Hi all,
Sorry, my original reply was to clear up any misinformation around Windows devices rather than a reply to Peters question - I left that with Tom.
Alongside there is no such thing as a build there is another area of clarity required –
there is no such thing as network accounts for Mac.
With a Jamf managed devices, all accounts are local accounts. When you login to the device using your Imperial credentials a
local account is created based upon your credentials and passwords are kept in sync with Jamf connect (which speaks to Azure). We have not bound Macs to the network for many years and anybody currently using a domain bound Mac should stop. Should anybody
suggest we are using network accounts I will refer to this email.
The standard setup only allows one person to login to the device. We can (and already process requests to) make it so that
any College account (including guest/visitor accounts) can login to the device which
will make another local account on login with those credentials.
We can enable the Users and Accounts section (and in RITM0054412 this should have happened), and you can create another, non-College, local account. However, the new local account that gets created is
no different to the local account created by your first login (less the password sync via Jamf connect). It is actually a worse experience as you lose the device based wifi auth.
Alongside Tom, I will remind the Service Desk team leads about our stance on enabling the Users and Groups section to avoid things such as RITM0054412. As Tom has said, the automation will vastly reduce such cases.
Thanks,
Jason
-----Original Message-----
From: Willson, Thomas H <t.willson@imperial.ac.uk>
Sent: Wednesday, June 21, 2023 6:23 PM
To: Pietzuch, Peter R <prp@imperial.ac.uk>; Colling, David J <d.colling@imperial.ac.uk>; Bennett, Jason W <jason.bennett@imperial.ac.uk>;
Robb, Mike A <mike.robb@imperial.ac.uk>; Oliver, Gareth <w.oliver@imperial.ac.uk>; Stephenson, Richard <r.stephenson@imperial.ac.uk>;
Halimi, Amine <m.halimi@imperial.ac.uk>; Cohen, Jeremy <jeremy.cohen@imperial.ac.uk>; Haynes, Sian B <s.haynes@imperial.ac.uk>;
Shaw, Rosie A <r.a.shaw@imperial.ac.uk>; Boyle, David <david.boyle@imperial.ac.uk>; McLachlan, Duncan J <duncan.mclachlan@imperial.ac.uk>;
Taborda, David M G <d.taborda@imperial.ac.uk>; Wong, Harmony <w.wong@imperial.ac.uk>; Bearpark, Michael J <m.bearpark@imperial.ac.uk>;
Galvan, Stefano <s.galvan@imperial.ac.uk>; Bresme, Fernando <f.bresme@imperial.ac.uk>; Wood, Nicholas E M <nicholas.wood@imperial.ac.uk>;
Ochieng, Washington Y <w.ochieng@imperial.ac.uk>; Kamara, Lloyd D <l.kamara@imperial.ac.uk>; McCann, Julie A <j.mccann@imperial.ac.uk>;
Constantinides, George A <g.constantinides@imperial.ac.uk>; Villamil, Juan <juan.villamil@imperial.ac.uk>; physics-departmental-computing <physics-departmental-computing@imperial.ac.uk>;
White, Duncan C <d.white@imperial.ac.uk>; White, Luke A <luke.white@imperial.ac.uk>; French, Paul (PHOT) M W <paul.french@imperial.ac.uk>;
Craster, Richard V <r.craster@imperial.ac.uk>; Pietzuch, Peter R <prp@imperial.ac.uk>; Whitehouse, Dan <d.whitehouse@imperial.ac.uk>
Cc: Joannou, Ingrid <i.joannou@imperial.ac.uk>; Taylor, James A <james.a.taylor@imperial.ac.uk>
Subject: RE: Securing Imperial : Post Audit and Risk Committee Follow Up
Hi all,
Rather than multiple replies - I'll try and pick out the relevant queries and cover them in one email.
>> @Peter Pietzuch - what happened to the category of unmanaged research machines? At least Computing's (and I suspect other department's as well) concerns about compulsory MDM/JAMF-managed machines are not addressed by the information
below.
>> @Colling, David J - In all the discussion that we had (over about 4
>> months) we drew up a list of different categories of machines
>> including the category of unmanaged research machines, these had
>> slightly more support than BYOD and had JAMF (or windows equivalent)
>> installed but in a mode where it didn't interfere but only gave
>> warning
>> @Colling, David J - One was asset tracking only (which is what I meant by turning your college bought machine into a BYOD and I admit that I should have mentioned asset tracking), the next one up was the software just sent warning,
then different levels of management with greater access to the college systems as the management increased.
This was previous discussed at the last time this group met. However, I appreciate that not everyone was able to attend, and I should have included it in my email so apologies. That proposal went to UMB for approval/confirmation and
the recommendation was to setup a Cyber Security Taskforce who will regularly review/ratify the roadmaps for Cyber Security - this would include the approach that you've mentioned above. This group is in the process of being setup - sorry it wasn’t clear
in my original email.
>> @Whitehouse, Dan - I would just note that despite point 2 in Toms email (*Ability to create local accounts *), I believe that I have recently been involved in an email thread from the Service Desk with respect to ticket RITM0054412
(dated approximately 18th May or just before) when a request to set up a local account was refused on the basis that:
All I can say is that this is regretfully disappointing that we (ICT) are still sending out inconsistent messages - I thought we had sorted this issue but I'm disappointed that we haven't. I will again talk to the Service Desk to get
this resolved. When the fully automated self service feature comes in place hopefully this will reduce the chances even more.
Thanks
Tom
-----Original Message-----
From: Peter Pietzuch <prp@imperial.ac.uk>
Sent: Wednesday, June 21, 2023 6:01 PM
To: Colling, David J <d.colling@imperial.ac.uk>; Bennett, Jason W <jason.bennett@imperial.ac.uk>; Willson, Thomas H <t.willson@imperial.ac.uk>;
Robb, Mike A <mike.robb@imperial.ac.uk>; Oliver, Gareth <w.oliver@imperial.ac.uk>; Stephenson, Richard <r.stephenson@imperial.ac.uk>;
Halimi, Amine <m.halimi@imperial.ac.uk>; Cohen, Jeremy <jeremy.cohen@imperial.ac.uk>; Haynes, Sian B <s.haynes@imperial.ac.uk>;
Shaw, Rosie A <r.a.shaw@imperial.ac.uk>; Boyle, David <david.boyle@imperial.ac.uk>; McLachlan, Duncan J <duncan.mclachlan@imperial.ac.uk>;
Taborda, David M G <d.taborda@imperial.ac.uk>; Wong, Harmony <w.wong@imperial.ac.uk>; Bearpark, Michael J <m.bearpark@imperial.ac.uk>;
Galvan, Stefano <s.galvan@imperial.ac.uk>; Bresme, Fernando <f.bresme@imperial.ac.uk>; Wood, Nicholas E M <nicholas.wood@imperial.ac.uk>;
Ochieng, Washington Y <w.ochieng@imperial.ac.uk>; Kamara, Lloyd D <l.kamara@imperial.ac.uk>; McCann, Julie A <j.mccann@imperial.ac.uk>;
Constantinides, George A <g.constantinides@imperial.ac.uk>; Villamil, Juan <juan.villamil@imperial.ac.uk>; physics-departmental-computing <physics-departmental-computing@imperial.ac.uk>;
White, Duncan C <d.white@imperial.ac.uk>; White, Luke A <luke.white@imperial.ac.uk>; French, Paul (PHOT) M W <paul.french@imperial.ac.uk>;
Craster, Richard V <r.craster@imperial.ac.uk>
Cc: Joannou, Ingrid <i.joannou@imperial.ac.uk>; Taylor, James A <james.a.taylor@imperial.ac.uk>
Subject: Re: Securing Imperial : Post Audit and Risk Committee Follow Up
Hi David, Jason, Thomas,
I thought that unmanaged research machines would be asset-tracked in a database only and not have any ICT management software/policies running on them (no MDM/JAMF/etc, as the term 'unmanaged' suggests). Like BYOD, they would be prevented
from accessing certain critical College systems directly.
Cheers,
Peter
On 21/06/2023 17:03, David Colling wrote:
> HI Jason,
>
> This doesn't answer Peter's question. In all the discussion that we
> had (over about 4 months) we drew up a list of different categories of
> machines including the category of unmanaged research machines, these
> had slightly more support than BYOD and had JAMF (or windows
> equivalent) installed but in a mode where it didn't interfere but only
> gave warning. There was also the option of taking a college bought
> device and turning it into a BYOD by having JAMF removed (or never
> installed).
>
> These classes machines would have the limited access to college
> systems - essentially through web browsers etc. This was about
> managing risk so that college systems were safe and researchers and
> educators were still able to do their jobs.
>
> This we thought was a good solution for all concerned. In email
> conversations with Juan this is, I believe, what he thinks the
> situation to be. However, from Tom's communications it appears that
> this is not actually the case and that all machines will have JAMF (or
> windows equivalent) regardless of whether the user wants it or not.
>
> This will cause significant unhappiness and result in many people
> buying (especially) apple devices on their grants by routes other than
> through the college supplier. Whereas most would have been happy with
> the mode where their device was monitored and just received warnings
> (because most people do want to be good citizens) they now have no
> warnings and zero visibility to ICT.
>
> What was wrong with the solution that we all thought that we had agreed?
>
> Best,
> david
>
> On 21/06/2023 15:21, Bennett, Jason W wrote:
>> Hi all,
>>
>> With Toms permission I am just clarifying this section.
>>
>>
>> Windows Devices
>>
>> *All* Windows devices purchased via the College preferred channels
>> are automatically enrolled into our Intune tenancy.
>>
>>
>> Laptops
>>
>> * Very similar to the Jamf process.
>> * Sent to a staging centre after purchase to be Autopilot
>> pre-provisioned– meaning they can then be shipped straight to
>> customer.
>> * Are managed by Intune and Configuration Manager (Co-managed).
>> * Are Azure-AD bound but have no awareness of Active Directory (and
>> thus have no GPO applied).
>>
>> With laptops, and as with Jamf, *there is no such thing as a “College
>> build”* – we are using the OS as the vendor intended and applying MDM
>> profiles to apply, typically security orientated, settings.
>>
>>
>> Desktops
>>
>> * Although they are enrolled into Intune, they are typically sent
>> to
>> ICT to “wiped and loaded”. This includes reinstalling an OS,
>> alongside installing several applications.
>> * Devices are managed by Configuration Manager.
>> o In time they will also be managed by Intune.
>> * Devices have AD awareness and settings are applied via GPO.
>> * This is currently considered the Classic method, but in time will
>> be
>> Legacy.
>>
>> Other notes:
>>
>> * We have 15k active Windows devices in Configuration Manager.
>> o Of these, 2759 are co-managed between Intune and
>> Configuration
>> Manager.
>> * We are currently testing Autopilot on desktops and hope to roll
>> this
>> out soon.
>> * We will be updating the Device Management webpages in due course
>> to
>> outline both of the above outlined systems.
>>
>> Thanks,
>>
>> Jason
>>
>> *From:*Peter Pietzuch <prp@imperial.ac.uk>
>> *Sent:* Wednesday, June 21, 2023 12:52 PM
>> *To:* Willson, Thomas H <t.willson@imperial.ac.uk>; Robb, Mike A
>> <mike.robb@imperial.ac.uk>; Oliver, Gareth <w.oliver@imperial.ac.uk>;
>> Stephenson, Richard <r.stephenson@imperial.ac.uk>; Halimi, Amine
>> <m.halimi@imperial.ac.uk>; Cohen, Jeremy
>> <jeremy.cohen@imperial.ac.uk>; Haynes, Sian B
>> <s.haynes@imperial.ac.uk>; Shaw, Rosie A <r.a.shaw@imperial.ac.uk>;
>> Boyle, David <david.boyle@imperial.ac.uk>; McLachlan, Duncan J
>> <duncan.mclachlan@imperial.ac.uk>; Taborda, David M G
>> <d.taborda@imperial.ac.uk>; Wong, Harmony <w.wong@imperial.ac.uk>;
>> Bearpark, Michael J <m.bearpark@imperial.ac.uk>; Galvan, Stefano
>> <s.galvan@imperial.ac.uk>; Bresme, Fernando
>> <f.bresme@imperial.ac.uk>; Wood, Nicholas E M
>> <nicholas.wood@imperial.ac.uk>; Ochieng, Washington Y
>> <w.ochieng@imperial.ac.uk>; Kamara, Lloyd D
>> <l.kamara@imperial.ac.uk>; Colling, David J
>> <d.colling@imperial.ac.uk>; McCann, Julie A
>> <j.mccann@imperial.ac.uk>; Constantinides, George A
>> <g.constantinides@imperial.ac.uk>
>> *Cc:* Joannou, Ingrid <i.joannou@imperial.ac.uk>; Taylor, James A
>> <james.a.taylor@imperial.ac.uk>; Bennett, Jason W
>> <jason.bennett@imperial.ac.uk>
>> *Subject:* Re: Securing Imperial : Post Audit and Risk Committee
>> Follow Up
>>
>> Dear Thomas,
>>
>> Thanks for your email, but I'm confused now: what happened to the
>> category of unmanaged research machines? At least Computing's (and I
>> suspect other department's as well) concerns about compulsory
>> MDM/JAMF-managed machines are not addressed by the information below.
>>
>> Cheers,
>> Peter
>>
>> On 21/06/2023 12:39, Willson, Thomas H wrote:
>>
>> Dear all,
>>
>> Apologies for not sending out this email sooner.
>>
>> Recent events, such as the unfortunate incident at Manchester
>> University (as reported by the BBC
>>
>>
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
>> .bbc.co.uk%2Fnews%2Fuk-england-manchester-65855002&data=05%7C01%7Ct.w
>> illson%40imperial.ac.uk%7Cec40fadd39e9468de33308db72791ef8%7C2b897507
>> ee8c4575830b4f8267c3d307%7C0%7C0%7C638229636825496411%7CUnknown%7CTWF
>> pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6
>> Mn0%3D%7C3000%7C%7C%7C&sdata=pc1BE1XmthERipeBUE2U%2B2b3zVUWe8hTYoEYv2
>> PBC6M%3D&reserved=0
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.bbc.co.uk%2Fnews%2Fuk-england-manchester-65855002&data=05%7C01%7Ct.
>> willson%40imperial.ac.uk%7Cec40fadd39e9468de33308db72791ef8%7C2b89750
>> 7ee8c4575830b4f8267c3d307%7C0%7C0%7C638229636825496411%7CUnknown%7CTW
>> FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI
>> 6Mn0%3D%7C3000%7C%7C%7C&sdata=pc1BE1XmthERipeBUE2U%2B2b3zVUWe8hTYoEYv
>> 2PBC6M%3D&reserved=0>) and the
>> incidents that affected Imperials pension providers; SAUL
>> (https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.imperial.ac.uk%2Fhuman-resources%2Fpay-and-pensions%2Fpensions%2Fsa
>> ul%2Fsaul-data-breach%2F&data=05%7C01%7Ct.willson%40imperial.ac.uk%7C
>> ec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f8267c3d307%7
>> C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
>> DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
>> ta=JL2OAF2cqYAZxhIIoOXERpbwKsB7XtJgGviaeITgCgg%3D&reserved=0
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.imperial.ac.uk%2Fhuman-resources%2Fpay-and-pensions%2Fpensions%2Fsa
>> ul%2Fsaul-data-breach%2F&data=05%7C01%7Ct.willson%40imperial.ac.uk%7C
>> ec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f8267c3d307%7
>> C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
>> DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
>> ta=JL2OAF2cqYAZxhIIoOXERpbwKsB7XtJgGviaeITgCgg%3D&reserved=0>)
>> and USS
>> (https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.imperial.ac.uk%2Fhuman-resources%2Fpay-and-pensions%2Fpensions%2Fus
>> s%2Fcapita-cyber-incident%2F&data=05%7C01%7Ct.willson%40imperial.ac.u
>> k%7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f8267c3d3
>> 07%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
>> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C
>> &sdata=Itr1qKg%2Fw60L7b4rvbNkrLww9ieA4prc3apgWrKPyts%3D&reserved=0
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.imperial.ac.uk%2Fhuman-resources%2Fpay-and-pensions%2Fpensions%2Fus
>> s%2Fcapita-cyber-incident%2F&data=05%7C01%7Ct.willson%40imperial.ac.u
>> k%7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f8267c3d3
>> 07%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
>> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C
>> &sdata=Itr1qKg%2Fw60L7b4rvbNkrLww9ieA4prc3apgWrKPyts%3D&reserved=0>)
>> serve as a stark reminder as to the importance of Cyber Security –
>> including understanding the posture of our devices (e.g. patching,
>> central reporting, running supported operating systems etc.),
>> endpoint protection, MFA etc.
>>
>> At our last meeting, a number of issues were raised and hopefully
>> they should all be addressed below.
>>
>>
>> Standard Response
>>
>> The standard response that Academia (supplier of Apple equipment)
>> and the Service Desk should be providing members of Imperial if
>> they
>> ask about device management is:
>>
>> /We enrol all devices purchased by Imperial College London into
>> Apple School Manager, as we are contractually obliged to do by
>> the
>> College. The ICT department has provided the following
>> information:/
>>
>> /Devices are setup using Apple’s Mobile Device Management (MDM)
>> framework, details of which can be found on //Apple’s support web
>> pages/
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsu
>> pport.apple.com%2Fen-gb%2FHT204142&data=05%7C01%7Ct.willson%40imperia
>> l.ac.uk%7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f82
>> 67c3d307%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
>> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C
>> %7C%7C&sdata=HzfZYaXTV%2FRNJA4hx00MwGzFdhL7bs0nsIHaF8a6uGg%3D&reserve
>> d=0>/. /
>>
>> / There are no known performance issues with MDM,and itis highly
>> configurable. If there is a specific configuration you need for
>> your
>> work, please //contact the ICT Service Desk/
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.imperial.ac.uk%2Fadmin-services%2Fict%2Fcontact-ict-service-desk%2F
>> &data=05%7C01%7Ct.willson%40imperial.ac.uk%7Cec40fadd39e9468de33308db
>> 72791ef8%7C2b897507ee8c4575830b4f8267c3d307%7C0%7C0%7C638229636825496
>> 411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT
>> iI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=98eblGGnfHHTlJU1RZXGu
>> 39rWWcrBT7LN0JFe9WEZFM%3D&reserved=0>/who
>> will be happy to help./
>>
>> /Apple devices have been managed by ICT for over 10 years on an
>> opt-in basis, this is now mandatory to address the increased
>> threat
>> of cyber-attacks. In addition, it will also assist Imperial in
>> achieving //Cyber Essentials/
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.ncsc.gov.uk%2Fcyberessentials%2Foverview&data=05%7C01%7Ct.willson%4
>> 0imperial.ac.uk%7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575
>> 830b4f8267c3d307%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d
>> 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
>> C3000%7C%7C%7C&sdata=YkhbCSiF9oLOXRUezuUQ1hsxJ77dMnzxRevVwTyauDQ%3D&r
>> eserved=0>/which will
>> support some members of Imperial in their research applications./
>>
>>
>> Requestable Exceptions for Apple Devices
>>
>> We are aware of 3 additional features/capabilities, which are
>> exceptions that can be requested by logging a ticket with the
>> Service Desk and for which a self-service form to automatically
>> process these requests will be available in July-August 2023 (we
>> will be sharing the link to this form as soon as it is available)
>>
>> Those exceptions are:
>>
>> 1. *Ability to run unnotarised applications* (i.e. applications
>> not
>> downloaded from either the Apple App Store and/or
>> applications
>> not notarised). This is a one-time exception request and
>> lasts
>> for the life of the device not each time a member of Imperial
>> wants to run an unnotarised application. This is not
>> required
>> to run code that was developed on the device e.g. python code.
>> 2. *Ability to create local accounts *– this is possible upon
>> request. The primary user, who raised the request, can be an
>> admin and everybody a standard user.
>>
>> 3. *Ability to defer update warnings* – updates are not forced,
>> but
>> people will be alerted/reminded when updates are
>> available/required to be installed.
>> Historically ICT have alerted users when updates were available
>> with
>> additional popup notifications. Those notification had in the
>> past
>> resulted in our patch compliance reaching a peak of 79% on the
>> 20^th
>> July 2022. These additional notifications were disabled (in
>> January
>> 2023) as requested by some members of Imperial College because
>> Apple
>> had marked an OS upgrade to Ventura as a minor update.
>> Unfortunately, this has resulted in our patching compliance dropping
>> to an all-time low of 19% on the 24^th May 2023.
>>
>> The prompt installation of security updates is a key component in
>> the device against cyber-attacks with the aim of installing
>> updates
>> that mitigate critical/high rated vulnerabilities within 14 days
>> of
>> release.
>>
>> The new notifications that will be pushed out will look similar
>> to
>> the following:
>>
>> A screenshot of a computer Description automatically generated
>> with
>> medium confidence
>>
>> This will be reintroduced at the beginning of July 2023.
>>
>>
>> Jamf Platform
>>
>> Some questions were raised about the Jamf platform regarding
>> security standards, privacy notices etc. The Jamf website has a
>> considerable amount of information on these topics and is
>> available
>> here:
>>
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
>> .jamf.com%2Ftrust-center%2F&data=05%7C01%7Ct.willson%40imperial.ac.uk
>> %7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f8267c3d30
>> 7%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
>> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
>> sdata=P8Ipx4PXB70N3ZayUzpeMlPiMhKUG4Lfe76oKkpwqdg%3D&reserved=0
>>
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
>> w.jamf.com%2Ftrust-center%2F&data=05%7C01%7Ct.willson%40imperial.ac.u
>> k%7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f8267c3d3
>> 07%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
>> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C
>> &sdata=P8Ipx4PXB70N3ZayUzpeMlPiMhKUG4Lfe76oKkpwqdg%3D&reserved=0>
>>
>>
>> Python Development
>>
>> A number of people highlighted concerns around issues with Python
>> development on managed Apple Devices. Our RCS team (whose
>> devices
>> are managed by JAMF) have recently published a blog post which
>> people might find helpful -
>>
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblo
>> gs.imperial.ac.uk%2Fresearch-software-engineering%2F2023%2F04%2F20%2F
>> python-development-on-m1-macs%2F&data=05%7C01%7Ct.willson%40imperial.
>> ac.uk%7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f8267
>> c3d307%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
>> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7
>> C%7C&sdata=wXXEc%2BbleqRBSESIeZVU6AZ7kQyZh9SZ%2FXglZcbuE%2B8%3D&reser
>> ved=0
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbl
>> ogs.imperial.ac.uk%2Fresearch-software-engineering%2F2023%2F04%2F20%2
>> Fpython-development-on-m1-macs%2F&data=05%7C01%7Ct.willson%40imperial
>> .ac.uk%7Cec40fadd39e9468de33308db72791ef8%7C2b897507ee8c4575830b4f826
>> 7c3d307%7C0%7C0%7C638229636825496411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
>> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%
>> 7C%7C&sdata=wXXEc%2BbleqRBSESIeZVU6AZ7kQyZh9SZ%2FXglZcbuE%2B8%3D&rese
>> rved=0>
>>
>>
>>
>> Website Changes
>>
>> The content for the following website hasn’t changed
>> significantly
>> (aside from some updates to the FAQs). It is worth letting you
>> all
>> know that there the content for the Apple pages will be
>> completely
>> refreshed in the coming weeks.
>>
>> Windows Devices
>>
>> There were some questions if Windows devices were being dealt
>> with
>> in a similar way as Apple ones and they are: /any devices
>> purchased
>> since December via official channels would have been enrolled
>> into
>> our Intune tenancy – note this only applies to Windows laptops./
>>
>> Cyber Task Force
>>
>> I don’t have a date for its creation/setup yet but as soon as I
>> do
>> the information will be circulated.
>>
>> Thanks
>>
>> Tom
>>