Linked in some ways to this request https://suggestions.simplemdm.com/forums/204404-suggestions/suggestions/37168075-add-more-granular-simplemdm-user-roles… (and yes, please more granular permissions!)

Would it be possible to restrict access to devices in MDM based on some kind of tagging?

So I can tag devices as “Kiosk” and grant helpdesk full admin access over those devices, but they won’t be able to see or modify devices tagged “user laptop” for example.

At the moment we achieve this using two separate SimpleMDM tenants, which works - but makes our plans to use auto-assignment of devices from Apple Business manager more challenging…

Provide Swagger Documentation for the API
A la https://swagger.io/docs/

Currently I have to list all of the devices in the MDM, and filter after the fact. It would be great to be able to retrieve the devices in a particular group directly.

When a machine enrolls into MDM via ABM/ASM the current cadence is to install packages before creating the configured account.

This request is to make the account creation happen first so packages that install can use the account that is created by the MDM.

One instance is the ability to install the bootstrap token escrow with the local admin account.  

Enrolling devices through Portable hotspot. When targeted devices are connected to admin device hotspot and by entering the user credentials for the login. Hence the mobile device is enrolled and the profiles are pushed.

We are using few Custom Attributes that can have only some options (like kiosk app). Having drop-down list with options will be really nice.

Then it will allow us to set possible Attributes and help desk will just choice from drop-down list.

Thanks David

Under Passcode Policy, can the option be placed to require a passcode? I could not locate that option anywhere ...

Okta have nice "Device trust" setting do you guys think it will be possible to cooperate with them and make this happen?

https://help.okta.com/en/prod/Content/Topics/Mobile/OktaDeviceTrustJamfmacOS_Devices.htm

It is easy for iOS/Windows but they need some API access to verify device in MDM.

Thanks

WARNING tells me something. Doesn't tell me where to go to fix it. Thx

I would like to remotely wipe an Apple TV like I can on JAMF.

In Apple Configurator 2, there is an option to customise the “Trust” of a Wi-Fi configuration. This allows connecting to an enterprise network (in my case TTLS+PAP) without getting the “Untrusted Certificate” pop-up on iOS.
It would be great to be able to set these fields in the SimpleMDM UI too!
(I actually spent a few days searching why I was getting this pop-up on iOS, and not on macOS; turns out on macOS having the certificate installed in the keychain seems to be enough, but not on macOS…)

Please add the ability to set custom attributes for DEP Devices which have not yet enrolled with SimpleMDM.

This would enable us to set some user attributes (email addresses, user names etc.) before handing the device to the user. Right now we are not able to preset a Google account profile for a user for a full zero touch deployment.

We need the ability to enrol macs into AD. This is done via the Directory payload, but I can't find a profile for it in Simple MDM. Before this is present, we can't switch to Simple MDM and is stuck with Apples Profile Manager.

It would be excellent to allow a custom URL for the "Welcome screen" contents, including providing drop-in HTML for a "start enrollment" button. This way, we could for example redirect to existing EULA agreement pages and pop the user right back to the SimpleMDM workflow.

On the main Devices View, include the serial number as a column. Or have the ability for Users to add fields to this table to customize the view.

From the Apps->Catalog->Installs screen, add a "Push update" option to the Action menu, letting me push the most recent app binary to multiple devices at once.

At the moment, I have to go via Devices -> Devices -> Apps and update devices one at a time.

My use case is pushing an RC version of the app to c 3-4 manager devices, and then pushing the same/approved version to many more client devices. All at once. (Without having to generate a spurious additional build version and using auto-update during the update binary process).

We need a report to see device movements from users. Also see devices removed by and the related information

It would be extremely useful if a device dropping below a minimum specified battery level would trigger a notification to the administrator via email. This is a weak point with remotely located devices that are left on and accessible for long periods at a time. Even the genuine high wattage Apple chargers can require a power cycle after being left on for long periods, to avoid the device battery discharging faster than it is maintained.

allow exceptions to Apps that are still useful but are restricted to the profile settings.
if your profile settings have age restricted Apps set at 14+, have an exception box to allow Apps that have a 17+ to still function on device.

create automatic lists devices.
Devices are automatic assigned depending of some features like memory,, IOS version or specific version of an App installed.