Skip to content

Suggestions

Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!

384 results found

  1. Support more API profile query strings

    To get information about a custom profile through the API the only option is to list them all and then filter out the required data.

    https://api.simplemdm.com/#custom-configuration-profiles

    On a SimpleMDM instance with 100+ profiles, requesting a single page of profiles takes a very long time.

    curl https://a.simplemdm.com/api/v1/custom_configuration_profiles?limit=100 \
      -u ${API_KEY}:
    

    Running the above command takes around 20-30 seconds. However, if there were URL parameters available to map to profile attributes - ID, name, identifier, etc. - the API could return only the one or subset of profiles requested, in turn improving performance. It shouldn't take 30 seconds to return data about…

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    Marking this as completed to give voters their votes back but we will continue working on optimizations. Please feel free to submit new suggestions if there is something more specific you'd like to see.

  2. Report on Rapid Security Response versions

    Apple is adding a new update type to macOS called Rapid Security Responses. These updates change the build version, but not the OS version reported. Instead, the new ProductVersionExtra (sw_vers) and SupplementalOSVersionExtra (MDM query) keys are returned to denote a specific supplemental version only when a RSR is installed. If no RSR is installed the key is not present. Similarly, when using MDM query (simulated with /usr/libexec/mdmclient QueryDeviceInformation) BuildVersion is unchanged, but SupplementalBuildVersion has the correct RSR build.

    $ sw_vers
    ProductName: macOS
    ProductVersion: 13.3
    ProductVersionExtra: (a)
    BuildVersion: 22E7752300f
    
    $ /usr/libexec/mdmclient QueryDeviceInformation
    {
      BuildVersion = 22E5230e;
      OSVersion = "13.3";
    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Support for Munki installer_type "nopkg"

    Munki has a pkginfo key for the installer type "nopkg". In a self-hosted Munki environment, this allows pkginfo files to be added to a repository that do not have an associated .pkg or .dmg file. You can read the Munki Project docs on the feature here: https://github.com/munki/munki/wiki/nopkgs

    This has a variety of uses, because it allows Munki to be used as a general script execution tool. An admin can use any of Munki's installation conditions (package receipt, installs array, installcheck_script, or OnDemand) to then run a pre or postinstall script embedded in the pkginfo.

    One example of how this is…

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Respect local time zone of iOS devices when applying a software update window

    Currently, the software update window is a singular entity, which means some units in Europe would be updating in the middle of the day for units in the USA. Implementing a method to either auto-detect local time of the units or specify a time zone in the profile would help solve this.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Update multiple custom attributes via API

    Currently only one custom attribute can be updated per API call either for a single device or device group.

    https://api.simplemdm.com/#set-value-for-device
    https://api.simplemdm.com/#set-value-for-group

    Say I want to set multiple custom attributes within a single workflow. I need to make as many API calls as there are attributes to update. In my recent work that's four calls which could've been one. This also simplifies developing with the API - don't have to iterate through values along with grokking associated return statuses.

    I'm requesting the functionality to update multiple custom attributes with one API call.

    PUT https://a.simplemdm.com/api/v1/devices/{DEVICE_ID}/custom_attribute_values

    Remove attribute name from endpoint URL and…

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. API support for enabling/disabling Bluetooth of an iOS device

    I have an automated process to configure enrolled devices using SimpleMDM API, and recently there is a need to enable/disable Bluetooth depending on the device groups, which is currently not available for the API.
    I understand that I can use the restrictions profile to prevent supervised devices from changing Bluetooth settings, and I can enable/disable BT from the Devices page, but it would be great if SimpleMDM can add this ability to the API, so I can integrate it into my automated process.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Support RemovableSystemExtensions for System Extension policies

    In Monterey Apple added the RemovableSystemExtensions key to com.apple.system-extension-policy which is required to enable scripted uninstalls of system extensions.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    A "Removable" checkbox option has been added to the System Extensions profile UI to mark each extension as removable (or not). Default state is not removable.

  8. Add Enrollment Date to API

    The enrollment date would be handy to pull via the API

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Allow password rotations via API

    Now that firmware and recovery lock passwords may be rotated via the web interface, it would be great to have that functionality available via the API as well.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. eSIM management aka RefreshCellularPlans command

    Apple introduced iPhones completely without SIM tray in US recently (rest of the world will follow soon), command for managing eSIM is available for some time.

    Implementing command RefreshCellularPlans will help us to streamline our SIM deployment to our users and get rid of plastic waste.

    Please implement RefreshCellularPlans and make available via API.

    https://support.apple.com/en-gb/guide/deployment/dep36c581d6x/web
    https://developer.apple.com/documentation/devicemanagement/update_the_esim_cellular_plan

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. "UpdateOS version" GUI commands available for Macs via the API

    Add the maOS UpdateOS GUI Update commands to the API. Currently only iOS Software Updates are supported in the API

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Manage Non-Custom Profiles via API

    Currently the API has a customconfigurationprofiles endpoint (https://simplemdm.com/docs/api/#custom-configuration-profiles) which can be used to create, modify, and assign/unassign custom profiles. However, there is on way to manage other profile types via the API.

    Say I create a FileVault profile in the web app and then want to assign the profile only to specific Macs using the API. There's not a specific group or device I want to manually assign. Instead I only want to assign to specific endpoints programmatically using a config management tool like Chef or Ansible. Since the profile is not "custom" I am unable…

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Profiles API - add upload/create custom profile method

    The profiles API endpoint doesn't have a method of uploading a custom configuration profile. This means it is not possible to create custom profiles and upload them to SimpleMDM, and then automatically create device group relationships and or assigning scopes to those custom profiles.

    An example where this would be useful is where profiles are managed within a git repo and pushed to SimpleMDM via automated workflows when these profiles are updated with new payloads.

    This upload/create method should also include settings for creating an assignment scope (for example, setting the OS type the profile can be applied to, the…

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  2 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Allow bulk import of GUID and passwords for DEP-created accounts

    Allow for the bulk import of information on DEP auto-created admin accounts. An API or UI that allows for the entry of serial number, GUID, and password for accounts created before the release of the Auto Admin feature. This would permit us to get rotation of the password without having to redeploy.

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    I'm marking this one as closed/completed because, since the initial release of this feature, we added the ability to reset admin passwords for an auto-admin account regardless of whether or not the password was already stored. I believe the current functionality achieves the original intent of this suggestion. If there is additional functionality you'd like to see added related to this, please submit a new suggestion.

  15. Implement Apple Kerberos SSO Extension as a profile

    This is a great tool to sync AD password to the local one. It is somewhat easy to get this done as a custom plist profile. I used the settings from Kandji MDM as reference, a guide from JAMF on how to deploy the Kerberos Extension and Imazing.com profile manager to create the plist file. Imported the custom profile in SimpleMDM, applied to Pilot group and it worked just like intended. This was easy, but it should be made standard.

    A sample plist file is available from https://github.com/ProfileCreator/ProfileManifests/issues/556

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Munki Integration : On-Demand installation

    I wish that the Munki "OnDemand" key that is planned for a PkgInfo is exposed in the declaration of a package in SimpleMDM. That would offer to trigger the installation of a package as needed without an instal / remove cycle.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Expose assignment count for custom profiles via API

    The internal API for profile search https://a.simplemdm.com/admin/profiles.json returns the number of groups and devices assigned to a profile as groupCount and deviceCount.

    Exposing this information to the customconfigurationprofiles "list all" endpoint would make it possible to add a scheduled job to cleanup profiles with 0 installs, so the UI doesn't get clogged up with outdated profiles.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Enable Remote Desktop per enrollment instead of globally

    The new feature to enable remote desktop automatically is great, but we only want to enable it on a certain enrollment, not on all machines.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Add the ability to mark some custom attributes as "secret"

    We're looking at pushing things like wifi passwords to devices using profiles and custom attributes... as we aim to use MIST's multiple PSK option - https://www.mist.com/documentation/multi-psk/

    Each device will have their own wifi password pushed as a custom attribute - but these are effectively passwords. It would be awesome if they could be tagged as secret (like a lot of CI/CD tools allow you to do) and we could log that an admin had viewed them (in the same way unlock PIN and Activation Lock Key access is logged now

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    When editing a custom attribute via Configs > Attributes, you can now select "Mark as secret". When checked, this will prevent users with "Custom attributes marked as secret" permissions disabled for their user role from seeing the values stored for these attributes.

  20. Implement "SetAutoAdminPassword" to allow DEP created admin account password rotation

    SetAutoAdminPassword allows changing the password of a local admin account that was created by Setup
    Assistant during DEP enrollment via the AccountConfiguration command. It is available in macOS v10.11 and
    later. This would be useful to allow admin password rotation. Ideally this would also available via the API.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5 19 20
  • Don't see your idea?

Suggestions

Categories

Feedback and Knowledge Base