Management of Mac machines

Using ManageEngine MDM MSP, devices running on iOS, macOS and tvOS can be managed from a single console. This reduces the time and complexity involved in managing an array of devices which are running on different operating systems thereby eliminating the need for multiple device management softwares.

Supported Features:

ManageEngine MDM MSP supports the following features to manage machines running on macOS:

  • Device Enrollment:
    • Enroll machines which are already deployed:

      macOS machines which are in use even before setting up ME MDM can be enrolled using MDM MSP. Enrollment can be performed through Invites in case of managing machines present in your inventory. For employee owned personal machines, using Self Enrollment is ideal. The Enrollment URL is accessed to bring machines under management.

    • Enroll new macOS machines:

      By integrating MDM with Apple Business Manager, out of the box deployment is feasible. New machines which are to be handed over to your employees can be enrolled and brought under management right out of the box.

  • Profile Management:
    • Passcode:

      Secure your managed machines and data by defining parameters for a password policy.

    • Device restrictions:

      Incase your organization's security policy prevents users from installing unapproved apps, it is possible to restrict the same using ME MDM. Restrictions related to device functionality, security, location settings, etc can be applied as well.

    • Wi-Fi configuration:

      Wi-Fi and proxy settings for the managed machines can be configured. You can also prevent machines from connecting to unapproved Wi-Fi networks by configuring Restrictions.

    • VPN configuration:

      VPN and proxy settings can be configured. To know more about the supported types of VPN by MDM MSP, click here.

    • FileVault Encryption:

      Data stored in all the managed mac machines can be secured by encrypting them through a single console using FileVault Encryption.

    • Certificate policy:

      Distribute CA certificates to the managed machines in order to secure and validate any network communication.

    • Simple Certificate Enrollment Protocol (SCEP):

      In case of large organizations where it is a hectic task to distribute certificates manually, SCEP can be configured for scalable and simplified distribution of client certificates.

  • Security Management:
    • Remote Scan:

      Granular details about the managed machines can be viewed using the Scan Now feature. Information about the Installed apps, blacklisted apps and restrictions imposed on the machines can be obtained as well.

    • Remote Lock:

      The IT administrator can remotely lock the managed machines to enhance data security and to also secure any machines that might be lost.

    • Complete Wipe:

      Suppose you require a machine to be handed over to another employee, all the data and settings on the managed machine can be completely wiped. The device will become as good as new.

    • Corporate Wipe:

      Only the corporate data and settings pushed using MDM can be removed from the managed machines without deleting any personal data.

  • App Management:
    • Silent app installation:

      Apps purchased via ABM can be silently installed in the managed machines from the MDM MSP server with zero user intervention.

NOTE: It is mandatory to configure an APNs certificate before managing Apple devices using MDM MSP. To know more about the steps involved, click here.