Mac machines need end user approval to manage their devices. An MDM profile is installed in the end user machine to support complete Mac management from deploying configurations to initiating remote sessions. An MDM profile has to be deployed to all machines managed with Endpoint Central MSP after the following prerequisites are met.
The following steps will explain you on how to deploy MDM profiles to Mac devices.
You need to configure NAT settings to manage Desktop & Roaming Users (laptops) which might be out of the reach of your corporate network. This ensures the communication from Desktop & Roaming Users via internet reaches the Central server . NAT settings can be configured in this path: Admin tab > Server Settings > NAT Settings.
All communication between the MDM Profile and Apple devices are routed through the APNS certificate. An APNS certificate is required to secure this communication. Assure a corporate ID is used to create a certificate, as it has to be renewed in a year. Learn more on creating and uploading a APNS certificate.
If the above prerequisites are met, the end user will be prompted via a notification window to install the MDM profile on their device. The end user has to approve to let Endpoint Central MSP manage their Mac device.
How does this Notification window work?
Note: As stated earlier, MDM profile is installed in the end user machine to support all the complete aspects of Mac management. Very soon, Modern Management for Mac will be changed to Complete Management.