At least two MDM vendors are going to be supporting the `InstallApplication` verb in the MDM Specification for the Mac. Why does this matter? As Apple encourages the adoption of MDM and DEP together for configuring user machines, the Munki community (and for that matter, the Puppet and Chef community) saw a path forward that didn't include our favorite open source software installation agent.
Enter SimpleMDM's revelation that they will support installing your Munki agent. Couple that with the ability to use profile management services to establish the necessary preference keys for Munki to run, and you have the ability to deploy a DEP-enrolled machine to a user as part of a no-image workflow.
Erik Gomez from Pinterest has also been cracking this particular nut, and has been working with a major-but-unnammed-MDM Vendor to do the same thing for his team at Pinterest. His four-part blog series is absolutely worth your time, because it clearly lays out what the process is going to be to get this done within your organization, and what you're going to have to do as part of the process.
This isn't going away, the smoke is only growing, and it's a matter of time before we all see what's on fire. (The Answer is: Your Imaging Workflow)
I'll be trying to get SimpleMDM going for our org internally and setup with DEP in the not distant future. Happy thoughts!
I'm Concerned About The Security Of Your Shit
One of the trends that has developed in the IT world that I would really like to see reversed is the decrypting of all TLS traffic on a given corporate network in the name of security monitoring. So, apparently, is US-CERT who released a bulletin this week for everyone who's doing just that warning that you are probably making your users less secure. Their directive comes from a position of technical opinion, not because it's really just wrong, and it has to do with the settings a lot of these proxying systems use.
So, generally, I recommend not decrypting your users' traffic, but if you have to, at least read that bulletin, OK?