Home » Features >> Configure MDM Profile for Mac
srch-icn
Applicable For Endpoint Central MSP 
 
 

Configure MDM Profile for Mac

Mac machines need end user approval to manage their devices. An MDM profile is installed in the end user machine to support complete Mac management from deploying configurations to initiating remote sessions. An MDM profile has to be deployed to all machines managed with Endpoint Central MSP after the following prerequisites are met.

Prerequisites (for Mac devices):

The following steps will explain you on how to deploy MDM profiles to Mac devices.

Configuring NAT settings

You need to configure NAT settings to manage Desktop & Roaming Users (laptops) which might be out of the reach of your corporate network. This ensures the communication from Desktop & Roaming Users via internet reaches the Central server . NAT settings can be configured in this path: Admin tab > Server Settings > NAT Settings.

Uploading an APNS Certificate

All communication between the MDM Profile and Apple devices are routed through the APNS certificate. An APNS certificate is required to secure this communication. Assure a corporate ID is used to create a certificate, as it has to be renewed in a year. Learn more on creating and uploading a APNS certificate.

Installing MDM profile

If the above prerequisites are met, the end user will be prompted via a notification window to install the MDM profile on their device. The end user has to approve to let Endpoint Central MSP manage their Mac device.

How does this Notification window work?

  • Notification window will pop-up on Endpoint Central MSP agent machines to install the MDM Profile.
  • End-user needs to be an Administrator to install the MDM Profile.
  • If the end-user is a standard user, Endpoint Central MSP Agent will promote the standard user as "Profiles Administrator" so that they can install the MDM profile. The 'Profiles Administrator' permission will be automatically revoked after 100 seconds.

    • DMD profile enrolment

  • The Notification window also provides a "Remind me Later" option that allows End-user to skip the installation for 90 minutes for a maximum of 3 time(s).
  • If the end user doesn't install the MDM profile in those 3 attempts, then it proceeds to a forced installation where the end user is bound to install the MDM profile without any options to ignore or close the notification window. On clicking 'Enroll Now' the following shows up:

    • Unverified profile

  • The administrator has to enter the credentials as shown below. This step will skipped for standard users.

    • Unverified credentials

  • Here's the preview upon successfully installing the MDM profile.

    • Verified profile and agent

 

Note: As stated earlier, MDM profile is installed in the end user machine to support all the complete aspects of Mac management. Very soon, Modern Management for Mac will be changed to Complete Management.