery key!

To enable two-factor verification, you’ll need to already have a password with at least 8 characters that contains at least 1 number and 1 capital letter. Once your AppleID username and password meets these requirements, go to appleid.apple.com and sign in to the AppleID you will enable two-factor verification on. Once in the portal, to enable two-factor verification:

  • Click on Password & Security.
  • Enter the answer to the questions you set up.
  • Click on Get Started…
  • Click Continue on the next screen.
  • Read the first screen with information about two-factor verification.
  • Read the second screen and click Get Started.
  • Add your current phone number to start the verification process.
  • Enter the 4-digit verification code that gets texted to your phone.
  • Click on Verify for devices to trust.
  • Click Continue.
  • On the next screen, document your Recovery Key.
  • Click Continue.
  • Enter the Recovery Key to verify it.
  • Click Confirm.
  • Check the box to confirm you understand what you’re getting into.
  • Click Enable Two-Step Verification.
  • At the confirmation dialog, indicating that two-factor verification was enabled click Done.
  • Two-factor verification then replaces your security questions.

Again, don’t lose that recovery key!