Device Management for Apple

Apple devices—Mac computers, iPhones, iPad tablets, and even Apple TVs—have a built-in framework that supports mobile device management (MDM). MDM lets you securely and remotely configure devices by sending profiles and commands to the device. MDM capabilities include updating software and device settings, monitoring compliance with organizational policies, and managing customer purchased apps.

Device Management for Apple is the N-sight RMM MDM solution. It enables you to use MDM with your monitored macOS (10.13.2+) and iOS (iPhone and iPad) devices so you can configure your devices by sending configuration profiles and commands to them directly from the N-sight RMM Dashboard.

Device Management for Apple also supports Apple's enhanced macOS security framework to ensure our applications continue functioning with minimal user intervention.

Device Management for Apple requires Mac Agent 3.4.0 or later.

Enrollment of Virtual Machines (VMs) in Device Management for Apple is not tested or supported.

Before you can send profiles and commands to devices, you must:

  1. Add a new Apple Push Certificate (or renew)
  2. Enroll devices in Device Management for Apple manually or automatically using Apple Business Manager
  3. Create and upload configuration profiles

After you have devices enrolled in Device Management for Apple and profiles uploaded to N-sight RMM, you can:

  1. Deploy and manage configuration profiles on devices
  2. Send commands to macOS and iOS devices
  3. Monitor and manage mobile devices
  4. Manage App Store purchases

For Mac computers, use Managed Patch for Mac to automatically deploy verified third party updates for supported products via Munki client software (not including App Store purchases).

Permissions

Before using Device Management for Apple, we recommend you review your Dashboard Roles and Permissions to ensure the Dashboard users have the required access level for their role. For information about the permissions for Device Management for Apple, see Default System Role Permissions.

macOS security framework

macOS 10.13.2 or later, includes user data protections, which are managed by Apple's expanded security framework, Transparency Consent and Control (TCC), that prevent third-party applications from unauthorized interaction with the computer. Organizations can use mobile device management (MDM) to remotely manage these security preferences with Apple's Privacy Preferences Policy Control (PPPC) payload.

These enhanced Apple security changes have the following implications for our applications:

  • The security and privacy control settings defaulted to blocked. This forced end users to grant the required permissions for our applications to access the computer.
  • These privacy and security settings are not always remotely configurable through a remote assistance tool so end users must approve each request. The number of request notifications and configuration requirements can be daunting to end users. For example, the numerous requests from new software installations or requests for re-authorization on previously permitted applications after an Operating System update can be overwhelming to end users.
  • If end users do not grant the required permissions, Device Management for Apple may not run or they may run but with restricted functions.

To reduce the impact of these implications on our applications, we use our Device Management for Apple MDM solution, to reduce the volume of end user notifications from our software and ensure all our installed applications have the required permissions.

What do you want to do?