Apple Device Management

Apple Device Management supports Apple's enhanced macOS security posture for both MacOS ( 10.13.2+) and iOS while ensuring our applications continue functioning with minimal user intervention. Apple Device Management enables you to send Apple Configuration Profiles to macOS (10.13.2+) and iOS devices to ensure consistent device configuration.

The Apple Device Management feature was previously known as Mac Device Management.

macOS Security Posture

Beginning with macOS 10.13.2, Apple began changing its security posture to prevent third-party applications from unauthorized interaction with the computer. These Apple changes had the following implications for our applications:

  • The security and privacy control settings defaulted to blocked. This forced end-users to grant the required permissions for our applications to access the computer.
  • These privacy and security settings are not remotely configurable through a remote assistance tool so end-users must approve each request. The number of request notifications and configuration requirements can be daunting to end-users. For example, the numerous requests from new software installations or requests for re-authorization on previously permitted applications after an Operating System update can be overwhelming to end-users.
  • If end-users do not grant the required permissions, our applications may not run or they may run but with restricted functions.

To reduce the impact of these implications on our applications, we use Apple's Mobile Device Management (MDM) framework. Beginning with Mac Monitoring Agent 3.4.0 RC and onwards, we use Apple's MDM framework to reduce the volume of end-user notifications from our software and ensure all our installed applications have the required permissions.

Apple's MDM framework enables administrators to securely and remotely configure enrolled devices through profiles. We use Apple Configuration Profiles to grant the access required by our applications by:

  • Silently configuring the computer's security and privacy controls for our software
  • Applying the required permissions to any deployment or update to our applications in the current and future versions of the Operating System

To use Apple Device Management, you must request an Apple Push Notification certificate and upload it to your Dashboard. When the certificate association is in place, the end-user is prompted to enroll in our Apple Device Management service, and the related profile is applied when the Agent updates to version 3.4.0 RC.

To ensure the end-user knows the source of this enrollment request, the prompt dialog contains your Dashboard company name and Agent branding (where selected).

Enrolling the computer in Apple Device Management is a one-time process for the end-user.

Apple Configuration Profiles for macOS and iOS

Apple Configuration Profiles streamline the configuration process. Using Dashboard v202.12.15 or later, use Apple Configuration Profiles to deploy settings securely and remotely from the Dashboard to the following:

  • macOS (10.13.2+) computers enrolled in Apple Device Management
  • iPhones and iPads enrolled in our Mobile Device Management

Apple Configuration Profiles are not supported on devices using macOS 10.12 or earlier. You cannot push Apple Configuration Profiles to those devices.

Permissions

Before using Apple Device Management, we recommend you review your Dashboard Roles and Permissions to ensure the Dashboard users have the required level of access for their role. For example, ensure Dashboard users with that role can manage certificates or deploy profiles and perform actions in Apple Device Management. See Comparison of System Roles to view the default permissions for the system roles.

What do you want to do?