Affinity Macos



Processor affinity, or CPU pinning or 'cache affinity', enables the binding and unbinding of a process or a thread to a central processing unit (CPU) or a range of CPUs, so that the process or thread will execute only on the designated CPU or CPUs rather than any CPU. This can be viewed as a modification of the native central queue scheduling algorithm in a symmetric multiprocessing operating system. Each item in the queue has a tag indicating its kin processor. At the time of resource allocation, each task is allocated to its kin processor in preference to others.

MacOS installation instructions (OS X 10.9 or later) From your generated Affinity order invoice: Select your Product key and Copy to clipboard. Select the download button to download app. From Finder: Navigate to your Downloads folder. . Mac App of the Year Winner. Faster, smoother and more powerful than ever, Affinity Photo continues to push the boundaries of professional photo editing software. We are pleased to announce updates for the MacOS release of all of the Affinity Suite, to version 1.8.6 These updates make our applications fully compatible with Big Sur and optimised for the Apple M1 chipset (Apple silicon).

Processor affinity takes advantage of the fact that remnants of a process that was run on a given processor may remain in that processor's state (for example, data in the cache memory) after another process was run on that processor. Scheduling that process to execute on the same processor improves its performance by reducing performance-degrading events such as cache misses. A practical example of processor affinity is executing multiple instances of a non-threaded application, such as some graphics-rendering software.

Scheduling-algorithm implementations vary in adherence to processor affinity. Under certain circumstances, some implementations will allow a task to change to another processor if it results in higher efficiency. For example, when two processor-intensive tasks (A and B) have affinity to one processor while another processor remains unused, many schedulers will shift task B to the second processor in order to maximize processor use. Task B will then acquire affinity with the second processor, while task A will continue to have affinity with the original processor.

Usage[edit]

Processor affinity can effectively reduce cache problems, but it does not reduce the persistent load-balancing problem.[1] Also note that processor affinity becomes more complicated in systems with non-uniform architectures. For example, a system with two dual-corehyper-threadedCPUs presents a challenge to a scheduling algorithm.

There is complete affinity between two virtual CPUs implemented on the same core via hyper-threading, partial affinity between two cores on the same physical processor (as the cores share some, but not all, cache), and no affinity between separate physical processors. As other resources are also shared, processor affinity alone cannot be used as the basis for CPU dispatching. If a process has recently run on one virtual hyper-threaded CPU in a given core, and that virtual CPU is currently busy but its partner CPU is not, cache affinity would suggest that the process should be dispatched to the idle partner CPU. However, the two virtual CPUs compete for essentially all computing, cache, and memory resources. In this situation, it would typically be more efficient to dispatch the process to a different core or CPU, if one is available. This could incur a penalty when process repopulates the cache, but overall performance could be higher as the process would not have to compete for resources within the CPU.

Specific operating systems[edit]

On Linux, the CPU affinity of a process can be altered with the taskset(1) program[2] and the sched_setaffinity(2) system call. The affinity of a thread can be altered with one of the library functions: pthread_setaffinity_np(3) or pthread_attr_setaffinity_np(3).

On SGI systems, dplace binds a process to a set of CPUs.[3]

On DragonFly BSD 1.9 (2007) and later versions, usched_set system call can be used to control the affinity of a process.[4][5] On NetBSD 5.0, FreeBSD 7.2, DragonFly BSD 4.7 and later versions can use pthread_setaffinity_np and pthread_getaffinity_np.[6] In NetBSD, the psrset utility[7] to set a thread's affinity to a certain CPU set. In FreeBSD, cpuset[8] utility is used to create CPU sets and to assign processes to these sets. In DragonFly BSD 3.1 (2012) and later, usched utility can be used for assigning processes to a certain CPU set.[9]

On Windows NT and its successors, thread and process CPU affinities can be set separately by using SetThreadAffinityMask[10] and SetProcessAffinityMask[11] API calls or via the Task Manager interface (for process affinity only).

macOS exposes an affinity API[12] that provides hints to the kernel how to schedule threads according to affinity sets.

On Solaris it is possible to control bindings of processes and LWPs to processor using the pbind(1)[13] program. To control the affinity programmatically processor_bind(2)[14] can be used. There are more generic interfaces available such as pset_bind(2)[15] or lgrp_affinity_get(3LGRP)[16] using processor set and locality groups concepts.

On AIX it is possible to control bindings of processes using the bindprocessor command[17][18] and the bindprocessor API.[17][19]

See also[edit]

References[edit]

  1. ^'White Paper - Processor Affinity' - From tmurgent.com. Accessed 2007-07-06.
  2. ^taskset(1) – Linux User's Manual – User Commands
  3. ^dplace.1Archived 2007-07-01 at the Wayback Machine - From sgi.com. Accessed 2007-07-06.
  4. ^'usched_set(2) — setting up a proc's usched'. DragonFly System Calls Manual. DragonFly BSD. Retrieved 2019-07-28.
  5. ^'kern/kern_usched.c § sys_usched_set'. BSD Cross Reference. DragonFly BSD. Retrieved 2019-07-28.
  6. ^pthread_setaffinity_np(3) – NetBSD, FreeBSD and DragonFly BSD Library Functions Manual
  7. ^psrset(8) – NetBSD System Manager's Manual
  8. ^cpuset(1) – FreeBSD General Commands Manual
  9. ^'usched(8) — run a program with a specified userland scheduler and cpumask'. DragonFly System Manager's Manual. DragonFly BSD. Retrieved 2019-07-28.
  10. ^SetThreadAffinityMask - MSDN Library
  11. ^SetProcessAffinityMask - MSDN Library
  12. ^'Thread Affinity API Release Notes'. Developer.apple.com.
  13. ^pbind(1M) - Solaris man page
  14. ^processor_bind(2) - Solaris man page
  15. ^pset_bind(2) - Oracle Solaris 11.1 Information Library - man pages section 2
  16. ^lgrp_affinity_get(3LGRP) - Memory and Thread Placement Optimization Developer's Guide
  17. ^ abUmesh Prabhakar Gaikwad; Kailas S. Zadbuke (November 16, 2006). 'Processor affinity on AIX'.
  18. ^'bindprocessor Command'. IBM.
  19. ^'bindprocessor Subroutine'. IBM.
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Processor_affinity&oldid=999661172'
-->

Important

Apple recently changed from using the Apple Device Enrollment Program (DEP) to Apple Automated Device Enrollment (ADE). Intune is in the process of updating the Intune user interface to reflect that. Until such changes are complete, you'll continue to see Device Enrollment Program in the Intune portal. Wherever that is shown, it now uses Automated Device Enrollment.

You can set up Intune enrollment for macOS devices purchased through Apple's Apple Business Manager or Apple School Manager. You can use either of these enrollments for large numbers of devices without ever touching them. You can ship macOS devices directly to users. When the user turns on the device, Setup Assistant runs with preconfigured settings and the device enrolls into Intune management.

To set up enrollment, you use both the Intune and Apple portals. You create enrollment profiles containing settings that applied to devices during enrollment.

Neither Apple Business Manager enrollment or Apple School Manager work with the device enrollment manager.

Prerequisites

  • Devices purchased in Apple School Manager or Apple's Automated Device Enrollment
  • A list of serial numbers or a purchase order number.

Get an Apple ADE token

Before you can enroll macOS devices with ADE or Apple School Manager, you need a token (.p7m) file from Apple. This token lets Intune sync information about the devices that your organization owns. It also lets Intune upload enrollment profiles to Apple and assign these profiles to devices.

You use the Apple portal to create a token. You also use the Apple portal to assign devices to Intune for management.

Step 1. Download the Intune public key certificate required to create the token

  1. In the Microsoft Endpoint Manager admin center, choose Devices > macOS > macOS enrollment > Enrollment Program Tokens > Add.

  2. Grant permission to Microsoft to send user and device information to Apple by selecting I agree.

  3. Choose Download your public key to download and save the encryption key (.pem) file locally. The .pem file is used to request a trust-relationship certificate from the Apple portal.

Step 2. Use your key to download a token from Apple

  1. Choose Create a token for via Apple Business Manager or Create a token via Apple School Manager to open the appropriate Apple portal, and sign in with your company Apple ID. You can use this Apple ID to renew your token.

  2. For DEP, in the Apple portal, choose Get Started for Device Enrollment Program > Manage Servers > Add MDM Server.

  3. For Apple School Manage, in the Apple portal, choose MDM Servers > Add MDM Server.

  4. Enter the MDM Server Name, and then choose Next. The server name is for your reference to identify the mobile device management (MDM) server. It is not the name or URL of the Microsoft Intune server.

  5. The Add <ServerName> dialog box opens, stating Upload Your Public Key. Select Choose File… to upload the .pem file, and then choose Next.

  6. Go to Deployment Programs > Device Enrollment Program > Manage Devices.

  7. Under Choose Devices By, specify how devices are identified:

    • Serial Number
    • Order Number
    • Upload CSV File.

  8. For Choose Action, choose Assign to Server, choose the <ServerName> specified for Microsoft Intune, and then choose OK. The Apple portal assigns the specified devices to the Intune server for management and then displays Assignment Complete.

Step 3. Save the Apple ID used to create this token

In the Microsoft Endpoint Manager admin center, provide the Apple ID for future reference.

Step 4. Upload your token

In the Apple token box, browse to the certificate (.pem) file, choose Open, and then choose Create. With the push certificate, Intune can enroll and manage macOS devices by pushing policy to enrolled devices. Intune automatically synchronizes with Apple to see your enrollment program account.

Create an Apple enrollment profile

Now that you've installed your token, you can create an enrollment profile for devices. A device enrollment profile defines the settings applied to a group of devices during enrollment.

  1. In the Microsoft Endpoint Manager admin center, choose Devices > macOS > macOS Enrollment > Enrollment program tokens.

  2. Select a token, choose Profiles, and then choose Create profile > macOS.

  3. On the Basics page, enter a Name and Description for the profile for administrative purposes. Users do not see these details. You can use this Name field to create a dynamic group in Azure Active Directory. Use the profile name to define the enrollmentProfileName parameter to assign devices with this enrollment profile. Learn more about Azure Active Directory dynamic groups.

  4. For Platform, choose macOS.

  5. Select Next to go to the Management Settings page.

  6. For User Affinity, choose whether or not devices with this profile must enroll with or without an assigned user.

    • Enroll with User Affinity - Choose this option for devices that belong to users and that want to use the Company Portal app for services like installing apps. If using ADFS, user affinity requires WS-Trust 1.3 Username/Mixed endpoint. Learn more.Multifactor authentication is not supported for macOS ADE devices with user affinity.

    • Enroll without User Affinity - Choose this option for device unaffiliated with a single user. Use this for devices that perform tasks without accessing local user data. Apps like the Company Portal app don't work.

  7. If you selected Enroll with User Affinity for the User Affinity field, you now have the option to choose the authentication method to use when authenticating users. For Authentication method, select one of the following options:

    • Setup Assistant (legacy): Use the legacy Setup Assistant if you want users to experience the typical, out-of-box-experience for Apple products. This installs standard preconfigured settings when the device enrolls with Intune management. If you're using Active Directory Federation Services and you're using Setup Assistant to authenticate, a WS-Trust 1.3 Username/Mixed endpoint is required. Learn more.
    • Setup Assistant with modern authentication: This option is in Public Preview. Devices running macOS 10.15 and later can use this method. During the Setup Assistant process on their device, the user must authenticate using their Azure AD credentials. After completing all the Setup Assistant screens, the end user lands on the home page and can freely use the device. The user must then authenticate with Azure AD credentials in the Company Portal before getting access to corporate resources. If a conditional access policy that requires multi-factor authentication (MFA) applies at enrollment or during Company Portal sign in, then MFA is required. However, MFA is optional based on the Azure AD settings in the targeted Conditional Access policy. For more information oh how to get the macOS Company Portal on the users device, see Add the Company Portal for macOS app.

  8. For Locked enrollment, choose whether or not you want locked enrollment for devices using this profile. Yes disables macOS settings that allow the management profile to be removed from the System Preferences menu or through the Terminal. After device enrollment, you cannot change this setting without wiping the device.

  9. Select Next to go to the Setup Assistant page.

  10. On the Setup Assistant page, configure the following profile settings:

    Department settingsDescription
    Department NameAppears when users tap About Configuration during activation.
    Department PhoneAppears when the user clicks the Need Help button during activation.

    You can choose to show or hide a variety of Setup Assistant screens on the device when the user sets it up.

    • If you choose Hide, the screen won't be displayed during setup. After setting up the device, the user can still go in to the Settings menu to set up the feature.
    • If you choose Show, the screen will be displayed during setup. The user can sometimes skip the screen without taking action. But they can then later go into the device's Settings menu to set up the feature.
    Setup Assistant screen settingsIf you choose Show, during setup the device will...
    Location ServicesPrompt the user for their location. For macOS 10.11 and later and iOS/iPadOS 7.0 and later.
    RestoreDisplay the Apps & Data screen. This screen gives the user the option to restore or transfer data from iCloud Backup when they set up the device. For macOS 10.9 and later, and iOS/iPadOS 7.0 and later.
    Apple IDGive the user the options to sign in with their Apple ID and use iCloud. For macOS 10.9 and later, and iOS/iPadOS 7.0 and later.
    Terms and ConditionsRequire the user to accept Apple's terms and conditions. For macOS 10.9 and later, and iOS/iPadOS 7.0 and later.
    Touch IDGive the user the option to set up fingerprint identification for the device. For macOS 10.12.4 and later, and iOS/iPadOS 8.1 and later.
    Apple PayGive the user the option to set up Apple Pay on the device. For macOS 10.12.4 and later, and iOS/iPadOS 7.0 and later.
    SiriGive the user the option to set up Siri. For macOS 10.12 and later, and iOS/iPadOS 7.0 and later.
    Diagnostic DataDisplay the Diagnostics screen to the user. This screen gives the user the option to send diagnostic data to Apple. For macOS 10.9 and later, and iOS/iPadOS 7.0 and later.
    FileVaultDisplay the FileVault 2 encryption screen to the user. For macOS 10.10 and later.
    iCloud diagnosticsDisplay the iCloud Analytics screen to the user. For macOS 10.12.4 and later.
    iCloud StorageDisplay the iCloud Documents and Desktop screen to the user. For macOS 10.13.4 and later.
    Display ToneGive the user the option to turn on Display Tone. For macOS 10.13.6 and later, and iOS/iPadOS 9.3.2 and later.
    AppearanceDisplay the Appearance screen to the user. For macOS 10.14 and later, and iOS/iPadOS 13.0 and later.
    RegistrationDisplay the registration screen to the user. For macOS 10.9 and later.
    Screen TimeDisplay the Screen Time screen. For macOS 10.15 and later, and iOS/iPadOS 12.0 and later.
    PrivacyDisplay the Privacy screen to the user. For macOS 10.13.4 and later, and iOS/iPadOS 11.3 and later.
    AccessibilityDisplay the Accessibility screen to the user. If this screen is hidden, the user won't be able to automatically hear voice over. Voice over is only supported on devices that:
    - Run macOS 11.
    - Are connected to the internet using Ethernet.
    - Have the serial number appear in Apple School Manager or Apple Business Manager.

  11. Select Next to go to the Review + create page.

  12. To save the profile, choose Create.

Sync managed devices

Now that Intune has permission to manage your devices, you can synchronize Intune with Apple to see your managed devices in Intune in the Azure portal.

  1. In the Microsoft Endpoint Manager admin center, choose Devices > macOS > macOS Enrollment > Enrollment program tokens.

  2. Choose a token in the list > Devices > Sync.

    To comply with Apple's terms for acceptable enrollment program traffic, Intune imposes the following restrictions:

    • A full sync can run no more than once every seven days. During a full sync, Intune fetches the complete updated list of serial numbers assigned to the Apple MDM server connected to Intune. After an Enrollment Program device is deleted from Intune portal without being unassigned from the Apple MDM server in the Apple portal, it won't be re-imported to Intune until the full sync is run.
    • If a device is released from ABM/ASM, it can take up to 45 days for it to be automatically deleted from the devices page in Intune. You can manually delete released devices from Intune one by one if needed. Released devices will be accurately reported as being Removed from ABM/ASM in Intune until they are automatically deleted within 30-45 days.
    • A sync is run automatically every 24 hours. You can also sync by clicking the Sync button (no more than once every 15 minutes). All sync requests are given 15 minutes to finish. The Sync button is disabled until a sync is completed. This sync will refresh existing device status and import new devices assigned to the Apple MDM server.

Assign an enrollment profile to devices

You must assign an enrollment program profile to devices before they can enroll.

  1. In the Microsoft Endpoint Manager admin center, choose Devices > macOS > macOS Enrollment > Enrollment program tokens > choose a token in the list.
  2. Choose Devices > choose devices in the list > Assign profile.
  3. Under Assign profile, choose a profile for the devices > Assign.

Assign a default profile

You can pick a default macOS and iOS/iPadOS profile to be applied to all devices enrolling with a specific token.

  1. In the Microsoft Endpoint Manager admin center, choose Devices > macOS > macOS Enrollment > Enrollment program tokens > choose a token in the list.
  2. Choose Set Default Profile, choose a profile in the drop-down list, and then choose Save. This profile will be applied to all devices that enroll with the token.

Affinity Macos X

Distribute devices

You have enabled management and syncing between Apple and Intune, and assigned a profile to let your devices enroll. You can now distribute devices to users. Devices with user affinity require each user be assigned an Intune license. Devices without user affinity require a device license.

Devices registered with ABM/ASM and assigned a profile in Intune can be enrolled:

  • During Setup Assistant for new devices or wiped devices.
  • After Setup Assistant using the profiles command.

Enroll your macOS device registered in ABM/ASM with Automated Device Enrollment during Setup Assistant

Devices configured in ABM/ASM will automatically enroll into management with Intune during Setup Assistant with a Remote Management prompt.

Note

If the device was assigned to a macOS enrollment profile with user affinity, you must sign in to the Company Portal for Azure AD registration and Conditional Access.

Affinity macos download

Enroll your macOS device registered in ABM/ASM with Automated Device Enrollment after Setup Assistant

Affinity Macos Update

For macOS 10.13 and later devices, you can follow these steps to enroll.

  1. In the Apple Business Manager or Apple School Manager portal, import the device.
  2. In the Microsoft Endpoint Manager admin center, make sure that the device is assigned a macOS enrollment profile with or without user affinity.
  3. Log in to the device as a local administrator account.
  4. To trigger enrollment, on the Home page, open Terminal and run the following command:sudo profiles renew -type enrollment
  5. Enter your device password for the local administrator account.
  6. In the Device enrollment window, choose Details.
  7. In the System preferences window, choose Profiles.
  8. Follow the prompts that will download the management profile, certs, and policies from Intune. You can view the profiles on the device anytime by going to System Preferences > Profiles.
  9. If the device was assigned to a macOS enrollment profile with user affinity, you must sign in to the Company Portal for Azure AD registration and Conditional Access.

Renew an ADE token

Affinity Photo Macos Big Sur

  1. Go to business.apple.com and sign in with an account that has the role of Administrator or Device Enrollment Manager.

  2. Choose Settings > under MDM Servers choose your MDM server associated with the token file that you want to renew > Download Token.

  3. Choose Download Server Token.

  4. In the Microsoft Endpoint Manager admin center, choose Device enrollment > Apple Enrollment > Enrollment program tokens > choose the token.

  5. Choose Renew token and enter the Apple ID used to create the original token.

  6. Upload the newly downloaded token.

  7. Choose Renew token. You'll see the confirmation that the token was renewed.

Cpu Affinity Macos

Next steps

Macos Affinity Photo

After enrolling macOS devices, you can start managing them.