{"id":14295,"date":"2025-03-28T13:25:57","date_gmt":"2025-03-28T18:25:57","guid":{"rendered":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/"},"modified":"2025-08-14T12:05:48","modified_gmt":"2025-08-14T17:05:48","slug":"standard-for-uw-milwaukee-apple-macintosh-computers","status":"publish","type":"page","link":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/","title":{"rendered":"Standard for UW-Milwaukee Apple Macintosh Computers"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-summary\">Summary<\/h2>\n\n\n\n<p>This document defines and describes the standard expected for all University of Wisconsin-Milwaukee<br>owned Macintosh devices. The underlying standard for all 51ÁÔÆæ-owned devices is full compliance with UW-System &amp; 51ÁÔÆæilwaukee policies and practices. The steps outlined here function as a guide to ensure that 51ÁÔÆæ\u2019s Apple Macintosh devices meet this standard and maintain the security and integrity of UW data accessed, generated, and stored on these devices.<\/p>\n\n\n\n<p>This standard streamlines the provisioning, deployment, and support of the devices throughout their lifecycle. Devices that fail to comply with these standards may be ineligible for support from Campus Technology Support and University IT Services and may be excluded from campus services such as file storage, printing, and network access.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>All campus Macs must be enrolled in Apple\u2019s deployment services (DEP).<\/li>\n\n\n\n<li>All campus Macs must be enrolled in 51ÁÔÆæ\u2019s official Mobile Device Management (MDM) solution.<\/li>\n\n\n\n<li>All campus Macs for faculty, staff, or student use will authenticate using a cloud-hosted identity provider (IdP).<\/li>\n\n\n\n<li>All campus Macs must run a supported version of the Macintosh operating system, macOS.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-campus-mac-standard-in-detail\">Campus Mac Standard in Detail<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>All campus Macs must be enrolled in Apple\u2019s deployment services (DEP).<br><\/strong>\n<ul class=\"wp-block-list\">\n<li>Apple provides deployment services through Apple School Manager via their Device Enrollment Program (DEP) which is critical to device provisioning and management. Having a device enrolled in Apple School Manager does not necessarily mean that the device is managed but is necessary for automating the management process.<\/li>\n\n\n\n<li>Device serial numbers enrolled in Apple School Manager are tied to 51ÁÔÆæ. During the device setup process, MDM configuration information is automatically pushed to the device even if it had previously been removed from management, had its boot volume replaced, and\/or is no longer connected to a 51ÁÔÆæ network.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>All campus Macs must be enrolled in 51ÁÔÆæ\u2019s official Mobile Device Management (MDM)<\/strong> <strong>solution<\/strong>.<br>\n<ul class=\"wp-block-list\">\n<li>Mobile Device Management is handled by Jamf Pro and is where devices come into management after being activated through DEP. It is in this phase that CIS device hardening standards, UWSystem Policy, and 51ÁÔÆæ practices are applied.  <\/li>\n\n\n\n<li>These settings are applied to provide adequate protection for all campus data accessed, created, or manipulated on these devices.<\/li>\n\n\n\n<li>Devices whose primary function requires non-compliance with UW-System Policy (e.g., a computer used to research the effects of malicious software) are still required to be in management; however, they can have the applied policies limited to meet the needs of the use case. Before a device can be excluded from any management policy, a business use case for the exception must be documented and approved by the 51ÁÔÆæ Information Security Office. <\/li>\n\n\n\n<li>These exceptions will require compensating controls be applied to ensure system integrity. See the section on noncompliance at the end of this document for further information.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>All campus Macs for faculty, staff, or student use will authenticate using a cloud-hosted<br>identity provider (IdP).<\/strong><br>\n<ul class=\"wp-block-list\">\n<li>Microsoft Azure Active Directory (AD) is currently the approved cloud-hosted identity provider for UW-Milwaukee and Jamf Connect is used to authenticate users and sync local account information with directory services. This enables users to securely authenticate to their devices and services without the need to be physically located on campus or be connected to campus via VPN.<\/li>\n\n\n\n<li>Azure AD services are used to enforce minimum requirements for password and passphrase complexity and expiration, account lockout policies and other UW System authentication requirements.<\/li>\n\n\n\n<li>The use of Jamf Connect with Azure AD allows for full compliance with authentication policies, follows best-practice recommendations from Apple, and provides the best possible user experience for any computer not directly connected to the 51ÁÔÆæ network.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>All campus Macs must run a supported version of the Macintosh operating system, macOS.<br><\/strong>\n<ul class=\"wp-block-list\">\n<li>New versions of the Macintosh computer operating system, macOS, typically include new security features in addition to patches for vulnerabilities, therefore every effort is made to ensure devices in the fleet are running the latest version of macOS wherever possible.<\/li>\n\n\n\n<li>Apple releases new versions of macOS annually in the Fall and releases are supported with feature updates for one year and security updates for three years. Apple typically discontinues all macOS and hardware support for devices after seven years. This leaves devices capable of running an OS that is patched with security updates from Apple up to nine years after it was released.<\/li>\n\n\n\n<li>Example of macOS release support from Fall 2020:\n<ul class=\"wp-block-list\">\n<li><strong>macOS 11.01<\/strong> \u2013 Released in Fall 2020, feature and security updates from Apple, highest supported release for 2013 devices.<\/li>\n\n\n\n<li><strong>macOS 10.15<\/strong> \u2013 Released in fall 2019, security updates from Apple, highest supported release for 2012 devices.<\/li>\n\n\n\n<li><strong>macOS 10.14<\/strong> \u2013 Released in fall 2018, security updates from Apple, highest supported release for 2011 devices.<\/li>\n\n\n\n<li><strong>macOS 10.13<\/strong> \u2013 Released in fall 2017, unsupported, highest supported release for 2010 devices.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>To ensure that Apple devices remain secure, the device\u2019s primary OS should not fall out of support. If research requirements or other extenuating circumstances dictate the need for unsupported versions of macOS, they should be compartmentalized in virtual machines or removed from the network where possible. Devices that cannot run a supported version of macOS should be replaced.<\/li>\n\n\n\n<li>Please refer to the <a href=\"https:\/\/panthers-my.sharepoint.com\/:w:\/r\/personal\/cookcj_uwm_edu\/_layouts\/15\/guestaccess.aspx?e=m7nUY4&amp;wdLOR=cA3B7EE37-2BC5-554B-AA68-211EEE29D206&amp;share=ETv_d5Z3CUdGnADiYfprdyUB_uVQJkgKh07ebAja9K6YJA\">CTS Support Practice for Managed Apple Devices<\/a> for more information.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-noncompliance\">Noncompliance<\/h2>\n\n\n\n<p>Devices needing to operate outside of this standard will need:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A documented business need for noncompliance.<\/li>\n\n\n\n<li>Compensating controls applied to ensure that the goals of the original policy are met.<\/li>\n\n\n\n<li>Approval by the 51ÁÔÆæ Information Security Office that the business need is valid and that the<br>compensating controls are adequate.<\/li>\n<\/ul>\n\n\n\n<p>Approvals for noncompliance are subject to period review. Failure to comply with information technology resource policies are addressed in UW System Regent Policy Document 25-3: <a href=\"https:\/\/www.wisconsin.edu\/regents\/policies\/acceptable-use-of-information-technology-resources\/\">Acceptable Use of Information Technology Resources<\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary This document defines and describes the standard expected for all University of Wisconsin-Milwaukeeowned Macintosh devices. The underlying standard for all 51ÁÔÆæ-owned devices is full compliance with UW-System &amp; 51ÁÔÆæilwaukee policies and practices. The steps outlined here function as a &hellip;<\/p>\n","protected":false},"author":1652,"featured_media":0,"parent":1013,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":"","uwm_wg_additional_authors":[]},"class_list":["post-14295","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Technology Resources<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Standard for UW-Milwaukee Apple Macintosh Computers\" \/>\n<meta property=\"og:description\" content=\"Summary This document defines and describes the standard expected for all University of Wisconsin-Milwaukeeowned Macintosh devices. The underlying standard for all 51ÁÔÆæ-owned devices is full compliance with UW-System &amp; 51ÁÔÆæilwaukee policies and practices. The steps outlined here function as a &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology Resources\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-14T17:05:48+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@51ÁÔÆæ_IT\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/standard-for-uw-milwaukee-apple-macintosh-computers\\\/\",\"url\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/standard-for-uw-milwaukee-apple-macintosh-computers\\\/\",\"name\":\"Standard for UW-Milwaukee Apple Macintosh Computers - Technology Resources\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/#website\"},\"datePublished\":\"2025-03-28T18:25:57+00:00\",\"dateModified\":\"2025-08-14T17:05:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/standard-for-uw-milwaukee-apple-macintosh-computers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/standard-for-uw-milwaukee-apple-macintosh-computers\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/standard-for-uw-milwaukee-apple-macintosh-computers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IT Policies\",\"item\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Standard for UW-Milwaukee Apple Macintosh Computers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/#website\",\"url\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/\",\"name\":\"Technology Resources\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Technology Resources","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/","og_locale":"en_US","og_type":"article","og_title":"Standard for UW-Milwaukee Apple Macintosh Computers","og_description":"Summary This document defines and describes the standard expected for all University of Wisconsin-Milwaukeeowned Macintosh devices. The underlying standard for all 51ÁÔÆæ-owned devices is full compliance with UW-System &amp; 51ÁÔÆæilwaukee policies and practices. The steps outlined here function as a &hellip;","og_url":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/","og_site_name":"Technology Resources","article_modified_time":"2025-08-14T17:05:48+00:00","twitter_card":"summary_large_image","twitter_site":"@51ÁÔÆæ_IT","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/","url":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/","name":"Standard for UW-Milwaukee Apple Macintosh Computers - Technology Resources","isPartOf":{"@id":"https:\/\/uwm.edu\/information-technology\/#website"},"datePublished":"2025-03-28T18:25:57+00:00","dateModified":"2025-08-14T17:05:48+00:00","breadcrumb":{"@id":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/uwm.edu\/information-technology\/policies\/standard-for-uw-milwaukee-apple-macintosh-computers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/uwm.edu\/information-technology\/"},{"@type":"ListItem","position":2,"name":"IT Policies","item":"https:\/\/uwm.edu\/information-technology\/policies\/"},{"@type":"ListItem","position":3,"name":"Standard for UW-Milwaukee Apple Macintosh Computers"}]},{"@type":"WebSite","@id":"https:\/\/uwm.edu\/information-technology\/#website","url":"https:\/\/uwm.edu\/information-technology\/","name":"Technology Resources","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/uwm.edu\/information-technology\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-04-24 11:17:10","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/14295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/users\/1652"}],"replies":[{"embeddable":true,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/comments?post=14295"}],"version-history":[{"count":16,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/14295\/revisions"}],"predecessor-version":[{"id":15349,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/14295\/revisions\/15349"}],"up":[{"embeddable":true,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/1013"}],"wp:attachment":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/media?parent=14295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}