Contents

Requirements:

• Local administrative permissions on the computer to be enrolled.
• Apple computer running MacOS Ventura, Sonoma, or Sequoia. 
• Active UCSBnetID and UCSBnetID@ucsb.edu email
• No other Antivirus installed other than the UC provided Trellix or FireEye Antivirus.
• Given FileVault Disk Encryption will turn off Bluetooth, to get past the login screen you will need also one or more of the following
  
  • Wired mouse and keyboard
  • Apple Branded wireless mouse and keyboard
  • Wireless mouse with a USB Dongle such as Logitech products (technically a usb connection to computer, bluetooth is to usb dongle not to computer)
  • Built in keyboard and trackpad such as with laptops

Recommended Prep:

1. OS updates - based on test computers, we will want to make sure all computers are fully up to date before trying to migrate them, the fewer changes that are going on at one time, the less stuff goes wrong and the faster the migration will be since the first thing the new JAMF instance does is run OS and App updates.
   1. All users have the ability to apply updates under system preferences >> general >> software update >> Also available >> "more info" hyperlink in blue (if you are updating your current Ventua or Sonoma OS instead of upgrading to the latest Sequoia OS).
   2. MacOS Sequoia is still fairly buggy as of March 2025 and unless the computer is on an unsupported OS that is no longer getting security updates like Monterey, we rather people stay on a stable OS.
2. Unencrypting hard drives - this is an added security feature, also known as Filevault, that encrypts either the full hard drive or a user account. If you have enabled it at the user level, please turn it off. Once we migrate to the new jamf instance, we will re-encrypt so expect a pop up about encrypting your account or enabling FileValut after the transition. Filevault / Disk encryption makes it harder to access data and files if a computer is stolen, which is generally a good thing, but we don't want the computer accidentally wiping itself because it thinks the JAMF transition is an attempt to access/steal stuff.
3. Backups - If you are not already using Crashplan (Office of Research provided tool) or similar free software such as Google Drive to backup your desktop and documents, or doing time machine backups to a portable hard drive to back up your entire disk or some other backup method, it would be a good idea to do so before we do any major changes to your computer. You can sync your bookmarks in both Chrome and Firefox between computers or export them to HTML files. Plan for the worst, hope for the best, and settle for something in between. Please let me know if you need any help setting this up, ECI's contact email is help@engineering.ucsb.edu
4. Removing other antivirus software other than Trellix/FireEye: Unfortunately antiviruses tend to not play nice and it's recommended that you only have one on your system at a time. Jamf will automatically install Trellix/FireEyE antivirus software on all managed computers.

Enrollment Procedure (Part 1):

1. On the computer being enrolled, use Safari or Chrome to navigate to https://ucsb.jamfcloud.com/enroll:

   

2. Authenticate using your UCSBNetID credentials (and Duo if prompted). Note that any user with valid UCSBNetID credentials can perform Computer enrollment:

   

   
   

3. Use the dropdown to specify the Jamf site the computer should be assigned to. CECI = College of Engineering (don’t use “None”!)
   If an incorrect Jamf Site has been selected during enrollment, submit a Jamf Request specifying the serial number and desired Site; the EUCE team will reassign the computer accordingly.

   If there is no drop down and you are using the URL instead of an invite: STOP! 

   Quit the safari window and then open up a new safari window in "private browsing"
   If no drop down is shown, that means its auto assigning you to a group and it most likely is going to be the wrong group

   
   

   Please be very careful at this step, if you are unsure of what to pick, stop and email ECI (help@engineering.ucsb.edu) or your departmental IT person.

   Errors at this step can result in days of delay. While most members of the College of Engineering will be under CECI, not all will be. 

   Members of BioE, CNSI, ECE, IEE, MECE and MRL may be under multiple sites depending on funding and group and thus should always check before picking. 

   

   
   

4. Specify a full UCSBNetID email address for the device assignee if you do not wish to self-assign it; the magnifying glass should be clicked to search valid accounts against UCSB identity. Simply typing an email in and clicking enter has caused errors, so always click the magnifying glass to avoid issues. A successful match will display a check mark at the right of the field. Note that technicians can adjust this later in Jamf Pro after enrollment. Click “Enroll” after the user and site are correct.
   

   
   

5. Click continue..

   
   

   

   
   

6. Your browser will download an MDM profile (“enrollmentProfile.mobileconfig”) to its default download location.

   

   
   

7. If you do not automatically see the following flyout notification, locate the downloaded mobileconfig file and double-click it to initiate installation (may be necessary if using Chrome):

    

8. To approve the MDM Profile, navigate to the Apple Menu | System Settings:

   

   
   

9. Search for “Profiles” to bring up the MDM Profile configuration panel, and double-click the “MDM Profile”:

    

10. Verify that the URL targets the Jamf service at “ucsb.jamfcloud.com” (last line below). If it targets any other server, stop here and contact ITSS EUCE or the campus IT security team.

    

    
    

11. Click “Install”:

    

    
    

12. Provide local administrative credentials to approve the profile installation and click “Enroll”.

     

13. Following successful enrollment, you will see a series of MDM configuration profiles apply (this will vary by site):

    

    
    

14. Email help@engineering.ucsb.edu so a System Administrator can assign your computer to the appropriate departmental group within the College of Engineering instance. Include your computer's name in the email so that we can find it on the list. For example Computer Science has additional software only available to computer science students, faculty and staff. IEE, TMP, SSLEEC, ENMT and CHNE also have paid software that is not installed by default for computers in the general group for the College of Engineering. 

Enrollment Procedure (Part 2):

1. Schedule a meeting in person or via Zoom with ECI. ( If you are part of the CS faculty and/or are familiar with the command line in terminal you may be emailed the commands that you have to execute on the terminal for Part 2 of this process)
   1. ECI will assign you to the appropriate departmental group(s) if your have not already been assigned to them.
   2. Many pieces of paid software such as Microsoft Office are tied to group membership and NOT general enrollment in Jamf
2. Please note there are several additional steps after being assigned to a group. For example, more than one reboot may be required to encrypt computer hard drives and this will generate pop ups the first time you sign in after said reboots. You will want to click yes for "enable FileVault".
   1. If there are multiple admin accounts, those will have to be authorized for Filevault to work on all accounts and to allow the other admin accounts, not just support, to decrypt your drive if you forget your password.
3. ITS and UCOP are REQUIRING Trellix/FireEye Antivirus and generally making sure your computer is NOT A SECURITY RISK. UCSB is no longer going by the honor system given some antivirus do not have automatic daily scans or active protection and computers can get infected if the installed antivirus is not actively protecting the computer.
4. Your IT person will go over with you the specific steps for your department/group.