I few months back I put together a little proof of concept utilizing the MicroMDM api to control UAMDM profiles with Munki by having Munki trigger the MDM profile install.
It seems like every time I bring it up I have people asking why I would want to do it this way. Here are my top reasons:
- It simplifies management. i.e. Most of our profiles are already in Munki, so it makes sense (in my mind at least) to have all of them managed in a similar way.
- It allows us to rely on Munki’s built in logic. I don’t need to recreate groups and/or smart groups within a commercial MDM. I already have it in Munki.
- We currently don’t have an MDM, and MicroMDM is free*!
*free in a sense that it only costs my time and effort
How It Works
In past blog posts I concentrated on specific parts of making it work, but I’ve never really given the complete overview. So here is what my workflow looks like:
Profiles are created via ProfileCreator and imported into Munki.
- Add a
- The preinstall does the actual installing of the profile, essentially calling the middleware and adding the profile from the Munki cache as it’s payload.
- I also added some python to write to the
ConfigProfileData.plistthat Munki uses to keep track of what profiles are installed.
- The uninstall script does the exact opposite.
- Add any other dependencies to the pkginfo file.
- I require the enrollment profile for MicroMDM
- The MicroMDM enrollment profile requires umad which nags users to approve the MDM
- Add the minimum os version for the profile
- Deploy to machine
The Finished Product
Here’s a gist of the completed pkginfo file.
and here is the result!