Optionally allow webhooks to be configured to pass authorization headers, API Keys, as to add an additional layer of security verify authenticity of API calls from SimpleMDM to external services.

Webclips have to share the name of the profile, our company has a specific naming convention for profiles and sometimes our webclips need to be named differently.

It doesn't look like IKEv2 connection type is supported in the UI. This would be useful with attribute support so that we can add accounts per device and have the username and password assigned in the profile.

As the lead client systems engineer at a medium sized global organization I would like to be able to more granularly delegate current aspects of User Roles in SimpleMDM for a variety of reasons.

Example: I want to allow my Service Desk and Audio Visual team members to move devices into and out of groups to control features like Single Application Lock for appliance iPads, without giving them access to modify account level settings or make changes to the group configurations.

Notification if device is offline for given time. We have some devices in remote locations and would like to be notified if they have not checked in with the MDM for a specified period so that we can investigate why the devices are offline.

At the moment, when you send a remote lock/wipe command - you're required to set a PIN. But that PIN isn't retained by SimpleMDM... which means you're trusting ME to do it... ;)

But more seriously - it would great for that PIN to be viewable in SimpleMDM. My use case? Service desk admin sends a remote lock for a stolen device, finishes their shift, goes home.

Laptop is found, someone else on helpdesk can pick up the ticket, retrieve the PIN, and send it on to the end user.

Linked in some ways to this request https://suggestions.simplemdm.com/forums/204404-suggestions/suggestions/37168075-add-more-granular-simplemdm-user-roles… (and yes, please more granular permissions!)

Would it be possible to restrict access to devices in MDM based on some kind of tagging?

So I can tag devices as “Kiosk” and grant helpdesk full admin access over those devices, but they won’t be able to see or modify devices tagged “user laptop” for example.

At the moment we achieve this using two separate SimpleMDM tenants, which works - but makes our plans to use auto-assignment of devices from Apple Business manager more challenging…

Provide Swagger Documentation for the API
A la https://swagger.io/docs/

Currently I have to list all of the devices in the MDM, and filter after the fact. It would be great to be able to retrieve the devices in a particular group directly.

LockPrimaryAccountInfo and put use of the saml login name
from:
https://developer.apple.com/documentation/devicemanagement/accountconfigurationcommand/command

and if possible collect the users full name from the saml login.

Enrolling devices through Portable hotspot. When targeted devices are connected to admin device hotspot and by entering the user credentials for the login. Hence the mobile device is enrolled and the profiles are pushed.

We have some installation dependencies for applications that we're deploying to macOS, but it doesn't appear possible to specify dependencies for Apps & Media within SimpleMDM. Because of that, we're unable to control the order that those packages are installed in. It would be nice to have the ability to mark certain app install bundles as dependent upon others.

A column indicating whether the device is enrolled via DEP would be a helpful addition to the CSV export.

WARNING tells me something. Doesn't tell me where to go to fix it. Thx

I would like to remotely wipe an Apple TV like I can on JAMF.

When a machine enrolls into MDM via ABM/ASM the current cadence is to install packages before creating the configured account.

This request is to make the account creation happen first so packages that install can use the account that is created by the MDM.

One instance is the ability to install the bootstrap token escrow with the local admin account.  

Okta have nice "Device trust" setting do you guys think it will be possible to cooperate with them and make this happen?

https://help.okta.com/en/prod/Content/Topics/Mobile/Okta_Device_Trust_Jamf_macOS_Devices.htm

It is easy for iOS/Windows but they need some API access to verify device in MDM.

Thanks

We are using few Custom Attributes that can have only some options (like kiosk app). Having drop-down list with options will be really nice.

Then it will allow us to set possible Attributes and help desk will just choice from drop-down list.

Thanks David

It would be excellent to allow a custom URL for the "Welcome screen" contents, including providing drop-in HTML for a "start enrollment" button. This way, we could for example redirect to existing EULA agreement pages and pop the user right back to the SimpleMDM workflow.

Under Passcode Policy, can the option be placed to require a passcode? I could not locate that option anywhere ...