By Rob Potvin — May 15, 2025

The Cookbook: Baking Up Your Perfect Jamf Pro Test VM

Hello Mac admins bakers! If you saw my recent talk, you joined our bakery-themed tour of modern Mac virtualization and how Tart helps whip up clean, repeatable ephemeral VMs. This follow-up “recipe post” blog serves up steps, tools, and a dash of real-world flavor.

🥧

For those that are hungry - here is the actual apple tart recipe

Good News! Apps & Books can now be deployed to macOS 15.4 or later virtual machines. If you manage the VM with MDM, you can install all your Apps from Apple Business Manager or Apple School Manager.

Welcome to “The Cookbook”-your step-by-step recipe for spinning up a fresh, ready-to-enroll macOS VM using Tart, Packer, and Jamf Pro. Whether you’re a seasoned Mac admin or just learning to bake, this guide will help you whip up a reliable test environment in no time.

Session Video

🥣 Ingredients

Tart: The virtualization tool that lets you create and run macOS VMs with ease.
Packer: The automation mixer for building custom VM images
Packer Template: Your base recipe-download a pre-made one or craft your own
Jamf Pro Enrollment Invitation: The secret sauce for rapid device enrollment.
Enrollment URL/Profile: Placed on the VM desktop for easy access during testing.

🧑‍🍳 Step 1: Install Tart

Install via Homebrew
- brew install cirruslabs/cli/tart
Or download the latest release from tart.run.

🧑‍🍳 Step 2: Install Packer

Install via Homebrew
- brew tap hashicorp/tap
- brew install hashicorp/tap/packer

🧑‍🍳 Step 3: Download a Packer Template

Download Here

🧑‍🍳 Step 4: Create a Jamf Pro Enrollment Invitation

↘️

Note: If you don't have SMTP setup this will not work, you could also just fake a server as we don't need to send the mail, just create the invitation

Access Enrollment Invitations

Log in to Jamf Pro
Click Computers in the sidebar
Click Enrollment Invitations in the sidebar
Click New

Configure Invitation Settings

Set an expiration date (optional)
Uncheck require login
Check multiple uses
Select a site (if applicable)

Specify Email Details

Enter the recipient email address(es)

Review and Send

Verify all settings are correct
Click Send to distribute the invitation
Once sent, go back to the created invitation and at bottom copy down the ID.

😱

Keep your invitation ID secure

🧑‍🍳 Step 6: Build and Setup Your VM

Edit your packer file and update the variable default string for:

variable "vm_name" {
  type        = string
  default     = "name_of_vm"
  description = "Name of the virtual machine to create"
}

variable "jamf_url" {
  type        = string
  default     = "https://instance.jamfcloud.com"
  description = "Jamf Cloud URL"
}

variable "jamf_invitation_id" {
  type        = string
  default     = "<idhere>"
  description = "Invitation ID"
}

variable "ipsw_url" {
  type        = string
  default     = "/path/to/ipsw"
  description = "URL to the macOS IPSW file"
}

Use Packer to build your custom image:

Used to validate that there are no errors in your packer file

packer validate apple-tart-enrollment-profile.pkr.hcl

Used to initiliase your packer file and download any plugins

packer init apple-tart-enrollment-profile.pkr.hcl

If all checks out, you can now build

packer build apple-tart-enrollment-profile.pkr.hcl

💁

Don't touch anything! Once the image is installed, tart will launch the VM, don't click around its automatic!

Let the build process happen

Clone and run your VM with Tart:

tart clone your-custom-image my-test-vm
tart set my-test-vm --display-refit --random-serial --random-mac
tart run my-test-vm

🧑‍🍳 Step 7: Enroll and Test

Open the enrollment URL or profile on the VM desktop.
Complete the Jamf Pro enrollment process.
Test policies, scripts, and workflows as needed.

🍰 Serving Suggestions

Version Control: Store your Packer templates in Git for easy updates and collaboration.
Sharing: Push your finished VM images to an OCI registry for team-wide access
Whatif: VM doesn’t enroll, double-check your invitation URL and network settings.