Skip to main content

Apple Platform Management

SureMDM extends its powerful features to Apple platforms. With SureMDM, organizations can effectively manage and secure their fleet of Apple devices, ensuring seamless administration, enhanced productivity, and robust data protection across their Apple devices. The following options are available under this section:

  • VPP - To assign applications using Apple's Volume Purchase Program (VPP), integrate SureMDM with VPP. This integration enables enterprises to purchase and distribute iOS apps in bulk while managing licenses. Use this section to integrate with VPP. Click here for more information.

  • APNS - Apple Push Notification Service (APNs) is a protocol created by Apple that establishes a secure, persistent connection between MDM solutions like SureMDM and Apple devices. It is requied to perform Remote Management commands such as Enrollment, Device commands, Profile management and Application management. Use this section to create APNs certificate. Click here for more information.

  • ADE - To perform ADE enrollment, SureMDM must be integrated with either Apple Business Manager or Apple School Manager. Use this section to integrate with ADE. Click here for more information.

Miscellaneous Settings

In this section, you can access and configure various Apple management settings to enhance your device management capabilities. The following settings are available in this page with respect to the desired section:

iOS/iPadOS:

i. Enrollment Configuration:

  • Enable Location Tracking: When enabled, the geographical positions of the enrolled devices will be monitored.

ii. Dynamic Configuration:

  • Enable On Demand Location Tracking: This facilitates immediate location tracking but triggers notifications on devices whenever the location is accessed from the console. Multiple notifications are displayed only on iOS 14 and earlier. On iOS 15 and later, only the location icon will be visible, without any message notifications.

  • Enable new NotNow handling: Enable this option to ensure commands are processed correctly for locked devices. When a device is locked and unable to process commands, it will send a NotNow response to the server, which will then stop polling the device. Once the device is unlocked and ready, it will automatically notify the server to process the pending commands.

  • Enable Advanced Update Management: Enable this option to centrally manage OS updates in one place through the OS Update section.

macOS

i. Enrollment Configuration:

  • Restrict Enrollment Profile Removal: Enable this option to require a password when the enrollment profile is removed.

ii. Dynamic Configuration:

  • Recovery PIN(6 Digit): A Recovery PIN is required to reinstall the device’s operating system, and it must be 6 digits in length

  • Allow Disk access for DMG Installations: This will grant required permissions to the SureMDM Agent and SureMDM Agent helper tool, which prevents DMG app installation due to permission issues. Users will see a new profile under 'Settings - Privacy and Security - Profiles - Device(Managed)'.

  • Enable new NotNow handling: Enable this option to ensure commands are processed correctly for locked devices. When a device is locked and unable to process commands, it will send a NotNow response to the server, which will then stop polling the device. Once the device is unlocked and ready, it will automatically notify the server to process the pending commands.

  • Third Party App Update Management: Select the update configuration for Third Party Apps.

    - Immediately: Updates are made available for installation as soon as they are released by the application vendors.
    - After 7 days: Updates become available for installation after a delay of 7 days from its release date.
    - After 10 days: Updates become available for installation after a delay of 10 days from its release date.
    - Never: Updates are never made available automatically. Users will need to manually initiate updates.

  • Auto-Update of SureMDM Agent: Checking this box will allow SureMDM Agent to update automatically whenever a new version becomes available.

  • Auto-Install SureMDM Agent: If unchecked, the SureMDM Agent will not be automatically installed on devices that do not have it installed. This applies to all enrollment types.

  • Enable Advanced Update Management: Enable this option to centrally manage OS updates in one place through the OS Update section.

note
  • Applicable for macOS 11.0 and above.
  • For update/upgrade process, the battery level must be above 50%, and the laptop must be connected to power if the update or upgrade hasn’t been downloaded and prepared.

General Configuration:

i. Apple Configurator:

  • Apple Configurator Enrollment URL: Displays the URL required for enrolling devices via Apple Configurator. This URL is base64-encoded. Enter it in the Host Name or URL text box on the Define an MDM Server page in Apple Configurator during enrollment.

ii. Account Driven User Enrollment:

  • JSON for Account Driven User Enrollment: Copy or download the JSON file to be hosted on your domain for service discovery, allowing Apple to reach the SureMDM service and retrieve enrollment information for account-driven user enrollment.

  • Validate Apple Service Discovery for Account-driven User Enrollment: Verifies the provided JSON configuration for service discovery based on the specified Managed Apple ID or associated verified domain.