What is Mac MDM?

Mac MDM, as the name suggests, is mobile device management for Macs. With the advent of modern management, iOS MDM solutions double up as macOS MDM (or OS X MDM) solutions. This requirement arose due to a multitude of devices running on diverse operating systems in organizations. However, to manage and secure these devices and the data contained within brings the need to deploy a mobile device management(MDM) solution. ManageEngine MDM is not just a Mac MDM software but it lets you manage all Apple devices running on iOS, macOS, and tvOS besides Android devices, Chromebooks, and Windows devices, making it more than a Mac MDM solution, as it reduces the time spent in managing an array of devices running on different operating systems from a single console, thereby eliminating the need for multiple device management software.

How to manage macOS (and OS X) machines?

ManageEngine MDM, the free Mac MDM solution supports the following features to manage machines running on macOS:

  • Device Enrollment
    • Enroll machines which are already deployed:

      Enrollment is the first step under Mac device management. macOS machines which are in use even before setting up ME MDM can be enrolled using MDM. Enrollment can be performed through Invites in case of managing machines present in your inventory. For employee-owned personal machines, using Self Enrollment is ideal. The enrollment URL is accessed to bring machines under management.

    • Enroll new macOS machines:

      Integrating MDM with Apple Business Manager, facilitates out-of-the-box deployment. New machines can be enrolled and brought under management before being handed over to employees.

    • Automate the creation of a local administrator account on Mac machines:

      During enrollment via Apple Business Manager, local admin account can be created on Mac machines to simplify device maintenance, configure system applications, add/remove user accounts, as well as for troubleshooting.

  • Profile Management
    • Passcode:

      Secure your managed machines and data by defining parameters for a password policy.

    • Device restrictions:

      In case your organization's security policy prevents users from installing unapproved apps, it is possible to restrict the same using ME MDM. Restrictions related to device functionality, security, location settings, etc can be applied as well.

    • Wi-Fi configuration:

      Wi-Fi and proxy settings for the managed machines can be configured. You can also prevent machines from connecting to unapproved Wi-Fi networks by configuring Restrictions.

    • VPN configuration:

      VPN and proxy settings can be configured. To know more about the supported types of VPN by MDM, click here.

    • FileVault Encryption:

      Data stored in all the managed mac machines can be secured by encrypting them through a single console using FileVault Encryption.

    • Firmware Password:

      A Firmware password prevents the device from being booted from any internal or external disk other than the default startup disk. This is important to prevent the theft of the physical device. This password can be set in bulk on machines using MDM.

    • Certificate policy:

      Distribute CA certificates to the managed machines in order to secure and validate any network communication.

    • Simple Certificate Enrollment Protocol (SCEP):

      In case of large organizations where it is a hectic task to distribute certificates manually, SCEP can be configured for scalable and simplified distribution of unique client certificates.

    • AD Asset binding:

      Conventionally, binding Mac machines to your organization's Active Directory (AD) is a tedious task, requiring the manual intervention of the IT administrator. With MDM, the admin can configure the AD Asset binding policy to remotely bind managed Macs to your AD, without any sort of manual intervention by the admin or user.

  • Security Management
    • Remote Scan:

      Granular details about the managed machines can be viewed using the remote scan command. Information about the Installed apps, blacklisted apps and restrictions imposed on the machines can be obtained as well.

    • Remote Lock:

      The IT administrator can remotely lock the managed machines to enhance data security and to also secure any machines that might be lost.

    • Complete Wipe:

      Suppose you require a machine to be handed over to another employee, all the data and settings on the managed machine can be completely wiped. The device will become as good as new.

    • Corporate Wipe:

      Only the corporate data and settings pushed using MDM can be removed from the managed machines without deleting any personal data.

    • Geotracking:

      The location of a Mac machine can be retrieved which makes it possible to know the whereabouts of a remote employee at work and also secure the device.

  • App Management
    • Silent app installation:

      Apps purchased via ABM can be silently installed in the managed machines from the MDM server with zero user intervention.

NOTE: It is mandatory to configure an APNs certificate before managing Apple devices using macOS MDM solutions. To know more about the steps involved, click here.