If you're thinking "well, I've seen tricks for automating the install of CLI tools, I could use that + /usr/bin/python3" - if the reason you want python is pyobjc -
That was only shipped with the System python2 install. Dev tools / Xcode python3 doesn't have it.
Definitely reach out to your MDM vendor and ask about support for this.
There's major MDM protocol handholding song-and-dance they'll need to implement for this to even remotely work.
And your clients will need to be receiving ConfigData updates to get that notification bundle that unlocks all this. If you're doing "assisted" updates with managed Software Update settings and those are disabled, your clients will never see the OS upgrade as available.
As a reminder to anyone out there that's dealing with the TLS 1.2 cutover on python's pypi on macOS 10.12: You may still get stung by it if you end up unfortunately needing to deal with setuptools / easy_install packages that you can't get through pip.
This results in a "tlsssl-1.1.0.pkg" package you can install on 10.12 that will hotfix ssl to support TLS 1.1/1.2 in most situations.
Basic usage to get there on 10.12:
- download repo
- cd into code/openssl and run: sudo /usr/bin/python setup.py -vv -p -b -i
- cd into code/tlsssl and run: /usr/bin/python setup.py -vv -b -p