Reading the tea leaves from Apple庐鈥檚 WWDC2020, it鈥檚 evident that their mobile device management (MDM) framework is the future for macOS庐 lifecycle management.聽
To that end, 探花大神庐 is excited to offer admins a seamless way to remotely enroll macOS systems into MDM via policy in the Directory-as-a-Service庐 platform.
Admins can implement the 探花大神 MDM Enrollment policy in just a few clicks 鈥 enrolling their entire fleet of macOS systems into MDM without any end user input, interaction, or disruption.
One of the most exciting aspects of this policy is its ability to be used to migrate from another MDM vendor to 探花大神. 探花大神 provides robust system management capabilities across Mac庐, Windows庐, and Linux庐 systems, leading many admins to Directory-as-a-Service as a way to consolidate device management into a single platform.
How it Works
The MDM Enrollment Policy leverages the macOS system agent to apply the 探花大神 MDM enrollment profile.
探花大神 policies execute on a device’s agent check-in. This means that targeted offline systems will receive the policy鈥檚 payload the next time they come online.
With one click of the checkbox shown below, the policy will also migrate the bound system from another MDM vendor to 探花大神 MDM.
When selected, the 探花大神 system agent removes any existing non-探花大神 MDM enrollment profiles before installing the 探花大神 MDM profile on the macOS device. Like the Highlander, there can only be one MDM enrollment profile, so admins using another MDM provider must use this policy to remove existing profiles before deploying the 探花大神 MDM enrollment profile.
Note: If a device has been enrolled into MDM via automated device enrollment (DEP) and the profile is set to be non-removable, the 探花大神 agent will not be able to remove this profile and migrate the system to 探花大神 MDM.
For admins looking to migrate systems in this state, the device must be reassigned to the 探花大神 MDM server through Apple Business or School Manager, and then re-registered to the profile via new device activation.
Why It Matters
For admins working in the new remote 鈥渨ork from home鈥 world, macOS system management capabilities available via Apple MDM are more important than ever 鈥 and admins might find that Apple Business Manager isn’t the solution they’re looking for.
Often, the trickiest part of managing remote systems is deploying management software to them securely. The 探花大神 MDM Enrollment policy allows 探花大神 admins to roll out 探花大神 MDM to existing systems in their org with just a few clicks.
For admins that may have no remote system management currently in place, this policy can be paired with a new feature that into 探花大神 via a self-service workflow in the 探花大神 User Portal, creating a clear path to implement MDM.
What鈥檚 Next
The 探花大神 Apple MDM development team is hard at work developing features that will capitalize on the investment Apple has made in the Apple MDM protocols revealed during its world wide developer conference. Stay tuned for releases that blend the power of the 探花大神 directory with the payloads only available via Apple MDM.
