[Draft] Depot Mac Builds

Owned by Kristen Nemchik Bolger
Last updated: Aug 03, 2023
3 min read

Take Responsibility in TeamDynamix for the pertinent Build tasks

Apple DEP and MDM

  • Ask Mac Engineering in Slack to assign the machine serial number into either the At Home MDM or the On Campus MDM

    • If the serial has not been enrolled by the vendor with Apple (either ITS Tech Shop or CDW) it will not appear in ASM (Apple School Manager) and Mac Engineering cannot put it in the MDM

    • Escalate to the Depot Inventory & Purchasing Team so they can work with the vendor to get it in DEP

  • Mac Engineering will confirm the machine’s MDM assignment and instruct you to wait about 20 minutes before pre-staging in Izzy

Pre-Stage Mac Machines

If the machine is being rebuilt for a new user, search the serial number to pull up the system detail in Izzy, click “Delete System” then start these next steps

  • Type or copy/paste the machine serial number in Izzy and click [Stage or Claim]

  • Next you must choose the Organizational Unit or Department to proceed

  • Click “Rename System” and confirm the correct policy domains are set

    • Laptops set to “Notebook + IronIzzy (encryption)”

    • Desktops set to “Desktop” unless otherwise specified

    • Optionally you can set the Izzy Name to the MiWorkspace asset tag number on the machine

Often the ticket does not specify a build - to resolve this:

  • Many Organizations/Departments only have one active Mac build for laptop or desktop

  • Ask the Responsible/most knowledgeable NIT group to ask to confirm the build info before Pre-staging

    • For instance, some units want “Hardened” or encrypted desktops

Build Process

  • Plug the machine into both AC power and Ethernet

    • You may need additional adapters to provide the all the necessary ports

    • Building machines on docking stations is not supported

  • Turn on the machine and get to the boot into the Recovery environment:

M1 / M2 Newer Macs

Older Macs

Hold down the power button

Hold down [Option]+[CMD]+[R]

  • Select the Mac OS to install

    • New machines should automatically have the latest OS as an option

    • If it doesn’t, build to the latest OS available, then update to the latest OS manually by logging in afterward with UM-Support and triggering the update

  • Allow the build process to complete - the machine should reboot once

  • Accessibility Options choose not now

  • Remote Management is Available for this Device hit Next

  • After some installing graphics the UM login screen will appear

Post-Build

  • Log into the machine with the UM-Support account

  • Allow the progress bar on the MiWorkspace Software Center to finish loading and then choose the option “Log Out” to trigger installation of the final drivers

  • Verify the build succeeded

    • Go to System Preferences and check the User Profiles > if “Enable FileVault” exists it should be good

    • If Enable FileVault doesn’t come down, ask Mac Engineering if they can push it to the machine

      • Or to do it yourself go to Applications > Utilities > run the “Sync Inventory with MDM”

      • Reboot when it finishes running, and log in with UM-Support to check for FileVault again

  • Update TeamDynamix ticket tasks to reflect a successful build or issues encountered

    • Commonly Build/Deliver tasks are combined into one so do not mark complete until the delivery has been completed in these cases

  • Rename the Ticket Title to reflect the NIT neighborhood and office where the machine needs to be delivered to - per the Neighborhoods document

N1/Stamps

N1/UMTRI

East/AL

S1/Woto

S2/ASB

C1/Ruthven

C2/NQ

C2/Rack

C2/KINES

C4/UHS

C4/Pharm

C4/SEAS

C4/Shapiro

C5/Union

C5/SAB

C5/Ford

C5/SSW

C5/SOE

  • Create a Depot Delivery Sheet that includes the Ticket number, Task number, destination, list of all pieces to be delivered, and include any asset tag numbers. Print 2 copies.

  • Place the computer, any peripherals, and the delivery sheets together on the delivery shelves