New Mac Setup & Reload Guide (1:1 Devices)

This guide outlines the setup process for brand-new university-owned Macs or devices that have been recently wiped/reloaded by iTech.
Because these devices are registered automatically through procurement, the setup happens directly within Apple's initial Setup Assistant. 

CRITICAL – Network Requirements at Setup 

Jamf Connect handles your initial login using your university Microsoft credentials. Jamf Connect does not support eduroam at the initial setup screen. 

Before you begin, please ensure the Mac is connected to one of the following: 

  • Wired Ethernet (Highly Recommended) 

  • A home Wi-Fi network or mobile hotspot 

  • The USM Limited campus network 

  • Any standard Wi-Fi network that only requires a password

Step 1: Initial Apple Setup Assistant 

  1. Turn on the Mac. Choose your Language and Region. 

  1. Connect to a compatible network (see requirements above). 

  1. A Device/Remote Management screen will appear stating that the University of Southern Mississippi can automatically configure your computer. Click Enroll. 

    Uploaded Image (Thumbnail)
    You will be prompted to enter your Microsoft credentials at a University-branded sign-in window in order to enroll your device.

    Uploaded Image (Thumbnail)

Step 2: Initial Login via Jamf Connect 

  1. The standard Mac account creation screen will be replaced by a university-branded Microsoft Sign-In window. 

  2. Log in using your primary Microsoft credentials: wID@usm.edu and your password. 

  3. Jamf Connect will securely authenticate your identity and automatically create your local macOS user account matching your university credentials. 

Step 3: Post-Enrollment & Asset Tracking 

Once your desktop loads, Jamf Pro will begin processing campus policies in the background. Please complete the following prompts as they appear: 

  1. FileVault Encryption: You will receive a prompt to enable FileVault disk encryption. Click Enable or Restart if prompted. Jamf Pro will automatically encrypt the drive and securely escrow your recovery key to the cloud.

  2. Asset Tag Prompt: A dialog box will appear asking for the six-digit USM asset number. IMPORTANT: Enter numbers only. 

  3. Keychain Access Prompt: A macOS system prompt will appear asking for permission for Self Service + to access your keychain. 
    Action Required: Enter your university Microsoft password and click Always Allow. 


    CRITICAL: You must select Always Allow. If you select "Allow" or "Deny," this prompt will continuously reappear and interrupt your work.

Going Forward: What to Expect 

The Native macOS Login Screen - Once the initial setup is complete, policies have finished processing, and your FileVault encryption key is securely escrowed, the Jamf Connect login window will deactivate. Going forward, you will log into your Mac using the original, native macOS login screen with the password you just established. 

Password Changes 

If you reset your university Microsoft password in the future, the Self Service + menu bar app will indicate that your local Mac password and identity provider (idP) password are out of sync. You can instantly re-sync them by clicking the + icon in the menu bar at the top right of your screen.  

Uploaded Image (Thumbnail)
Changes to User Account & Admin Access 

  • Standard Account: To comply with security standards, your user account is configured as a standard user. The only persistent administrator account on the device is the secure iTech account. 

  • Admin by Request (ABR): If you need to install an app or run an administrative task, you can self-elevate your account for one hour. Click the ABR icon (a green checkmark) located in your menu bar at the top right of the screen to initiate a session. Click here to learn how to use Admin By Request.

Print Article