Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
401 results found
-
Support API key expiration
API keys currently never expire. A key can be regenerated to effectively expire it, but there's no way to do so by time. I'm specifically asking...
- Add support for API keys to expire after 30, 60, 90 days, by timestamp, or never.
- Optional. Let the API regenerate or expire keys. Ends up being a one key rules them all situation. Up to debate whether this is a secure approach.
1 vote -
Implement more granular API permissions
In https://suggestions.simplemdm.com/forums/204404-suggestions/suggestions/32990482-scope-api-key API permissions were split up to correspond with API endpoints. While a welcome change, it doesn't go far enough in providing granular access to sensitive MDM actions. Since the the /devices endpoint contains so much (device update, info, restart, shut down, lock, erase, etc.) it is a prime target were an API key to be compromised.
I am asking for API permissions to be split up to be even more granular by MDM command. An API key which only needs to enable/disable remote desktop should not also be able to lock or wipe the device. While I don't…
3 votes -
Allow Configurable Log Retention
I would like to be able to customize the log retention filter and length. Not all device logs are needed for longer than 30 days, however important access logs and commands such as locking devices should be able to be kept for much longer.
Alternatively or in addition, having a built in log pipeline to a SIEM would be great. Pulling logs out of the API is a bit of a hassle.1 vote -
API support for enabling/disabling Bluetooth of an iOS device
I have an automated process to configure enrolled devices using SimpleMDM API, and recently there is a need to enable/disable Bluetooth depending on the device groups, which is currently not available for the API.
I understand that I can use the restrictions profile to prevent supervised devices from changing Bluetooth settings, and I can enable/disable BT from the Devices page, but it would be great if SimpleMDM can add this ability to the API, so I can integrate it into my automated process.3 votes -
Report on installed certificates
I'd like to see SimpleMDM report on installed certificates for all device types. A common feature in other MDMs, CertificateListCommand (https://developer.apple.com/documentation/devicemanagement/certificatelistcommand) has been around since iOS 4 and macOS 10.7 (!).
While we have other tools to report on certificates (like osquery), it's useful to have MDM as a data source as well since oftentimes installed certificates originate via profiles. Knowing certificate health within the same product has benefits, and could allow for more advanced certificate management directly in SimpleMDM.
Important fields...
- Certificate name
- CA/issued by
- Expiration
- Current validity status
- If possible, whether…8 votes -
Report on Rapid Security Response versions
Apple is adding a new update type to macOS called Rapid Security Responses. These updates change the build version, but not the OS version reported. Instead, the new ProductVersionExtra (
sw_vers) and SupplementalOSVersionExtra (MDM query) keys are returned to denote a specific supplemental version only when a RSR is installed. If no RSR is installed the key is not present. Similarly, when using MDM query (simulated with /usr/libexec/mdmclient QueryDeviceInformation) BuildVersion is unchanged, but SupplementalBuildVersion has the correct RSR build.$ sw_vers ProductName: macOS ProductVersion: 13.3 ProductVersionExtra: (a) BuildVersion: 22E7752300f
…$ /usr/libexec/mdmclient QueryDeviceInformation { BuildVersion = 22E5230e; OSVersion = "13.3";4 votes -
API: Dont send Filevault keys by default from /devices
Separate the device API so it does not return filevault keys with every device object. Or create a filter to omit the keys.
I keep running into scenarios where using the device API means scrubbing file vault keys every single time I make it get request to https://a.simplemdm.com/api/v1/devices
It gets pretty messy downstream especially with logs.3 votes -
Add "Run Script" option to Actions menu
A “Run Script” option in the Actions menu on both individual devices and any selected devices from a listing would be very helpful. Ideally, clicking it would pop you into the create job UI and pre-populate the “Run on” field with either that one device or any selected devices. This would speed up creating script jobs especially for multiple machines.
3 votes -
Offer access to script jobs from MSC
Not sure if this is possible, but I'd like to be able to assign script jobs, so they'd appear in the MSC. I know this is probably somewhat similar to NoPKG, but it would remove the hassle of authoring the PKG.
1 vote -
Allow for a few different local admin password formats
The current format is often very hard to type (and not easily copied), so it would be helpful if you offered some other password types that were more user and script friendly. 1Password's "memorable" word based passwords are a good example of a strong password, that's also easy type. Bonus points if you omit characters that need to be escaped in scripting (like when using the sysadminctl -secureTokenOn function).
Thanks3 votes -
Add a Dark Mode option
Add an option for dark mode on the web interface.
8 votes -
Support choosing which webhook events to subscribe to per endpoint
https://api.simplemdm.com/#webhooks
The current webhook events are as follows...
device.changed_group
device.enrolled
device.unenrolled
device.lock.enabled
abm.device.addedWhenever any of these events occurs, the webhook endpoint is pinged. However, processing these can get particularly noisy, especially in large environments and (hopefully) as SimpleMDM adds more supported events.
I am asking to add support for selecting which events are subscribed to per webhook endpoint. This way only events needed for a particular workflow are sent and the webhook receiver requires less work to filter out unneeded data.
The UI could look like other SimpleMDM settings with checkboxes for each event, where by default all are…
7 votes -
Add profile.created and profile.deleted webhook events
https://api.simplemdm.com/#webhooks
I am requesting the profile.created and profile.deleted events be added to webhooks. Considering the sensitive nature of profiles, it follows these are events which would be of interest to security and IT teams. For example, if an attacker were to gain access to a SimpleMDM instance and craft a malicious profile.
In our case, most profiles are created through the API. Knowing when a profile is manually created in the web app is an important signal as it could mean someone has maliciously gained access or an impending profile misconfiguration is on the way. We also keep a cache…
4 votes -
Enable adding multiple devices to app assignment groups Via API
It would be nice to be able to add multiple devices using their device ID's to an app assignment group using the API. There is no easy way to add multiple devices to an assignment group unless they are already in a device group, and you may want to add specific devices in ag group rather than the full group for some apps, IE: installers.
6 votes -
Add xcreds as shared app.
Please add XCreds as a shared app. Thanks
1 vote -
SimpleMDM Terraform provider
It would be great if you could create a provider so we can manage SimpleMDM using Terraform :)
Adding a picture of a Capybara walking on water for the wow effect6 votes -
Add Logi Options+ as Shared App
Please add the Logi Options+ as a Shared App. Thanks!
https://www.logitech.com/en-us/software/logi-options-plus.html
1 vote -
Build in native support for Nudge
As Mac admins, it's fair to say that the current state of patch management isn't great... and that Nudge is the go to open source tool to get devices patched in a timely fashion. I can also see that other vendors have actually integrated Nudge into their products.
It would be awesome if SimpleMDM would consider something similar - not least because of how well you've integrated Munki.
Selfishly it means I don't have to roll it out myself... ;)
11 votes -
Support per admin user time zone settings
Under Account > Settings > Time zone an admin can set the global time zone for their entire SimpleMDM instance. This is the timestamp used in logs, enrollment date, etc.
I'd like the ability for each admin user to set their own time zone as well. Having a per account setting is a small quality of life change which makes it easier to grok events. I prefer to read timestamps in my local time. Time data itself should not change, only what's presented to the user.
2 votes -
Support "Non-Removable" flag on deployed iOS Store Apps
As noted here on the SimpleMDM blog, an option was added to iOS starting in 14.x where individual apps can be marked as "non-removable" by the administrator when being deployed.
https://simplemdm.com/blog/mdm-ios-14-macos-11-big-sur/
https://it-training.apple.com/tutorials/deployment/dm195"To prevent a user from uninstalling a managed app, mark the app as nonremovable when you assign the managed app to a user or device. Depending on your MDM solution, you might need to deselect a Removable attribute or set a nonremovable attribute. With your MDM solution, you may also be able to set this attribute on apps that are already installed on a device."
I feel it…
3 votes
- Don't see your idea?