Device Management for Apple

Device Management for Apple (DMA) is N-central's mobile device management (MDM) solution. MDM solutions are supported by Apple devices—Mac computers, iPhones, iPad tablets, and even Apple TVs—to configure devices securely and remotely.

Using Device Management for Apple, you can securely and remotely configure your Apple devices by sending configuration profiles, commands, and apps to them directly from N-central.

Device Management for Apple also supports Apple's enhanced macOS security framework to ensure our applications continue functioning with minimal user intervention.

Device Management for Apple requires Mac Monitoring Agent 1.2.0 or higher.

Enrollment of Virtual Machines (VMs) in Device Management for Apple is not tested or supported.

This section includes the following topics:

• Requirements for DMA
• Quick Start Guide for DMA
• Apple Push Notification service certificates
• Automated Device Enrollment
• Manual device enrollment
• Configuration profiles
• Device management
• App management

macOS security framework

macOS 10.13.2 or later, includes user data protections, which are managed by Apple's expanded security framework, Transparency Consent and Control (TCC), that prevent third-party applications from unauthorized interaction with the computer. Organizations can use mobile device management solutions to remotely manage these security preferences with Apple's Privacy Preferences Policy Control (PPPC) payload.

These enhanced Apple security changes have the following implications for our applications:

• The security and privacy control settings defaulted to blocked. This forced end users to grant the required permissions for our applications to access the computer.
• These privacy and security settings are not always remotely configurable through a remote assistance tool so end users must approve each request. The number of request notifications and configuration requirements can be daunting to end users. For example, the numerous requests from new software installations or requests for re-authorization on previously permitted applications after an Operating System update can be overwhelming to end users.
• If end users do not grant the required permissions, Device Management for Apple may not run or they may run but with restricted functions.

To reduce the impact of these implications on our applications, we use our Device Management for Apple MDM solution to reduce the volume of end user notifications from our software and ensure all our installed applications have the required permissions.

Updated: Jul 08, 2024