It would be excellent for us if SimpleMDM were included in the list of InTune partners to add compliance state data to Azure Active Directory. This would allow us to establish conditional access policies in SimpleMDM that would be passed up to InTune and then Azure Active Directory, allowing us to ensure that devices used to log in are secure to our standards before access is granted.

https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-partners

https://www.notion.so/help/notion-for-desktop

Many apps now offer separate Intel, Apple Silicon & Universal Binary builds. Knowing which version is available in the shared app catalog will be very useful during the architecture transition.

It would be convenient for administrators to receive e-mail notifications 30 days in advance of a VPP or DEP token's expiration.

Assignment groups and scopes are great, but limited if they don't clean up after themselves. The option to have managed apps automatically uninstall themselves from devices that fall out of the Assignment Group selections would be great. For example, if a device is moved from one Device Group to another then all the apps assigned to the its new Device Group will get installed, but all of the ones from the old Device Group that are not assigned to the Device Group should be automatically uninstalled.

I would like to be able to select a device and have SimpleMDM send me an email notification when the device is next seen. For example, if I have a device that hasn't been seen for a week and I want to know if someone powers it on, I would like to get an email once the device is seen again.

Having the ability to send custom commands to a device in free form would allow administrators to test new commands and observe the behavior before a feature is added in SimpleMDM.
I would like to test more with scheduleosupdate and availableosupdate commands, but there's only an option to Update iOS Version in the UI. What does that do? Send scheduleosupdate with default action?

A freshly built macOS 12.1 machine can only have Remote Desktop / screen sharing enabled using MDM. Currently, this can only be done on a per machine basis using 'Enable Remote Desktop' option or API call. It would be great if we could: -

1. Set 'Remote Desktop Enabled' at a global level for all macOS devices that are in SimpleMDM.

2. Have the ability to set it on multiple machines at once by ticking the box next to the device and setting from the 'Actions' menu.

Scripts and jobs to run them are a fantastic addition but the jobs are single use at that this stage.

The ability to schedule jobs seems like the next logical iteration.

Keep up the good work SimpleMDM

Please consider implementing the Login Window MDM payload settings for Apple devices so that we can assign loginwindow settings (e.g., name/password vs. icon, login banner, etc.) for the loginwindow of macOS devices.

This feature is discussed here: https://support.apple.com/guide/mdm/login-window-payload-settings-mdm2a822b29/web.

In case of loss of the device generating the OTP codes (think stolen / broken phone with Google Authenticator), SimpleMDM offers no way to recover one's account.

Most high-profile services (Google, Facebook, Github, etc.) when activating 2FA offer to save a list of one-time use recovery codes, used to gain access to one's account again. This makes it possible to setup 2FA on a new device.

It would be nice if SimpleMDM had such a feature.

Thanks !

Would it be possible to add FortiClient VPN in the list of apps offered by Munki?

https://www.fortinet.com/support/product-downloads

Thanks!

Custom apps should behave the same way as Shared apps - allowing multiple versions to be uploaded and to have those versions displayed in a drop-down under a single app name under Assignment.

Ideally SimpleMDM’s logic for displaying the custom app would follow what’s already in place for shared apps (which is great btw) specifically:
• only 1 instance of the app is displayed in the Catalog by bundle ID or..?
• the ability to select a specific version of the app in the assignment group

Currently we can delete a managed app from multiple devices, but if the app isnt managed (such as pre0install Apple apps) you have to drill down to each device individually and choose to manage the app before it can be deleted.

Enabling secondary notifications after the initial one as a follow up

http://wrike.com/
The download is only officially available for registered users (even free account), but there are already several autopkg recipes like this:
https://github.com/autopkg/foigus-recipes/blob/master/Wrike/Wrike.download.recipe

At the moment, in the Notification Center, notifications for the Managed Software Center are allowed by default and greyed out. It then doesn't give the choice of turning off these notifications for users that can be easily distracted by any sort of notification

Block or hide to prevent users from turning this on.

Macs with an Apple Silicon processor support running iPadOS apps. This could be nice to allow installing such apps via SimpleMDM.