Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
384 results found
-
Support more API profile query strings
To get information about a custom profile through the API the only option is to list them all and then filter out the required data.
https://api.simplemdm.com/#custom-configuration-profiles
On a SimpleMDM instance with 100+ profiles, requesting a single page of profiles takes a very long time.
curl https://a.simplemdm.com/api/v1/custom_configuration_profiles?limit=100 \ -u ${API_KEY}:
Running the above command takes around 20-30 seconds. However, if there were URL parameters available to map to profile attributes - ID, name, identifier, etc. - the API could return only the one or subset of profiles requested, in turn improving performance. It shouldn't take 30 seconds to return data about…
8 votesMarking this as completed to give voters their votes back but we will continue working on optimizations. Please feel free to submit new suggestions if there is something more specific you'd like to see.
-
Report on Rapid Security Response versions
Apple is adding a new update type to macOS called Rapid Security Responses. These updates change the build version, but not the OS version reported. Instead, the new ProductVersionExtra (
sw_vers
) and SupplementalOSVersionExtra (MDM query) keys are returned to denote a specific supplemental version only when a RSR is installed. If no RSR is installed the key is not present. Similarly, when using MDM query (simulated with /usr/libexec/mdmclient QueryDeviceInformation) BuildVersion is unchanged, but SupplementalBuildVersion has the correct RSR build.$ sw_vers ProductName: macOS ProductVersion: 13.3 ProductVersionExtra: (a) BuildVersion: 22E7752300f
…$ /usr/libexec/mdmclient QueryDeviceInformation { BuildVersion = 22E5230e; OSVersion = "13.3";
8 votes -
Support for Munki installer_type "nopkg"
Munki has a pkginfo key for the installer type "nopkg". In a self-hosted Munki environment, this allows pkginfo files to be added to a repository that do not have an associated .pkg or .dmg file. You can read the Munki Project docs on the feature here: https://github.com/munki/munki/wiki/nopkgs
This has a variety of uses, because it allows Munki to be used as a general script execution tool. An admin can use any of Munki's installation conditions (package receipt, installs array, installcheck_script, or OnDemand) to then run a pre or postinstall script embedded in the pkginfo.
One example of how this is…
26 votes -
Respect local time zone of iOS devices when applying a software update window
Currently, the software update window is a singular entity, which means some units in Europe would be updating in the middle of the day for units in the USA. Implementing a method to either auto-detect local time of the units or specify a time zone in the profile would help solve this.
1 vote -
Update multiple custom attributes via API
Currently only one custom attribute can be updated per API call either for a single device or device group.
https://api.simplemdm.com/#set-value-for-device
https://api.simplemdm.com/#set-value-for-groupSay I want to set multiple custom attributes within a single workflow. I need to make as many API calls as there are attributes to update. In my recent work that's four calls which could've been one. This also simplifies developing with the API - don't have to iterate through values along with grokking associated return statuses.
I'm requesting the functionality to update multiple custom attributes with one API call.
PUT https://a.simplemdm.com/api/v1/devices/{DEVICE_ID}/custom_attribute_values
Remove attribute name from endpoint URL and…
19 votes -
API support for enabling/disabling Bluetooth of an iOS device
I have an automated process to configure enrolled devices using SimpleMDM API, and recently there is a need to enable/disable Bluetooth depending on the device groups, which is currently not available for the API.
I understand that I can use the restrictions profile to prevent supervised devices from changing Bluetooth settings, and I can enable/disable BT from the Devices page, but it would be great if SimpleMDM can add this ability to the API, so I can integrate it into my automated process.3 votesThis is now supported: https://api.simplemdm.com/#enable-bluetooth
-
Support RemovableSystemExtensions for System Extension policies
In Monterey Apple added the RemovableSystemExtensions key to com.apple.system-extension-policy which is required to enable scripted uninstalls of system extensions.
9 votesA "Removable" checkbox option has been added to the System Extensions profile UI to mark each extension as removable (or not). Default state is not removable.
-
Add Enrollment Date to API
The enrollment date would be handy to pull via the API
7 votesEnrollment date has been added to the Device Details page and to the Devices API.
-
Allow password rotations via API
Now that firmware and recovery lock passwords may be rotated via the web interface, it would be great to have that functionality available via the API as well.
7 votes -
eSIM management aka RefreshCellularPlans command
Apple introduced iPhones completely without SIM tray in US recently (rest of the world will follow soon), command for managing eSIM is available for some time.
Implementing command RefreshCellularPlans will help us to streamline our SIM deployment to our users and get rid of plastic waste.
Please implement RefreshCellularPlans and make available via API.
https://support.apple.com/en-gb/guide/deployment/dep36c581d6x/web
https://developer.apple.com/documentation/devicemanagement/update_the_esim_cellular_plan6 votes -
"UpdateOS version" GUI commands available for Macs via the API
Add the maOS UpdateOS GUI Update commands to the API. Currently only iOS Software Updates are supported in the API
4 votesThis has been added: https://api.simplemdm.com/#update-os
-
Manage Non-Custom Profiles via API
Currently the API has a customconfigurationprofiles endpoint (https://simplemdm.com/docs/api/#custom-configuration-profiles) which can be used to create, modify, and assign/unassign custom profiles. However, there is on way to manage other profile types via the API.
Say I create a FileVault profile in the web app and then want to assign the profile only to specific Macs using the API. There's not a specific group or device I want to manually assign. Instead I only want to assign to specific endpoints programmatically using a config management tool like Chef or Ansible. Since the profile is not "custom" I am unable…
8 votesThis has been added! Documentation is available here: https://api.simplemdm.com/#profiles
-
Profiles API - add upload/create custom profile method
The profiles API endpoint doesn't have a method of uploading a custom configuration profile. This means it is not possible to create custom profiles and upload them to SimpleMDM, and then automatically create device group relationships and or assigning scopes to those custom profiles.
An example where this would be useful is where profiles are managed within a git repo and pushed to SimpleMDM via automated workflows when these profiles are updated with new payloads.
This upload/create method should also include settings for creating an assignment scope (for example, setting the OS type the profile can be applied to, the…
0 votes -
Allow bulk import of GUID and passwords for DEP-created accounts
Allow for the bulk import of information on DEP auto-created admin accounts. An API or UI that allows for the entry of serial number, GUID, and password for accounts created before the release of the Auto Admin feature. This would permit us to get rotation of the password without having to redeploy.
12 votesI'm marking this one as closed/completed because, since the initial release of this feature, we added the ability to reset admin passwords for an auto-admin account regardless of whether or not the password was already stored. I believe the current functionality achieves the original intent of this suggestion. If there is additional functionality you'd like to see added related to this, please submit a new suggestion.
-
Implement Apple Kerberos SSO Extension as a profile
This is a great tool to sync AD password to the local one. It is somewhat easy to get this done as a custom plist profile. I used the settings from Kandji MDM as reference, a guide from JAMF on how to deploy the Kerberos Extension and Imazing.com profile manager to create the plist file. Imported the custom profile in SimpleMDM, applied to Pilot group and it worked just like intended. This was easy, but it should be made standard.
A sample plist file is available from https://github.com/ProfileCreator/ProfileManifests/issues/556
4 votesThis profile has been added under Configs > Profiles.
-
Munki Integration : On-Demand installation
I wish that the Munki "OnDemand" key that is planned for a PkgInfo is exposed in the declaration of a package in SimpleMDM. That would offer to trigger the installation of a package as needed without an instal / remove cycle.
2 votes -
Expose assignment count for custom profiles via API
The internal API for profile search
https://a.simplemdm.com/admin/profiles.json
returns the number of groups and devices assigned to a profile as groupCount and deviceCount.Exposing this information to the customconfigurationprofiles "list all" endpoint would make it possible to add a scheduled job to cleanup profiles with 0 installs, so the UI doesn't get clogged up with outdated profiles.
4 votes -
Enable Remote Desktop per enrollment instead of globally
The new feature to enable remote desktop automatically is great, but we only want to enable it on a certain enrollment, not on all machines.
5 votes -
Add the ability to mark some custom attributes as "secret"
We're looking at pushing things like wifi passwords to devices using profiles and custom attributes... as we aim to use MIST's multiple PSK option - https://www.mist.com/documentation/multi-psk/
Each device will have their own wifi password pushed as a custom attribute - but these are effectively passwords. It would be awesome if they could be tagged as secret (like a lot of CI/CD tools allow you to do) and we could log that an admin had viewed them (in the same way unlock PIN and Activation Lock Key access is logged now
2 votesWhen editing a custom attribute via Configs > Attributes, you can now select "Mark as secret". When checked, this will prevent users with "Custom attributes marked as secret" permissions disabled for their user role from seeing the values stored for these attributes.
-
Implement "SetAutoAdminPassword" to allow DEP created admin account password rotation
SetAutoAdminPassword allows changing the password of a local admin account that was created by Setup
Assistant during DEP enrollment via the AccountConfiguration command. It is available in macOS v10.11 and
later. This would be useful to allow admin password rotation. Ideally this would also available via the API.11 votesThis is now supported (with some limitations). Documentation is available here: https://help.pdq.com/hc/en-us/articles/5626064805659-macOS-Account-Setup-and-Admin-Passwords
- Don't see your idea?