This article provides guidance for resolving EPS (Endpoint Protection Standards) compliance tickets related to Apple devices (macOS and iOS/iPadOS).
You received an Apple EPS compliance ticket. What do you need to do? Check out the User Actions below, and follow the steps outlined for either your iPad, iPhone or macOS computer. An OIT Managed Desktop Services Support team member is assigned to each ticket to walk you through the process, and answer any questions you may have.
1. Paste the custom url below in your browser, e.g. Chrome, Safari, etc. This will automatically launch the Self Service application and execute the policy to run a computer check-in and an inventory update.
jamfselfservice://content?entity=policy&id=24154&action=execute
What you will see: Self Service Policy Messaging
2. Respond to the incident, and be on the lookout for communication from an OITMDS Support Team member.
Note: If the policy spins for more than 5 minutes, please restart your computer and try the policy again. We encourage you to restart your Macs regularly to avoid check-in issues.
Tip: Check out the Support App, the ❤️ in the menubar, to see "Last Reboot" and "Last Check-in"
⚠️===========================⚠️
Note: End of the user's responsibility
⚠️===========================⚠️
1. Add problematic devices to the appropriate Static Group in Jamf Pro (criteria to be determined):
Static Groups
• Computers: Apple EPS compliance - Additional work needed
• Devices: Apple EPS compliance - Additional work needed
2. Ensure the Username is populated in Jamf:
a. Navigate to: Device Record → User & Location → Edit
b. Populate Username with the user's email address and save changes.
Before closing a ticket, confirm the following in Jamf Pro:
macOS
iOS & iPadOS
1. Going to surplus
Delete the Jamf record, retire the CI in ServiceNow, and notify someone with ASM access to unassign the device.
2. Device Retained as inventory
Retire the CI, delete the Jamf record, and inform the user to contact OIT_DESKTOP_SUPPORT when redeploying or surplussing.
Note: Do not unassign from Apple School Manager
3. Device in inventory, but will be deployed soon.
As long as communication is established between the user and an OITMDS team member, NO ADDITIONAL ACTION is needed. However, it is imperative that we confirm if the computer needs to be provisioned before changing hands.
• SNOW data from Jamf updates just after midnight.
• EPS incidents are generated at 9:00 AM.
• Username and policy log may not always match (e.g., shared computers, generic accounts, assigned to LANTech)
A ticket is generated if a CI meets all of the following:
• Support group is 'OIT_DESKTOP'
• Status (install_status) is 'Installed'
• Discovery source is one of: NCSU-LDAP-Integration, SG-Jamf
• Is Virtual is false
• Model ID is not 'Microsoft Virtual Machine' OR is empty
• OU Path is not 'WOLFTECH.AD.NCSU.EDU/NCSU/OIT/OITMD/CLIENTS/FACIL/BLDGCTRL/LAPTOPS' OR is not empty
• Device Last Logon (Jamf check-in) OR Most Recent Discovery (Jamf inventory) is more than 50 days ago OR is empty
Title: Managing EPS Compliance Tickets for Apple Devices (macOS and iOS/iPadOS)
Service: Security Policy & Compliance
Template if applicable: NA
Assignment Group(s): OIT_DESKTOP_SUPPORT
Document Owner: OIT_DESKTOP_SUPPORT
Available Priorities: Medium, Low
Keywords: EPS, macOS, iPadOS, iOS, iPhone, iPad, compliance, Endpoint Protection Standard, Device, Apple, Computer