Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
49 results found
-
Build in native support for Nudge
As Mac admins, it's fair to say that the current state of patch management isn't great... and that Nudge is the go to open source tool to get devices patched in a timely fashion. I can also see that other vendors have actually integrated Nudge into their products.
It would be awesome if SimpleMDM would consider something similar - not least because of how well you've integrated Munki.
Selfishly it means I don't have to roll it out myself... ;)
25 votesI am marking this suggestion as declined since SimpleMDM now natively supports Apple's Managed Software Updates declarative configuration, which provides a very similar functionality. If you still feel strongly that a native Nudge integration (in addition to Managed Software Updates) would be highly valuable to you, please feel free to comment or send me an email directly with your justification.
-
Install Managed Software Centre via SimpleMDM
Dear Support,
I have an existing issue going where the managed software centre is not available on the device. I have done several things and the issue is that MSC isn't visible even after re-enrolling the device.
It would be great if there could be a script which we can invoke via a job that would install Managed Software Centre on the client and do a pre-requisite / health check on the client.
1 voteIf the MSC is not installing or behaving as expected, this should be handled through support. Additionally, the "Re-install SimpleMDM Munki" option has been added to Device Actions for troubleshooting/remediating MSC issues.
-
Add the Zoom IT Admin App to the catalog.
In order to block certain login options you have to use the Zoom IT Admin application. I will add the link to the .pkg below. We would like this to be added to the catalog so that it is updated regularly.
Then click the drop down for Download for IT Admin
6 votesAs far as I am aware, the Zoom IT Admin application no longer exists as it once did. If there is another app you'd like to see added from Zoom, please submit a new suggestion. Thanks!
-
Fix implementation of System Extensions payload
As documented by Apple (https://developer.apple.com/documentation/devicemanagement/systemextensions) it's an error to include the same Team ID in both the 'AllowedTeamIdentifiers' key as well as the 'AllowedSystemExtensions' key.
In my experience when both a Team ID and specific Bundle Identifiers of System Extensions are included, both these keys are present in the deployed profile.
Given that Apple specifies this as an error and the fact that admins may choose to specify just the Team ID to allow all extensions from a vendor whereas others might wish to only allow the specified extensions, the implementation of this payload should be fixd such…
1 voteSimpleMDM currently handles the Team IDs as you request.
Regarding the Allowed Extension Types, our UI will not always mirror the underlying XML directly. If you would like to allow all acceptable types, you may keep the default check values enabled.
If you are having issues with your particular implementation, please contact support and include the XML that SimpleMDM is delivering to the device so that we can better understand if there is an issue with the profile generation or elsewhere.
-
Add Palo Alto GlobalProtect as VPN option
Having GlobalProtect as a VPN option would be a great addition.
0 votesApple does not currently have support for a GlobalProtect-specific VPN configuration payload. According to Palo Alto Networks’ site (https://www.paloguard.com/datasheets/globalprotect-ds.pdf), the underlying protocol used is IPsec/SSL. You may be able to configure your endpoints using the “IPsec” VPN option in SimpleMDM. We suggest contact Palo Alto Networks for further guidance on their suggested settings when configuring Apple devices to work with their VPN products using MDM.
-
Add restart option to FileVault profile
Currently, FileVault will not be enabled on MacOS until the user either logs out or logs in, depending on how it is configured. It would be great to add the ability to restart the machine once enrollment is complete to ensure FileVault is enabled as soon as possible.
2 votesApple does not currently support an option within the FileVault configuration payloads to force a restart. However, the option to enforce FileVault encryption does now exist and is supported in SimpleMDM ("Force FileVault to be enabled in Setup Assistant"). This may likely achieve a similar goal. We will monitor Apple developments closely in case any new options related to this become available.
-
preset passcodes
I would like to be able to preset a passcode and/ or change the passcode on a device.
5 votesApple does not currently make this possible via MDM.
-
Make macOS DEP-installed Administrator more configurable
First priority: the administrator account should be optional. I install my admin account via a signed package, and go out of my way to disable the simplemdm-created account.
If that's not possible, at least allow me to set the UID of the user to something <500 so it's more invisible to users.
2 votesThe comments on this post have covered most of the points, but the main reason for closing this request is that Apple's MDM spec does not currently give us control over the UID of the auto-admin account. As others have noted, you can optionally hide the auto-admin account from other local users, or prevent it from being created entirely - these settings already exist and are available to all accounts.
-
1 vote
-
Support clearing safari cache
We run websites on kiosk devices with locked down url profile. Would be great to support clearing the cache, or locking the browser to private browsing mode.
3 votesApple does not currently support a mechanism within the MDM spec that provides this ability, so I am closing this request for now. However, we closely monitor for new Apple MDM updates and if this option were to become available we will be sure to take notice.
-
End user editable Home Screen configurations
Allow home screen configurations to be editable by end users.
I love and want the ability to create a starting home screen configuration for my iPad/iPhone end users - but I absolutely hate that it's then locked so they cannot change it further after that.
Also the iPads with iOS 13 have far more built in applications than what the Home Screen configuration shows, so a dozen apps just end up stuck in the second screen. Also please expand the limit of apps in a folder to more than 9, iOS does not have that small a limitation normally.
4 votesAs it stands, Apple's MDM spec prevents users from editing the home screen layout if it is configured using a profile. Unfortunately Apple does not currently provide a workaround for this (besides not applying the Home Screen Layout profile), so I am closing this request for the time being.
That said, SimpleMDM's Home Screen Layout profile does now support more than 9 apps per folder. That functionality has been added since this request was submitted.
-
Creating a simple browser app to allow you to run (lock you down to) only 1 website ..
There are lots of businesses that only want staff to access a certain website, but due to Apple's limitations this is impossible.
Suggestion is to create a browser app that can be programmed for only 1 (or more) specific websites. Then integrate it with your mdm for pushing the specific needed site(s)..1 voteHi Paul- you should be able to achieve this using the free Managed View app (available in the App Store and open-source) and managed app configurations within SimpleMDM.
-
Require Passcode?
Under Passcode Policy, can the option be placed to require a passcode? I could not locate that option anywhere ...
2 votesPer Apple's design, applying a Passcode Policy profile to a device will automatically force the user to configure a passcode, so there is no need for an additional step/option to enforce this.
-
allow exceptions to Apps that are restricted due to age restricted profiles
allow exceptions to Apps that are still useful but are restricted to the profile settings.
if your profile settings have age restricted Apps set at 14+, have an exception box to allow Apps that have a 17+ to still function on device.3 votesApple's MDM spec does not currently support this option for the Restrictions profile (or anything equivalent). I am closing the request for now but we would gladly consider implementing this should Apple provide a mechanism in the future.
-
Update Apps when on WiFi
Would love to queue VPP deployed applications to be queued for update when the device is connected to a WiFi network. Currently, it appears that VPP updates happen whenever there is a data connection available, Cell or WiFi.
1 voteDisabling app updates from occurring over cellular is unfortunately not possible with the current Apple MDM specification.
-
Add macOS minimum requirements for group rules
iOS allows you to specify a minimum requirements for group rules. The aim is to have privacy profiles go to Mojave’s clients only. At the moment have to split into a separate group. Would be nice to be able to have one group and privacy stuff go to 10.14 only
1 vote -
Introduce a 'Force Check In' button
Add a button to force all devices to check in. If a device cannot check in after this, then flag it.
This will help identify issues with the installed profile or check in issues.2 votesA "Refresh Inventory" command should do this already. If a device is still not responding (eg. updating the "Last Seen" time), that means there is something preventing the device from receiving MDM commands and/or responding to the MDM server. Apple's MDM protocol does not currently provide a more forceful option, nor is there a way for an MDM to reliably diagnose the reason for a device's inability to respond to a command. For example, if it is a network issue and something is blocking the commands, MDM does not currently get any feedback in order to know the command was blocked by the network.
As it stands, SimpleMDM automatically sends a refresh command to devices hourly. Admins can configure notifications to be sent to them if a device has not checked in for X amount of time.
-
allow the remote change of ipad unlock credentials
I want to be able to change the lock code of either a single idevice or a groups screen lock credentials
2 votesThis is not something that Apple currently supports via the MDM spec. We will continue monitor Apple updates for options related to this functionality.
-
make profile removal password protected without enrolling with DEP.
make profile removal password protected without enrolling with DEP.
Add the ability to never allow the user to remove the profile from their device.
now the option is only available if you enroll in Apples DEP.
would prefer having the option without enrollment.6 votesApple does not allow password-protected MDM profiles. DEP enrollment is the only current method of setting an MDM profile as unremovable.
-
Bypass certificate expiry on Enterprise ios App
Before using simple MDM we use to install and update manually an Enterprise iOS App on some iPads and we no longer matter about the Enterprise Certificate signing expiry.
Since we use SimpleMDM, we push over the air the app to these iPads. We download the app file .ipa on a computer and add it on the portal.
We have a concern when the enterprise certificate expiry is reached because we have to upload a new version and we can not by pass the expiry. It would be nice to have a feature to bypass this limit and keep the…
3 votesSimpleMDM is not able to circumvent the iOS app licensing policies created by Apple. It is best to keep an active Enterprise Developer account with Apple and resign enterprise apps every three years, using SimpleMDM to distribute the updates.
- Don't see your idea?