Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
415 results found
-
Support account-driven user enrollment
Initially announced at WWDC21 [1], macOS, iOS, and iPadOS devices starting with iOS15 and macOS Monterey support a workflow called account-driven user enrollment [2]. This workflow differs from the existing user enrollment methodology in that it uses a slightly different protocol and requires the implementation of a session token on the MDM provider side.
We are interested in the account-driven workflow because it removes the need to distribute enrollment profiles or have users visit an enrollment URL and download / install the profile. The improved UX, when combined with this year's promised release of federated authentication to more providers in…
31 votes -
Extend the devices - list profiles API method to return ALL profiles that a device is assigned
The list profiles method in the devices API endpoint only returns profiles that are directly assigned to the device; it would be very helpful to the data returned included all profiles assigned to that device, including profiles assigned through groups, etc, along with an attribute that identifies how the profile is assigned.
16 votes -
Record administrator logins in Logs
Currently, there is no visibility in the logs when an admin session is started from a login. We'd like to see log in and log out for at least "local" SimpleMDM accounts if not IdP initiated sessions as well, populated into the admin namespace. It would be helpful if the logs contained the account email, IP address they are logging in from, and the usual timestamp / "At" value. A user agent value would be a bonus but it's understandable if that's not available.
17 votes -
Device Groups API - add methods
The Device Groups API does not have the following methods:
create, update, remove/delete, it would be very helpful if this endpoint could have those methods added, along with various options such as:create: parameters "name" (required), "lock_screen_message" (optional), and "track_device_location" (optional, default False)
update: parameters "name" (optional), "lock_screen_message" (optional), and "track_device_location" (optional)
delete: parameters: "device_group_id"
Also, the clone method does not currently take any parameters that would allow device group settings to be configured, it would be helpful if the clone method was updated to allow the use of these parameters:
"name" (required), "lock_screen_message" (optional), and "track_device_location" (optional, default False)
12 votes -
Auto-admin password complexity settings
For the auto-admin password generation done by SimpleMDM, it'd be preferable to be able to manage the level of password complexity when the password is generated. Environments can have different password policy rules that all accounts, including MDM generated, need to abide by. The Dude abides.
Password storage apps like 1Password and Keeper offer, at minimum, password length, use of numbers, and use of special characters. See attached.
11 votes -
Support the new minimum macOS version at enrollment feature
Apple's documentation shows that a new feature will allow MDMs to set a minimum version during ADE enrollments. Please support this for testing during the macOS 14 beta cycle.
19 votes -
Improve API docs with examples for each endpoint
SimpleMDM's API documentation (https://api.simplemdm.com/) is inconsistent in what information is included per endpoint. For example, https://api.simplemdm.com/#custom-configuration-profiles shows the response body for a GET call, but the POST (create) section has no usage information. It's up to the user to intuit from other endpoints the format in which those arguments should be.
https://api.simplemdm.com/#custom-attributes shows how to set a value for a device, but not create a new custom attribute globally.
We (the customer) end up making assumptions about API formats which are usually true, but only able to confirm through guessing. It would help to ensure the official docs…
7 votes -
Make the `app_usage_data` portion of Munki optional
Having just confirmed with Eric and others in the Slack channel that SimpleMDM's Munki instance doesn't make use of the
app_usage_datafeature in Munki - would it be possible to create a toggle to turn it off?Additionally there are some global regions where tracking this kind of stuff falls foul of local privacy laws...
...and it's upset my privacy focused end users.
Thanks in advance
11 votes -
Implement Munki managed uninstalls
The SimpleMDM Munki implementation does not currently support managing uninstalls of software as a "pure" deployment of Munki might. Please implement uninstall management.
12 votes -
Implement "force password change when the user authenticates"
As per https://support.apple.com/en-ca/guide/deployment/dep4d6a472a/web, Apple has an API for forcing a user password change. This is useful when updating password policy - passwords that met the old policy but no longer meet the new policy are not evaluated and forced to change. This setting, however, would make it so.
6 votes -
Add Support for Munki Conditionals to SimpleMDM's Munki Implementation
Munki includes the ability to set "conditionals" for items in specific manifests to provide granular controls over the installation or appearance of items.
For example, if I have a multi-site organization, I can set a conditional on a NOPKG item that installs a printer so that the printer install NOPKG only shows up if the device user is connecting to Munki from a specific subnet. This allows me to refine the view of available self-service printers so that, for example, the printers available at Site A only show up if the user's local IP address matches the subnet at Site…
10 votes -
Support custom MDM commands
I'd like to see SimpleMDM support sending custom MDM commands with arbitrary payloads. Advantages being...
- Customers don't have to wait for SimpleMDM to implement new commands to start testing. With WWDC coming up this is especially pressing because new commands and/or keys need to be tested quickly during the summer beta cycle for any chance at improvement.
- Possible to test beta/RSR updates by passing in the product key to a software update command.
- WS1 has this feature and please don't make me say anything nice about WS1.
As an example, here's how WS1 implements it with the author using EnableRemoteDesktop. …
18 votes -
Make logging more detailed for MDM commands
While I appreciate how detailed SimpleMDM logs can be, especially with raw responses from MDM, sometimes they need to provide more detail. For example, when sending an OS update command the log only contains...
"Log Details
Full ID E7B0DBE9-A7C1-4EC8-8CB8-BFA4AB990C59
Created At 2023-08-17 3:34 PM
Namespace device
Type os.update.idle
Level info
Device redacted
UDID F405AA51-FF04-4B71-900F-9C09F0515398
Serial Number redactedMetadata
{
"update_version": "13.5.1"
}
"With OS updates in particular, it's useful to know what mode was used as well. 'downloadonly', 'notifyonly', 'installasap', or 'forceupdate' are all options, but there's no associated data. For some basic commands like…
5 votes -
add the ability to deploy individual files/folders to macOS
I would like the ability to deploy individual files or folders to our Mac devices.
Sometimes an app has an additional config file that needs deployed to make it work. We also use PDQ Connect in our environment, and that allows for us to can create packages that contain .msi, .exe, or PowerShell or CMD scripts, then also have the option to attach additional files to use in the package (see screenshot).
Also, there are times where we may just need to send a file/folder to all devices. Something else besides an app, profile, or script. A simple option to…
3 votes -
Include a 'Devices' (or 'Assigned Devices') tab on a device group page
When inspecting a device group, it would be very helpful and handy to have a tab to inspect/manage the devices associated with that group.
Currently you have to go back to the Groups page, find the desired group, and then click on the number in the Assigned Devices column to look at the devices in that group and perform any management activities on them.7 votes -
Support SCIM provisioning and de-provisioning for admin accounts
SCIM (System for Cross-domain Identity Management) is a REST/JSON protocol defined in RFC 7644 that allows identity providers to direct service providers to make account create, update, and delete actions. It is generally used to pre-provision access for new accounts and de-provision access for accounts that no longer require it.
Please add support for SimpleMDM to work with the SCIM protocol for administrator accounts. A minimum implementation for our purposes would be to create administrator accounts using SCIM at the default permission level, and have the delete function revoke access on the given account. In a perfect world, the SCIM…
12 votes -
Allow setting device naming schemes per enrollment
We use the device naming template under Settings -> General. This works great for our macOS and iOS devices that come in through manual enrollment and ADE as our template contains the serial number attribute, but fails when User Enrolled devices are named because that attribute isn't available. It would be useful to allow us to set a different device naming scheme per enrollment, or at least to set a backup or some sort of logic should one of the attributes be null.
9 votes -
Devices API - Create - Extend method to include optional params for DEP device ID and device name
When creating a device using the Devices API create method (https://api.simplemdm.com/#devices), there are only two parameters that can be passed to it, 'name' and 'group_id'.
It would be very helpful, especially for devices that are expected to go through automated device enrolment, if we could pass a DEP device ID parameter to it so that a DEP device that is not yet enrolled will automatically be assigned to the nominated device group.
If the DEP device id parameter is assigned, then the response probably shouldn't include an enrolment URL, as this param should indicate the device is expected…6 votes -
Prepopulate Job Name Field for New Jobs
When creating a new job please auto populate the Job Name with something unique rather than leaving it blank. For example, something related to the current timescriptnameSerialNumber would be useful.
The admin should be able to edit this prepopulated name if they so wish.
5 votes -
Descriptive page titles
Descriptive page titles would help a lot when navigating history or having lots of tabs open.
6 votes
- Don't see your idea?