Apple Device Management
Available for both macOS and iOS, Apple Device Management supports Apple's enhanced macOS security posture whilst ensuring our applications will continue to function with minimum user intervention. In addition to this, Apple Device Management may be used to send Apple Configuration Profiles to both macOS and iOS devices, ensuring consistent device configuration.
macOS Security Posture
From macOS 10.13.2 Apple began to change its security posture to prevent third-party applications from unauthorized interaction with the computer.
The security and privacy control settings default to blocked and the user must first grant the applications the required permissions before they can access the computer. As these settings relate to privacy and security, they are not remotely configurable through a remote assistance tool.
This can generate numerous notifications and configuration requirements that appear daunting to the end-user as they have to approve each request. Either from new software installations or where previously permitted applications now require re-authorization after an Operating System update.
If the end-user does not allow the required access, then this can prevent the application from running, or the application runs, but with restricted functionality.
To reduce the volume of notification displayed to the end-user from our software and ensure all our installed applications have the required permissions, from Mac Monitoring Agent 3.4.0 RC we utilize Apple’s Mobile Device Management (MDM) framework.
Apple-designed MDM to allow administrators to securely and remotely configure enrolled devices managing this through profiles and we use this to approve any access required by our applications.
Our MDM profile uses this technology to silently configure the computer's security and privacy controls for our software, applying the required permissions to any deployment or update to our applications in both the current and future versions of the Operating System.
To use this functionality, you must first request an Apple Push Notification certificate and upload this to your Dashboard. Once the certificate association is in place, we will prompt the end-user to enroll in our Apple Device Management service and apply the related profile when the Agent updates to version 3.4.0 RC. The dialog contains your Dashboard company name and Agent branding (where selected) to ensure the user knows the source of this enrollment request.
Enrolling the computer in Apple Device Management is a one-time process for the user.
Apple Apple Device Management Apple Configuration Profiles streamline the configuration process by allowing you to securely and remotely deploy settings directly from the Dashboard to Apple Device Management enrolled macOS computers, or iPhones and iPads enrolled in Mobile Device Management from Dashboard 2020.12.15.
Before using Apple Device Management we recommend reviewing your Dashboard Roles and Permissions to ensure the Dashboard users have the required level of access for their role. For example, whether users with that role can manage certificates or deploy profiles and perform actions in Apple Device Management. Visit Comparison of System Roles to view the default permissions for the system roles.
The Apple Device Management feature was previously known as Mac Device Management.
What do you want to do?
- Add a new Apple Push Notification Certificate (also covers certificate renewal)
- Renew the Apple Push Notification Certificate
- Review the macOS End-User Apple Device Management Enrollment process
- Relaunch Apple Device Management Enrollment on a macOS device (Optional)
- Add iPhones and iPads to Mobile Device Management
- iOS Mobile Device Management provisioning
- Learn About Apple Device Management Configuration Profiles
- Issue commands to macOS and iOS devices
- Remove an MDM Enrollment Profile as part of the macOS Agent uninstall
- Choose to Automatically enroll macOS devices