Apple Device Management

Apple Device Management, previously Mac Device Management, supports Apple's enhanced macOS security posture for both MacOS (10.13.2+) and iOS (iPhones and iPads) while ensuring our applications continue functioning with minimal user intervention.

Mac Monitoring Agent 3.4.0 or later is required for Apple Device Management.

Enrollment of Virtual Machines (VMs) in Apple Device Management is not tested or supported.

Apple Device Management enables you to send Apple Configuration Profiles to devices to ensure consistent device configuration and to grant the access required by our applications by:

  • Silently configuring the computer's security and privacy controls for our software
  • Applying the required permissions to any deployment or update to our applications in the current and future versions of the Operating System

With Dashboard v2020.12.15 or later, you use Apple Configuration Profiles to deploy settings securely and remotely from the Dashboard to the following devices that are enrolled in Apple Device Management:

  • macOS (10.13.2+) computers
  • iOS devices (iPhones and iPads)
  • Apple Configuration Profiles are not supported on devices using macOS 10.12 or earlier. You cannot push Apple Configuration Profiles to those devices.

Apple Device Management requires the following actions:

Permissions

Before using Apple Device Management, we recommend you review your Dashboard Roles and Permissions to ensure the Dashboard users have the required access level for their role. For example, ensure Dashboard users with that role can manage certificates or deploy profiles and perform actions in Apple Device Management. See Comparison of System Roles to view the default permissions for the system roles.

macOS Security Posture

Beginning with macOS 10.13.2, Apple began changing its security posture to prevent third-party applications from unauthorized interaction with the computer. These Apple changes had the following implications for our applications:

  • The security and privacy control settings defaulted to blocked. This forced end-users to grant the required permissions for our applications to access the computer.
  • These privacy and security settings are not remotely configurable through a remote assistance tool so end-users must approve each request. The number of request notifications and configuration requirements can be daunting to end-users. For example, the numerous requests from new software installations or requests for re-authorization on previously permitted applications after an Operating System update can be overwhelming to end-users.
  • If end-users do not grant the required permissions, our applications may not run or they may run but with restricted functions.

To reduce the impact of these implications on our applications, we use Apple's Mobile Device Management (MDM) framework. Beginning with Mac Monitoring Agent 3.4.0 RC and onwards, we use Apple's MDM framework to reduce the volume of end-user notifications from our software and ensure all our installed applications have the required permissions.

What do you want to do?