Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
406 results found
-
10 votes
-
to implement iOS Per-App VPN (Per-App VPN UUID assignment via ApplicationAttributes on managed apps)
for more details see chapter "ApplicationAttributes Sets or Updates the App Attributes for a Managed Application" in
https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/3-MDM_Protocol/MDM_Protocol.html10 votes -
notification when a duplicate serial number enrolls
So - I appreciate this is kind covered here:
But... we're drowning in duplicate entries. Basically they're almost all devices that have gone for repair, resulting in a new UUID (with the occasional virtual machine)
a webhook or other notification when a device with a pre-existing serial number enrols would really help us with our housekeeping.
10 votes -
Schedule Regular Application Updates
Similar to scheduled iOS update policy, we would love to see clients check in for applications in our catalog and perform regular scheduled non-business hours updates. This would be for all Apps (VPP and Enterprise).
When updating enterprise app binaries, users sometimes reject the "Smart Update" if they feel it interrupts their workday, so a regular daily or weekly check in to our catalog by the devices to find the most recent app version available would keep all devices current across both VPP and enterprise apps.
10 votes -
Make logging more detailed for MDM commands
While I appreciate how detailed SimpleMDM logs can be, especially with raw responses from MDM, sometimes they need to provide more detail. For example, when sending an OS update command the log only contains...
"Log Details
Full ID E7B0DBE9-A7C1-4EC8-8CB8-BFA4AB990C59
Created At 2023-08-17 3:34 PM
Namespace device
Type os.update.idle
Level info
Device redacted
UDID F405AA51-FF04-4B71-900F-9C09F0515398
Serial Number redactedMetadata
{
"update_version": "13.5.1"
}
"With OS updates in particular, it's useful to know what mode was used as well. 'downloadonly', 'notifyonly', 'installasap', or 'forceupdate' are all options, but there's no associated data. For some basic commands like…
9 votes -
Add Dock Customization Profiles
The Apple MDM Spec includes huge amounts of dock configuration options for MacOS, but I can only use those with custom configuration profiles at the moment. I would love to be able to choose what items are in the docks for specific profiles, maybe even a UI that would allow us to add Shared and VPP apps to the dock.
9 votes -
Add Device Group to the standard attributes
Adding the devices group to the standard attributes would make it much easier to customize profiles based on the group of the device. This is somewhat possible to do currently with a default value on a custom attribute, but a standard attribute would be preferred.
9 votes -
Support the SCEP payload
We noticed the MDM payload for SCEP is not supported. it would be a great addition. Especially interesting is Dynamic-Microsoft CA mode, so that the payload would be working with OTP on each request to PKI.
9 votes -
Add API endpoints for viewing notes and updating Device information
Currently when you call for a Device via API, it's missing the 'Notes' attribute. It would be helpful to be able to access that.
In addition, an
update
endpoint for Devices would be incredibly helpful so you could change the name/notes on a device.9 votes -
Include copy button for admin password.
With the escrowed admin password feature, it would be helpful to include a small copy button (similar to those seen on code training/doc sites) to easily copy the password.
As it is now, if you reveal the password, then triple click to select, you end up grabbing a carriage return (and text styling) that will make the password invalid when pasted.
9 votes -
Auto-admin password complexity settings
For the auto-admin password generation done by SimpleMDM, it'd be preferable to be able to manage the level of password complexity when the password is generated. Environments can have different password policy rules that all accounts, including MDM generated, need to abide by. The Dude abides.
Password storage apps like 1Password and Keeper offer, at minimum, password length, use of numbers, and use of special characters. See attached.
9 votes -
Naming Script Jobs during creation with API
It seems the SimpleMDM API does not allow assigning a name to a job at creation. From what I could understand, the API gives a default name to the job which is “API Job”.
It could be interesting to allow this customization especially since the name field is mandatory in the UI.
Script Jobs API : https://api.simplemdm.com/#create-8
9 votes -
SimpleMDM granularity
Hi SimpleMDM Dev Team:
Thank you for allowing this space to share creative thought in the ongoing development of SimpleMDM. May some of my ideas have already been discussed, maybe not-- regardless I trust this will be taken into consideration.
Since the slow death of Apple's Profile Manager has left very little control to us in IT as Admins and Engineers, it would be nice to see SimpleMDM pick up the slack and not just fill in the gap but lead with the innovation of a few things in the macOS platform so that many of us can continue to…
8 votes -
Enrollment Setting - Unassign Profiles at Re-Enrollment
We heavily utilize individually assigned profiles for Macs. There are also a few default profiles assigned via group. When a new out-of-box Mac is being enrolled for the first time only those default profiles are installed (around 5). Profiles are installed quickly and reliably. Later on during provisioning our configuration management tool handles installing other required per device profiles.
However, when a Mac from stock is being re-enrolled to be used by another person, every previously assigned profile is installed at setup assistant. Since in my case those individually assigned profiles are usually per user, team, department, etc. and no…
8 votes -
Sort the Scripts -> Jobs -> History tab by newest to oldest by default
Right now, the sorting is by name (I think?) which is not useful. It would be great to show the most recently queued jobs in the history first by default.
8 votes -
create a viewable command queue
I need to be able to see a pending command queue, especially for offline devices. For example, let's say I have a lost/stolen iPad. The device was online yesterday, so I enable lost mode on that device. Since it's not currently online, that command is queued in the background until it's online again, but there is no indication whatsoever that the command is queued up.
8 votes -
SimpleMDM Training and Certification
Why do I ask/suggest?
- It can be great to meet MDM certification requirements from the Apple Consultants Network (for members).
- Learn SimpleMDM from the perspective of the creators. Like best practises, how/why things were created the way they are.
- Impress whoever is impressed by this kind of stuff. Maybe you'll get a raise. And off course get a nice badge for your website or social media! (just kidding)
- (add your suggestions in a reply)8 votes -
Disable ActivationLock via API
It should be possible to disable the ActivationLock via API call, this is specificly helpfull if you want to decomission a device.
8 votes -
API: Dont send Filevault keys by default from /devices
Separate the device API so it does not return filevault keys with every device object. Or create a filter to omit the keys.
I keep running into scenarios where using the device API means scrubbing file vault keys every single time I make it get request to https://a.simplemdm.com/api/v1/devices
It gets pretty messy downstream especially with logs.8 votes -
Include the attribute "DEP Assigned" as one I can use with the new dynamic groups
I can see there's a big list of device attributes that can be used when creating dynamic groups... but alas, "DEP Assigned" isn't one I can use.
I trust Apple Business Manager more than I trust my internal asset management system (sad but true) and would like to be able to assign profiles/apps/things only to devices I know are corporate assets.
My primary use case is assigning an Okta device trust certificate... but I'm sure I'll find more...
At a pinch I could use "DEP Enrolled" but a lot of our "DEP Assigned" devices have been manually enrolled... so it…
7 votes
- Don't see your idea?