After devices in ASM/ABM have synchronised into SimpleMDM, it would be very useful to pre-assign a group (or multiple groups) to any given devices, through the web interface and API.

Ideally it would also be very helpful to pre-assign any attribute that can be assigned when the device has enrolled, so that those attributes can then be applied to the machine once it's enrolled.

These attributes, in particular the device group assignment, should remain sticky after a device is unenrolled from the MDM.

This will allow us to effectively pre-configure a device to go straight into specific groups and to get their configuration quickly.

Some examples where this would be useful for me is being able to specifically pre-configure a test machine that needs to go into a specific device group where profiles are tested, etc, without the fear of having profiles end up in the wrong device group on accident, or having to assign a device to a group after it has enrolled in order to get the right data.

This could currently technically be achieved by some API shenanigans on the machine enrolling, but this is a cumbersome approach.

The device custom attributes from SAML is very handy, but doesn't negate the need to manually configure devices before enrollment for many reasons including that the SAML information will be user-based, whilst we may need to configure device-specific settings before enrolment. In many cases our users have multiple devices, e.g. iPhone + iPad. We may also not necessarily want to force some users to log in when first setting up their device.

After importing devices into DEP/ASM/ABM and assigning them to SimpleMDM, being able to pre-assign the device to a device group would be helpful in getting the device into the correct group on enrolment, rather than waiting for the device to enrol and either manually changing the device settings to the new group, or doing it via the API.

It would also be helpful to pre-supply the device name and other attributes at this point in time as well.

A related feature was released today that may be of interest.

Enrollments that are using SAML authentication can now optionally set the device custom attributes based on any SAML attributes that are sent from the IdP at the time of enrollment. For instance, if your IdP provides an attribute called "department" with the value "DevOps" and a custom attribute exists in SimpleMDM named "department", then "DevOps" will be set as the custom attribute value for the enrolling device.

This option can be enabled under the Authentication section of the Enrollments details screen when "SAML" is selected as the authentication method.

Voting for this!

Came from a company that used JAMF MDM prior to my new company. They had this feature. I miss it alot

+3. This would be very useful. Especially without the feature of Directory Services integration.

+3

Other MDM's provide a visual list of devices assigned to a server in the DEP portal. This gives the ability to scope the devices to different DEP settings before enrolment and therefore control which DEP settings are used and which group is used initially. This would mean you can still automatically assign devices to a single server in the DEP portal but would allow you to preload the configuration the devices pick up at enrolment time.

It would be really useful if I could have devices coming in via DEP be placed into different groups based on device type or other variables. For example, iPhones might go into a Staff Phones group to have passcodes required, iPad Minis go into a Digital Signage group with app lock, and full-size iPads into a visitor sign-in device group.