Skip to content

Suggestions

Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!

443 results found

  1. Extend the devices - list profiles API method to return ALL profiles that a device is assigned

    The list profiles method in the devices API endpoint only returns profiles that are directly assigned to the device; it would be very helpful to the data returned included all profiles assigned to that device, including profiles assigned through groups, etc, along with an attribute that identifies how the profile is assigned.

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Remove the device name pop-up in the new devices page UI

    The device name pop-up in the new devices page UI is intrusive and makes it difficult to open the device in a new tab

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Monitoring unpatched CVEs

    Interesting post by Graham about using the Sofa feed info to track unpatched CVEs in their mac fleet with osquery.

    https://sofa.macadmins.io

    Last checked: 2024-05-03T20:33:36+00:00Z
    Machine readable feed: v1/macosdatafeed.json

    https://grahamgilbert.com/blog/2024/05/03/investigating-unpatched-cves-with-osquery-and-sofa/

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Option to auto renew ACME Certificates - DDM and Profiles - Managed Device Attestation

    We would like an option to have ACME certificates auto renew. This is a feature currently available for SCEP issued certificates.

    Our use case is using managed device attestation and the new ACME payloads to create certificates that can be used for 802.1x, but we need them to auto renew before they expire (for internal reasons the validity period is 91 days).

    It would also be helpful to provide tokenised values for the CN.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Saving column sorting / pin column

    If device columns can't be custom sorted and saved at this time, it would be nice if the "pin to the left" feature remained pinned - not sure if it times out or reverts after X amount of navigating to different groups, but it doesn't stay pinned too long.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Sort the Scripts -> Jobs -> History tab by newest to oldest by default

    Right now, the sorting is by name (I think?) which is not useful. It would be great to show the most recently queued jobs in the history first by default.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. API - Provide clear documentation about API timeout response object and headers

    In the Sync Profiles API documentation here - https://api.simplemdm.com/#sync-profiles - there is a note indicating this specific endpoint is rate limited to 1 request per 30 seconds, and the header 'X-RateLimit-Reset' can be checked to see when the limit will be reset.

    Can you please include specific examples in the documentation for this particular endpoint that demonstrate what the response headers will look like.

    Additionally, for all API endpoints that have a rate limit, please indicate how the API will respond if the rate limit is hit and whether there will be a header 'X-RateLimit-Reset' value that indicates when that…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Add Reporting Tool

    It'd be great to have a reporting tool in the GUI. This way I can easily look up a specific app and see what version is installed on multiple/all devices. I know there is an API tool but having something in the GUI would be great.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Integrate Google’s Santa project into SimpleMDM?

    The clue is in the name SimpleMDM - your product makes the difficult parts of managing your Mac devices simple - setting up and managing Munki could be challenging, and now the easy to use implementation you’ve provided is a great fit for lots of organisations.

    Can you apply the same magic to Google Santa please?

    https://github.com/google/santa

    Here’s the use case. In our organisation, end users run with administrator access. This empowers them to do all the things they need to do to be productive, and ensures IT isn't a bottleneck…

    …but - with great power comes great responsibility. There’s…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Allow setting device naming schemes per enrollment

    We use the device naming template under Settings -> General. This works great for our macOS and iOS devices that come in through manual enrollment and ADE as our template contains the serial number attribute, but fails when User Enrolled devices are named because that attribute isn't available. It would be useful to allow us to set a different device naming scheme per enrollment, or at least to set a backup or some sort of logic should one of the attributes be null.

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Support custom MDM commands

    I'd like to see SimpleMDM support sending custom MDM commands with arbitrary payloads. Advantages being...

    1. Customers don't have to wait for SimpleMDM to implement new commands to start testing. With WWDC coming up this is especially pressing because new commands and/or keys need to be tested quickly during the summer beta cycle for any chance at improvement.
    2. Possible to test beta/RSR updates by passing in the product key to a software update command.
    3. WS1 has this feature and please don't make me say anything nice about WS1.

    As an example, here's how WS1 implements it with the author using EnableRemoteDesktop. …

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Custom Configuration Profiles API - Download the profile as a JSON object, not a text object

    Currently it looks like the download method for the custom configuration profiles API returns the profile being downloaded as a text object not a JSON object.

    The preferred (at least for me) response object that should be returned is a JSON object in keeping with all other responses.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Apps & Media > Assignment UI redesign

    The user interface for the Apps & Media > Assignment area of SimpleMDM is rather clunky for viewing and adding assignment groups, etc.

    For example, after creating an assignment group to allocate profiles to, picking/selecting a profile is a pain as you have to know the name of a profile in order for it to appear in the list of app/media/profiles that can be added to the group. This is most painful when there are more than three profiles that can be selected (in my particular case there are over twenty profiles that can possibly be selected).

    This part of…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Report on profile status - pending, installed, failed

    SimpleMDM currently only surfaces profile assignment in the main profiles UI. To see the status of a specific profile on a device an admin must navigate to a device record. What information isn't readily available is the status of a profile. Even if it's assigned to 100 devices, there's no way to tell how many of those devices the profile successfully installed.

    Specifically asking...
    - Add three columns to the view at /profiles in the UI - installed, pending, failed.
    - In the profiles and custom profiles API endpoints include data about these status as well.

    The major driver behind…

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. visionOS Management Support

    WIth visionOS 1.1 management is possible. https://github.com/apple/device-management/tree/seed_iOS-17.4_macOS-14.4
    We have an increasing number of devices that we would like to get basic management on.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Route SSO-only users to their account-specific SSO

    When our SSO-only users go to a SimpleMDM bookmark in their browser, they get routed to the email/password login page. Since SSO login (via SAML) requires an organization-specific sign-in page, they don't know where to go to sign in.

    A suggestion that I hope would help here would be to route a user whose account is SSO-only to their organization's SAML login page so that they can complete their sign-in flow. This could either be letting them enter their email on the existing login page or having a button on the page for "Log in via SSO" so they could…

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Introduce source IP based allow listing

    While complex username/password + TOTP requirement is a standard and solid security requirement for administrative access to the SimpleMDM controls, it could be made even stronger with the addition of IP allow listing. I would love to have +1 layer of opt-in friction between the internet at large and a tool has the ability to brick all of my organization's laptops simultaneously.
    If implemented, I'd request that a minimum of 2, preferably 3 remote sources be required before the service could be enabled: this will provide small businesses with redundancy for the event that they change ISPs and cannot bring…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Support for defined build numbers in DDM software update

    It's fantastic that we can get started with DDM software updates... however, I think the protocol does allow for us to push a specific build number.

    This is handy for testing - as I've got a device enrolled in the beta that I'd love to push specific build numbers too, to try out the functionality - without having to reach for DFU mode on a long suffering test system.

    Going forward, it would be fantastic to nudge/enforce specific build numbers for beta testers, so we can ensure testers are all on latest betas where appropriate.

    Thanks :)

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Use a SAN instead of CN when managing certificate renewal

    Currently if an admin wants SimpleMDM to manage the renewal of their SCEP certificates, SimpleMDM bulldozes the CN and replaces it entirely. This is problematic for workflows that require specific values to be in a CN and not a SAN. If possible, please use a SAN to insert any necessary tracking values. Intune is doing this with success (see the blue box at the top of https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep).

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Enrollment Setting - Unassign Profiles at Re-Enrollment

    We heavily utilize individually assigned profiles for Macs. There are also a few default profiles assigned via group. When a new out-of-box Mac is being enrolled for the first time only those default profiles are installed (around 5). Profiles are installed quickly and reliably. Later on during provisioning our configuration management tool handles installing other required per device profiles.

    However, when a Mac from stock is being re-enrolled to be used by another person, every previously assigned profile is installed at setup assistant. Since in my case those individually assigned profiles are usually per user, team, department, etc. and no…

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Suggestions

Categories

Feedback and Knowledge Base