Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
147 results found
-
Allow multiple Software Update Policy for macOS profiles in same group
It should be possible to apply multiple "Software Update Policy for macOS" profiles to a single group if the scopes of the profiles do not overlap. For example, I'd like to enforce a "latest minor update" policy on macOS 14 and 15, plus a latest major version on macOS 13 and below.
4 votesI'm closing this one since the Software Update Policy for macOS profile is largely being deprecated and replaced by the declarative Managed Software Updates and Software Update Settings profiles.
-
ability to play custom sound files as an alert for a end user
We would love to be able to play a custom sound file off an ipad/iphone for a multitude of different reasons.
3 votesClosing due to low volume of requests / high relative effort.
-
Include "less than macOS version" and "greater than macOS version" for profile scoping
It would be very helpful to be able to define "less than" and "greater than" macOS version when scoping profiles. For example, I would prefer to specify "less than macOS 12" for a profile to apply to all versions of macOS 11. As it is, I have to update the maximum OS version every time a new dot release comes out.
10 votesWith the release of Dynamic Groups (as well as Custom Declarations with Custom Predicates), I think this use-case should be solved. If you disagree, please let us know (preferably with details/examples) and we can re-open this. Thanks!
-
Combine assignments into groups for easy viewing
Allow the ability to create a group/folder in the App Assignments menu to allow the grouping of assignments. We will have a lot of iPads that require individual apps. This will make it quite cumbersome to parse through.
If we could group the assignments into a folder and title it based on department, viewing the assignments would be a lot easier.
4 votesClosing since device groups + assignment groups have changed significantly since the time of this post. If this is still valuable, please submit a new request.
-
Build in native support for Nudge
As Mac admins, it's fair to say that the current state of patch management isn't great... and that Nudge is the go to open source tool to get devices patched in a timely fashion. I can also see that other vendors have actually integrated Nudge into their products.
It would be awesome if SimpleMDM would consider something similar - not least because of how well you've integrated Munki.
Selfishly it means I don't have to roll it out myself... ;)
25 votesI am marking this suggestion as declined since SimpleMDM now natively supports Apple's Managed Software Updates declarative configuration, which provides a very similar functionality. If you still feel strongly that a native Nudge integration (in addition to Managed Software Updates) would be highly valuable to you, please feel free to comment or send me an email directly with your justification.
-
Install Managed Software Centre via SimpleMDM
Dear Support,
I have an existing issue going where the managed software centre is not available on the device. I have done several things and the issue is that MSC isn't visible even after re-enrolling the device.
It would be great if there could be a script which we can invoke via a job that would install Managed Software Centre on the client and do a pre-requisite / health check on the client.
1 voteIf the MSC is not installing or behaving as expected, this should be handled through support. Additionally, the "Re-install SimpleMDM Munki" option has been added to Device Actions for troubleshooting/remediating MSC issues.
-
Add the Zoom IT Admin App to the catalog.
In order to block certain login options you have to use the Zoom IT Admin application. I will add the link to the .pkg below. We would like this to be added to the catalog so that it is updated regularly.
Then click the drop down for Download for IT Admin
6 votesAs far as I am aware, the Zoom IT Admin application no longer exists as it once did. If there is another app you'd like to see added from Zoom, please submit a new suggestion. Thanks!
-
The email sent to users added to the mdm portal should indicate the name of the role they have been granted
Currently when a user is added to any role, custom or predefined, they are sent an email saying they have been added as an administrator:
"A SimpleMDM user at [email protected] has granted you administrative permissions to their "XYZ" account."
Ideally the message should indicate the role in particular rather than a blanked "admin", for example if a role named Support is assigned to the user:
"A SimpleMDM user at [email protected] has granted you Support permissions to their "XYZ" account."
1 voteClosing due to inactivity (5+ years no votes/comments)
-
Block/prevent local logins when SAML is enabled
I appreciate that you need to login with a local account to setup the SAML settings initially... but we have a requirement that all access to applications is managed through an IdP and that there's not a "back door" that can bypass the IdP.
We could live with working with support to enable/disable local login if there was an issue with SAML.
Access to MDM grants a lot of power to a fleet of devices - we'd like more central control over who has access...
4 votesClosing due to inactivity and because local logins can be revoked by an admin after SAML logins are created.
-
Fix implementation of System Extensions payload
As documented by Apple (https://developer.apple.com/documentation/devicemanagement/systemextensions) it's an error to include the same Team ID in both the 'AllowedTeamIdentifiers' key as well as the 'AllowedSystemExtensions' key.
In my experience when both a Team ID and specific Bundle Identifiers of System Extensions are included, both these keys are present in the deployed profile.
Given that Apple specifies this as an error and the fact that admins may choose to specify just the Team ID to allow all extensions from a vendor whereas others might wish to only allow the specified extensions, the implementation of this payload should be fixd such…
1 voteSimpleMDM currently handles the Team IDs as you request.
Regarding the Allowed Extension Types, our UI will not always mirror the underlying XML directly. If you would like to allow all acceptable types, you may keep the default check values enabled.
If you are having issues with your particular implementation, please contact support and include the XML that SimpleMDM is delivering to the device so that we can better understand if there is an issue with the profile generation or elsewhere.
-
Add Palo Alto GlobalProtect as VPN option
Having GlobalProtect as a VPN option would be a great addition.
0 votesApple does not currently have support for a GlobalProtect-specific VPN configuration payload. According to Palo Alto Networks’ site (https://www.paloguard.com/datasheets/globalprotect-ds.pdf), the underlying protocol used is IPsec/SSL. You may be able to configure your endpoints using the “IPsec” VPN option in SimpleMDM. We suggest contact Palo Alto Networks for further guidance on their suggested settings when configuring Apple devices to work with their VPN products using MDM.
-
Support normal managed_installs order
Please support the normal managed_installs order, e.g. alphabetical order so that one can specify the order that munki managed installs get installed in by naming packages alphabetically.
0 votesClosing due to inactivity (no votes/comments for 5+ years) and because, as a user pointed out, the requires and update_for keys can be customized in the pkginfo to control this.
-
Multi-device Push Assigned Apps
In the dropdown of individual devices, there is an option in the "Actions" dropdown to "Push Assigned Apps and Media". It would be nice to have this in the main device menu's "Actions" dropdown, which would push apps to all selected devices.
1 voteClosing due to inactivity (5+ years no votes/comments)
-
Please update your invoices.
The invoice numbers are long and the accounting system hates them. Can you also included the start and end dates of the charges invoiced.
Thank you,
Vicki
1 voteClosing due to low volume and invoicing options have changed since time of original request.
-
Add more endpoints to SAML enrolments for full functionality
We are trying to implement our Azure B2C login for authentication into enrolments to help speed up onboarding new customers - we are an MSP.
When we set up SAML for access to the console, we can get it working fine; we can see and access the 'callback' and 'metadata' URL's ie.
https://a.simplemdm.com/admin/auth/saml/123456789123456789/callback
https://a.simplemdm.com/admin/auth/saml/123456789123456789/metadata - Azure B2C needs these address to function.But when we try to set this up for SAML enrolments, both the 'callback' and 'metadata' URL's aren't accessible for the new SAML Audience ie. https://a.simplemdm.com/device/enrollment/authentication/saml/987654321987654321.
Can this be enabled?
21 votesClosing this request because all votes were from the same account that closed years ago. If others have interest in this feature, please open a new request.
-
Add restart option to FileVault profile
Currently, FileVault will not be enabled on MacOS until the user either logs out or logs in, depending on how it is configured. It would be great to add the ability to restart the machine once enrollment is complete to ensure FileVault is enabled as soon as possible.
2 votesApple does not currently support an option within the FileVault configuration payloads to force a restart. However, the option to enforce FileVault encryption does now exist and is supported in SimpleMDM ("Force FileVault to be enabled in Setup Assistant"). This may likely achieve a similar goal. We will monitor Apple developments closely in case any new options related to this become available.
-
Allow management of the DisableFMMiCloudSetting key
A custom profile indicating
<key>DisableFMMiCloudSetting</key>
<true/>
Will disable a user's ability to enable Find My Mac. As a Restrictions profile has the option to manage many other features in the iCloud category (Back to my mac, Document Sync), it would be desirable to also manage this option under the Restrictions: iCloud category.1 voteClosing due to low volume, inactivity, lack of official documentation (not in Apple's MDM spec docs: https://github.com/apple/device-management), and available alternatives (custom config profile).
-
Bring parity to timing options in Apple's Security & Preferences menu
In System preferences, in the Security and Preferences -> General tab, the "Require password <insert timeframe> after sleep or screen saver begins" dropdown has many more granular options than SimpleMDM allows. My company's security policy prefers 5 seconds after lock, but our only close options are immediate or 1 minute after sleep. It would be nice to have parity between the SimpleMDM configuration options and the options Apple allows.
2 votesClosing to due to inactivity and because the Apple's spec only allows us to specify this value in minutes (integer).
-
Update UI to Indicate Custom PKGs Can't Be Removed By MDM
Recently I pushed a custom PKG to a MacBook Air over MDM. While the SimpleMDM interface allows you to "uninstall" the package, nothing actually occurs since this capability is not possible. The lack of clarification from the UI is generally confusing, and it would be nice to update it and save others in the future from the same confusion.
1 voteClosing to due to inactivity and because custom pkgs can now be uninstalled (using Munki integration + "Managed uninstalls")
-
Provide a UI to configure system level DNS over HTTPS (DoH) and DNS over TLS (DoT) for macOS and iOS
Many of us managing devices via MDM have to assume the devices are on networks that are insecure, malicious, or in the best case scenario, not malicious but definitely not private.
The standard way of doing DNS in those environments is unsafe, as the DHCP server can provide any resolver, and the traffic to those servers is made in the clear.
DNS over HTTPS (DoH) and DNS over TLS (DoT) are two options we have to make computing in such environments safer, by ensuring queries are encrypted as they leave the device.
Big Sur and iOS 14 both support this,…
1 voteClosing due to inactivity (5+ years no votes/comments), available alternatives (custom profiles), and lack of specificity (dozens of configs included in the source). I can certainly see the value, but would love more input / specifics to know which configs to prioritize.
- Don't see your idea?