Manage macOS devices with Mac MDM solutions

Start your free 30-day trial

-

In today's workplace, macOS devices serve as essential work tools that employees rely on to accomplish their tasks efficiently. To keep these devices ready for work, secure, and running smoothly, IT administrators turn to mobile device management (MDM) solutions. These solutions help admins to easily enroll, manage, and control the macOS devices, such as MacBooks, that are used in the organization. Mac device management solutions also make it easy to distribute apps and content to these devices while ensuring important security measures and restrictions are in place.

ManageEngine offers comprehensive MDM capabilities that makes it possible to manage MacBooks, in addition to facilitating the management of iOS, tvOS, Android, Chrome and Windows devices from a single console.

How to manage macOS (and OS X) machines using macOS MDM?

ManageEngine's Mobile Device Manager Plus (MDM), the free Mac MDM solution supports the following features to manage machines running on macOS:

Enrolling devices into MDM for MacBook

ManageEngine's MDM for MacBook, enables admins to automate device enrollment by deploying macOS devices, without any user intervention. This mac device manager also facilitates IT admins to:

  • Enroll machines which are already deployed

    Enrollment is the first step under Mac device management. macOS machines which are in use even before setting up ME MDM can be enrolled using MDM. Enrollment can be performed through Invites in case of managing machines present in your inventory. For employee-owned personal machines, using Self Enrollment is ideal. The enrollment URL is accessed from the Mac machine that needs to be managed by macOS MDM solutions. Supported by MDM for macOS 10.7 and above.

  • Enroll using Apple Business Manager

     Apple Business Manager integrates with device management solutions for Mac to facilitate out-of-the-box deployment, thereby simplifying the first step in Mac device management. New machines can be enrolled and managed by Mac MDM solutions before being handed over to employees. Supported by MDM for macOS 10.9 and above.

  • Automate the creation of a local administrator account on Mac machines

    During enrollment via Apple Business Manager, local admin account can be created on Mac machines to simplify device maintenance, configure system applications, add/remove user accounts, as well as for troubleshooting. Supported by MDM for macOS 10.11 and above.

Associating profiles to devices using an MDM for OS X

Admins can associate security configurations and policies using the Profile Management capabilities of macOS MDM solutions

  • Passcode

    Secure your managed machines and data by defining parameters for a password policy. Supported by MDM for macOS 10.7 and above.

  • Device restrictions

    In case your organization's security policy prevents users from installing unapproved apps, it is possible to restrict the same using ME MDM. Restrictions related to device functionality, security, location settings, etc can be applied as well. Supported by MDM for macOS 10.8 and above.

  • Wi-Fi configuration

    Wi-Fi and proxy settings for the managed machines can be configured. You can also prevent machines from connecting to unapproved Wi-Fi networks (or networks not configured by the MacOS MDM)  by configuring Restrictions. Supported by MDM for macOS 10.7 and above.

  • VPN configuration

    VPN and proxy settings can be configured using Mac device management solutions. To know more about the supported types of VPN by MDM for Mac, click here. Supported by MDM for macOS 10.7 and above.

  • Per-App VPN

    Set up VPN connection for specified business requisite apps and secure corporate data. Supported by MDM for macOS 10.7 and above.

  • Web Content Filter

    Configure plug-ins to manage app and network traffic. Supported by MDM for macOS 10.15 and above.

  • App Notifications

    Enable or disable critical alerts and notifications from specific apps, and restrict notifications from being displayed on the device's lock screen to prevent sensitive data from being exposed. Set up persistent notifications to ensure users acknowledge essential notifications. Supported by MDM for macOS 10.15 and above.

  • FileVault Encryption

    Data stored in all the managed Mac machines can be secured by encrypting them through a single console using FileVault Encryption. Supported by MDM for macOS 10.9 and above.

  • Firewall

    Secure Mac devices from web threats by setting up a firewall, restricting incoming web connections, and blocking or allowing specific apps from receiving incoming network connections.

  • AirPrint

    Configure AirPrint to print documents, images, etc., wirelessly over Wi-Fi from your Mac to AirPrint compatible printers or non-compatible shared printers, without installing any additional app on the machine. Supported by MDM for macOS 10.7 and above.

  • Global HTTP Proxy

    Ensure data security and protect corporate and personal data on the managed mac machines by configuring Global HTTP Proxy and route all the HTTP network traffic through the specified proxy. Supported by MDM for macOS 10.7 and above.

  • Certificate policy

    Distribute CA certificates to the managed machines in order to secure and validate any network communication. Supported by MDM for macOS 10.7 and above.

  • Simple Certificate Enrollment Protocol (SCEP)

    In case of large organizations where it is a hectic task to distribute certificates manually, SCEP can be configured for scalable and simplified distribution of unique client certificates. Supported by MDM for macOS 10.7 and above.

  • AD Asset binding

    Conventionally, binding Mac machines to your organization's Active Directory (AD) is a tedious task, requiring the manual intervention of the IT administrator. With MDM, the admin can configure the AD Asset binding policy to remotely bind managed Macs to your AD, without any sort of manual intervention by the admin or user. Supported by MDM for macOS 10.9 and above.

  • AD Certificate Policy

    Simplify bulk distribution of certificates by leveraging Active Directory, ensuring all devices have the required certificates to securely access corporate resources.

  • Recovery Lock/Firmware Password

    Recovery Lock/Firmware password is a security feature that prevents the device from being booted from any internal or external disk other than the default startup disk. This is important to prevent the theft of the physical device. This password can be set in bulk on machines using MDM. Supported by MDM for macOS 10.13 and above.

  • System Extensions

    Configure System Extensions to Allowlist both Kernel and System Extensions, including Network, Driver and Security extensions and provide access to these extensions. Supported by MDM for macOS 10.13 or later.

  • PPPC

    Configure Privacy Preferences Policy Control (PPPC) in MDM to remotely manage security preferences/permissions such as Accessibility, Camera, etc. With PPPC, you can allow or restrict permissions requested by Mac applications, on the users' behalf. Supported by MDM for macOS 10.14 or later.

  • Custom Configuration

    To configure policies which MDM does not currently support, create custom configuration profiles using third-party tools like Apple Configurator or ProfileCreator. The supported OS version depends on the policies configured within the custom profile.

Secure managed devices using macOS MDM

Mobile Device Manager Plus provides comprehensive security management for macOS devices by executing remote commands on managed devices

  • Remote Scan

    Granular details about the managed machines can be viewed using the remote scan command. Information about the Installed apps, blocklisted apps and restrictions imposed on the machines can be obtained as well. Supported by MDM for macOS 10.7 and above.

  • Remote Lock

    The IT administrator can remotely lock the managed machines to enhance data security and to also secure any machines that might be lost. Supported by MDM for macOS 10.8 and above.

  • Remote shutdown/ restart

    Remotely switch off unattended Mac machines or you can also remotely reboot machines for troubleshooting issues. Supported by MDM for macOS 10.13 and above.

  • Complete Wipe

    Suppose you require a machine to be handed over to another employee, all the data and settings on the managed machine can be completely wiped. The device will become as good as new. Supported by MDM for macOS 10.8 and above.

  • Corporate Wipe

    Only the corporate data and settings pushed using MDM can be removed from the managed machines without deleting any personal data. Supported by MDM for macOS 10.7 and above.

  • Geotracking

    The location of a Mac machine can be retrieved which makes it possible to know the whereabouts of a remote employee at work and also secure the device. Supported by MDM for macOS 10.7 and above.

  • Unlock user account

    If a user has forgotten their password on their Mac and is locked after a certain number of invalid login attempts, you can remotely unlock the user account from the console. Supported by MDM for macOS 10.13 and above.

App management using a Device Manager for Mac devices

By integrating MDM with ABM portal, admins can seamlessly manage app purchases and distribution using location tokens. Location tokens can also help admins purchase location/department specific apps, distribute apps based on the number of licenses owned and also track the number of app licenses purchased. Simplify the installation, update and uninstallation of corporate apps without user intervention using the app management capabilities of the Mac device manager

  • Silent app installation

    Apps purchased via ABM can be silently installed in the managed machines from the MDM server with zero user intervention. Supported by MDM for macOS 10.10 and above.

NOTE: It is mandatory to configure an APNs certificate before managing Apple devices using macOS and OS X mobile device management (MDM) solutions. To know more about the steps involved in configuring an APNs certificate for mac device management tools, click here.

Start your 30-day free trial of Mobile Device Manager Plus to implement comprehensive macOS (including OS X) device management in your organization now!

-
-