As the lead client systems engineer at a medium sized global organization I would like to be able to more granularly delegate current aspects of User Roles in SimpleMDM for a variety of reasons.

Example: I want to allow my Service Desk and Audio Visual team members to move devices into and out of groups to control features like Single Application Lock for appliance iPads, without giving them access to modify account level settings or make changes to the group configurations.

LockPrimaryAccountInfo and put use of the saml login name
from:
https://developer.apple.com/documentation/devicemanagement/accountconfigurationcommand/command

and if possible collect the users full name from the saml login.

Optionally allow webhooks to be configured to pass authorization headers, API Keys, as to add an additional layer of security verify authenticity of API calls from SimpleMDM to external services.

Notification if device is offline for given time. We have some devices in remote locations and would like to be notified if they have not checked in with the MDM for a specified period so that we can investigate why the devices are offline.

The devices list is super useful and it would be great to add a column that shows the OS version. I know you can export the devices list to get this information, but it would be good to have it front-and-center.

Webclips have to share the name of the profile, our company has a specific naming convention for profiles and sometimes our webclips need to be named differently.

It doesn't look like IKEv2 connection type is supported in the UI. This would be useful with attribute support so that we can add accounts per device and have the username and password assigned in the profile.

Add an event type such as:

{"type":"device.dep_authenticated","at":"2019-09-17T14:46:55.094+00:00", "data":{"user":{"email":"authuser@org.com"},"device"{"serial":"C012345"}}}

The ability to trigger workflows off this and have data such as the user that authenticated the device to enroll and the serial/deviceID would be beneficial.

We run websites on kiosk devices with locked down url profile. Would be great to support clearing the cache, or locking the browser to private browsing mode.

Currently, the API only allows to set a custom profile value for a device, not a default value globally.

Allow home screen configurations to be editable by end users.

I love and want the ability to create a starting home screen configuration for my iPad/iPhone end users - but I absolutely hate that it's then locked so they cannot change it further after that.

Also the iPads with iOS 13 have far more built in applications than what the Home Screen configuration shows, so a dozen apps just end up stuck in the second screen. Also please expand the limit of apps in a folder to more than 9, iOS does not have that small a limitation normally.

There are lots of businesses that only want staff to access a certain website, but due to Apple's limitations this is impossible.
Suggestion is to create a browser app that can be programmed for only 1 (or more) specific websites. Then integrate it with your mdm for pushing the specific needed site(s)..

Linked in some ways to this request https://suggestions.simplemdm.com/forums/204404-suggestions/suggestions/37168075-add-more-granular-simplemdm-user-roles… (and yes, please more granular permissions!)

Would it be possible to restrict access to devices in MDM based on some kind of tagging?

So I can tag devices as “Kiosk” and grant helpdesk full admin access over those devices, but they won’t be able to see or modify devices tagged “user laptop” for example.

At the moment we achieve this using two separate SimpleMDM tenants, which works - but makes our plans to use auto-assignment of devices from Apple Business manager more challenging…

Provide Swagger Documentation for the API
A la https://swagger.io/docs/

Currently I have to list all of the devices in the MDM, and filter after the fact. It would be great to be able to retrieve the devices in a particular group directly.

When a machine enrolls into MDM via ABM/ASM the current cadence is to install packages before creating the configured account.

This request is to make the account creation happen first so packages that install can use the account that is created by the MDM.

One instance is the ability to install the bootstrap token escrow with the local admin account.  

Enrolling devices through Portable hotspot. When targeted devices are connected to admin device hotspot and by entering the user credentials for the login. Hence the mobile device is enrolled and the profiles are pushed.

We have some installation dependencies for applications that we're deploying to macOS, but it doesn't appear possible to specify dependencies for Apps & Media within SimpleMDM. Because of that, we're unable to control the order that those packages are installed in. It would be nice to have the ability to mark certain app install bundles as dependent upon others.

WARNING tells me something. Doesn't tell me where to go to fix it. Thx

I would like to remotely wipe an Apple TV like I can on JAMF.