Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
49 results found
-
Build in native support for Nudge
As Mac admins, it's fair to say that the current state of patch management isn't great... and that Nudge is the go to open source tool to get devices patched in a timely fashion. I can also see that other vendors have actually integrated Nudge into their products.
It would be awesome if SimpleMDM would consider something similar - not least because of how well you've integrated Munki.
Selfishly it means I don't have to roll it out myself... ;)
25 votesI am marking this suggestion as declined since SimpleMDM now natively supports Apple's Managed Software Updates declarative configuration, which provides a very similar functionality. If you still feel strongly that a native Nudge integration (in addition to Managed Software Updates) would be highly valuable to you, please feel free to comment or send me an email directly with your justification.
-
Install Managed Software Centre via SimpleMDM
Dear Support,
I have an existing issue going where the managed software centre is not available on the device. I have done several things and the issue is that MSC isn't visible even after re-enrolling the device.
It would be great if there could be a script which we can invoke via a job that would install Managed Software Centre on the client and do a pre-requisite / health check on the client.
1 voteIf the MSC is not installing or behaving as expected, this should be handled through support. Additionally, the "Re-install SimpleMDM Munki" option has been added to Device Actions for troubleshooting/remediating MSC issues.
-
Add the Zoom IT Admin App to the catalog.
In order to block certain login options you have to use the Zoom IT Admin application. I will add the link to the .pkg below. We would like this to be added to the catalog so that it is updated regularly.
Then click the drop down for Download for IT Admin
6 votesAs far as I am aware, the Zoom IT Admin application no longer exists as it once did. If there is another app you'd like to see added from Zoom, please submit a new suggestion. Thanks!
-
Fix implementation of System Extensions payload
As documented by Apple (https://developer.apple.com/documentation/devicemanagement/systemextensions) it's an error to include the same Team ID in both the 'AllowedTeamIdentifiers' key as well as the 'AllowedSystemExtensions' key.
In my experience when both a Team ID and specific Bundle Identifiers of System Extensions are included, both these keys are present in the deployed profile.
Given that Apple specifies this as an error and the fact that admins may choose to specify just the Team ID to allow all extensions from a vendor whereas others might wish to only allow the specified extensions, the implementation of this payload should be fixd such…
1 voteSimpleMDM currently handles the Team IDs as you request.
Regarding the Allowed Extension Types, our UI will not always mirror the underlying XML directly. If you would like to allow all acceptable types, you may keep the default check values enabled.
If you are having issues with your particular implementation, please contact support and include the XML that SimpleMDM is delivering to the device so that we can better understand if there is an issue with the profile generation or elsewhere.
-
Add restart option to FileVault profile
Currently, FileVault will not be enabled on MacOS until the user either logs out or logs in, depending on how it is configured. It would be great to add the ability to restart the machine once enrollment is complete to ensure FileVault is enabled as soon as possible.
2 votesApple does not currently support an option within the FileVault configuration payloads to force a restart. However, the option to enforce FileVault encryption does now exist and is supported in SimpleMDM ("Force FileVault to be enabled in Setup Assistant"). This may likely achieve a similar goal. We will monitor Apple developments closely in case any new options related to this become available.
-
Make macOS DEP-installed Administrator more configurable
First priority: the administrator account should be optional. I install my admin account via a signed package, and go out of my way to disable the simplemdm-created account.
If that's not possible, at least allow me to set the UID of the user to something <500 so it's more invisible to users.
2 votesThe comments on this post have covered most of the points, but the main reason for closing this request is that Apple's MDM spec does not currently give us control over the UID of the auto-admin account. As others have noted, you can optionally hide the auto-admin account from other local users, or prevent it from being created entirely - these settings already exist and are available to all accounts.
-
preset passcodes
I would like to be able to preset a passcode and/ or change the passcode on a device.
5 votesApple does not currently make this possible via MDM.
-
1 vote
-
End user editable Home Screen configurations
Allow home screen configurations to be editable by end users.
I love and want the ability to create a starting home screen configuration for my iPad/iPhone end users - but I absolutely hate that it's then locked so they cannot change it further after that.
Also the iPads with iOS 13 have far more built in applications than what the Home Screen configuration shows, so a dozen apps just end up stuck in the second screen. Also please expand the limit of apps in a folder to more than 9, iOS does not have that small a limitation normally.
4 votesAs it stands, Apple's MDM spec prevents users from editing the home screen layout if it is configured using a profile. Unfortunately Apple does not currently provide a workaround for this (besides not applying the Home Screen Layout profile), so I am closing this request for the time being.
That said, SimpleMDM's Home Screen Layout profile does now support more than 9 apps per folder. That functionality has been added since this request was submitted.
-
Support clearing safari cache
We run websites on kiosk devices with locked down url profile. Would be great to support clearing the cache, or locking the browser to private browsing mode.
3 votesApple does not currently support a mechanism within the MDM spec that provides this ability, so I am closing this request for now. However, we closely monitor for new Apple MDM updates and if this option were to become available we will be sure to take notice.
-
Creating a simple browser app to allow you to run (lock you down to) only 1 website ..
There are lots of businesses that only want staff to access a certain website, but due to Apple's limitations this is impossible.
Suggestion is to create a browser app that can be programmed for only 1 (or more) specific websites. Then integrate it with your mdm for pushing the specific needed site(s)..1 voteHi Paul- you should be able to achieve this using the free Managed View app (available in the App Store and open-source) and managed app configurations within SimpleMDM.
-
Require Passcode?
Under Passcode Policy, can the option be placed to require a passcode? I could not locate that option anywhere ...
2 votesPer Apple's design, applying a Passcode Policy profile to a device will automatically force the user to configure a passcode, so there is no need for an additional step/option to enforce this.
-
allow exceptions to Apps that are restricted due to age restricted profiles
allow exceptions to Apps that are still useful but are restricted to the profile settings.
if your profile settings have age restricted Apps set at 14+, have an exception box to allow Apps that have a 17+ to still function on device.3 votesApple's MDM spec does not currently support this option for the Restrictions profile (or anything equivalent). I am closing the request for now but we would gladly consider implementing this should Apple provide a mechanism in the future.
-
Update Apps when on WiFi
Would love to queue VPP deployed applications to be queued for update when the device is connected to a WiFi network. Currently, it appears that VPP updates happen whenever there is a data connection available, Cell or WiFi.
1 voteDisabling app updates from occurring over cellular is unfortunately not possible with the current Apple MDM specification.
-
Introduce a 'Force Check In' button
Add a button to force all devices to check in. If a device cannot check in after this, then flag it.
This will help identify issues with the installed profile or check in issues.2 votesA "Refresh Inventory" command should do this already. If a device is still not responding (eg. updating the "Last Seen" time), that means there is something preventing the device from receiving MDM commands and/or responding to the MDM server. Apple's MDM protocol does not currently provide a more forceful option, nor is there a way for an MDM to reliably diagnose the reason for a device's inability to respond to a command. For example, if it is a network issue and something is blocking the commands, MDM does not currently get any feedback in order to know the command was blocked by the network.
As it stands, SimpleMDM automatically sends a refresh command to devices hourly. Admins can configure notifications to be sent to them if a device has not checked in for X amount of time.
-
Add macOS minimum requirements for group rules
iOS allows you to specify a minimum requirements for group rules. The aim is to have privacy profiles go to Mojave’s clients only. At the moment have to split into a separate group. Would be nice to be able to have one group and privacy stuff go to 10.14 only
1 vote -
Add custom UID option to macOS account creation on enrollment
The option to skip Setup Assistant's prompt to create a user and create an admin provided account on enrollment is useful.
I'd like to see, if possible, the option to specify the UID of the account that gets created. We have environment specific needs for a specific UID for the account that isn't 501.
11 votesUnfortunately Apple's MDM spec does not currently provide us the ability to specify the UID of the account that gets created during Automated Enrollment (DEP) / Setup Assistant.
I will close this request for now, but we will continue to monitor Apple updates in case this option is added to the MDM spec at some point.
-
Force a landscape or portrait mode.
Make it so you can set your devices to show only in portrait or landscape mode.
3 votesApple's MDM protocol does not currently provide a profile to configure/enforce portrait or landscape mode. The only close exception is when using the Single App Lock profile, there is a "Disable device rotation" option.
-
Completely lock the device
I'd like the ability to prevent someone using a device for a period. This could be combination of a device lock, along with a passcode change, or some "auto" way to push a device into single app mode with the SimpleMDM app as the only one, with a basic "device is locked until xx" message.
This is just a situation where you want to prevent device use until you re-allow it or a way to stop the device being used for anything until a certain time.
If you could do this as a feature, this would be huge with the…
4 votesThis is already available using the Lost Mode command for Supervised iOS devices.
-
Allow quarantine of devices that have older version of an app installed
We regularly deploy enterprise apps and would like to know right away if a particular device has not updated to the latest version for whatever reason.
5 votesThe Quarantine feature has been deprecated (though accounts that were using it still have access to it). If there is a new option that would help, please submit a new suggestion.
- Don't see your idea?