Mac MDM, as the name suggests, is mobile device management for Macs. With the advent of modern management, iOS MDM solutions double up as macOS MDM (or OS X MDM) solutions. This requirement arose due to a multitude of devices running on diverse operating systems in organizations. However, to manage and secure these devices and the data contained within brings the need to deploy a mobile device management(MDM) solution. ManageEngine MDM is not just a Mac MDM software but it lets you manage all Apple devices running on iOS, macOS, and tvOS besides Android devices, Chromebooks, and Windows devices, making it more than a Mac MDM solution, as it reduces the time spent in managing an array of devices running on different operating systems from a single console, thereby eliminating the need for multiple device management software.
ManageEngine MDM, the free Mac MDM solution supports the following features to manage machines running on macOS:
Enrollment is the first step under Mac device management. macOS machines which are in use even before setting up ME MDM can be enrolled using MDM. Enrollment can be performed through Invites in case of managing machines present in your inventory. For employee-owned personal machines, using Self Enrollment is ideal. The enrollment URL is accessed to bring machines under management. Supported for macOS 10.7 and above.
Integrating MDM with Apple Business Manager, facilitates out-of-the-box deployment. New machines can be enrolled and brought under management before being handed over to employees. Supported for macOS 10.9 and above.
During enrollment via Apple Business Manager, local admin account can be created on Mac machines to simplify device maintenance, configure system applications, add/remove user accounts, as well as for troubleshooting. Supported for macOS 10.11 and above.
Secure your managed machines and data by defining parameters for a password policy. Supported for macOS 10.7 and above.
In case your organization's security policy prevents users from installing unapproved apps, it is possible to restrict the same using ME MDM. Restrictions related to device functionality, security, location settings, etc can be applied as well. Supported for macOS 10.8 and above.
Wi-Fi and proxy settings for the managed machines can be configured. You can also prevent machines from connecting to unapproved Wi-Fi networks by configuring Restrictions. Supported for macOS 10.7 and above.
VPN and proxy settings can be configured. To know more about the supported types of VPN by MDM, click here. Supported for macOS 10.7 and above.
Data stored in all the managed mac machines can be secured by encrypting them through a single console using FileVault Encryption. Supported for macOS 10.9 and above.
A Firmware password prevents the device from being booted from any internal or external disk other than the default startup disk. This is important to prevent the theft of the physical device. This password can be set in bulk on machines using MDM. Supported for macOS 10.13 and above.
Distribute CA certificates to the managed machines in order to secure and validate any network communication. Supported for macOS 10.7 and above.
In case of large organizations where it is a hectic task to distribute certificates manually, SCEP can be configured for scalable and simplified distribution of unique client certificates. Supported for macOS 10.7 and above.
Conventionally, binding Mac machines to your organization's Active Directory (AD) is a tedious task, requiring the manual intervention of the IT administrator. With MDM, the admin can configure the AD Asset binding policy to remotely bind managed Macs to your AD, without any sort of manual intervention by the admin or user. Supported for macOS 10.9 and above.
To configure policies which MDM does not currently support, create custom configuration profiles using third-party tools like Apple Configurator or ProfileCreator. The supported OS version depends on the policies configured witin the custom profile.
Granular details about the managed machines can be viewed using the remote scan command. Information about the Installed apps, blacklisted apps and restrictions imposed on the machines can be obtained as well. Supported for macOS 10.7 and above.
The IT administrator can remotely lock the managed machines to enhance data security and to also secure any machines that might be lost. Supported for macOS 10.8 and above.
Suppose you require a machine to be handed over to another employee, all the data and settings on the managed machine can be completely wiped. The device will become as good as new. Supported for macOS 10.8 and above.
Only the corporate data and settings pushed using MDM can be removed from the managed machines without deleting any personal data. Supported for macOS 10.7 and above.
The location of a Mac machine can be retrieved which makes it possible to know the whereabouts of a remote employee at work and also secure the device. Supported for macOS 10.7 and above.
Apps purchased via ABM can be silently installed in the managed machines from the MDM server with zero user intervention. Supported for macOS 10.10 and above.
NOTE: It is mandatory to configure an APNs certificate before managing Apple devices using macOS MDM solutions. To know more about the steps involved, click here.