Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
449 results found
-
Report on installed certificates
I'd like to see SimpleMDM report on installed certificates for all device types. A common feature in other MDMs, CertificateListCommand (https://developer.apple.com/documentation/devicemanagement/certificatelistcommand) has been around since iOS 4 and macOS 10.7 (!).
While we have other tools to report on certificates (like osquery), it's useful to have MDM as a data source as well since oftentimes installed certificates originate via profiles. Knowing certificate health within the same product has benefits, and could allow for more advanced certificate management directly in SimpleMDM.
Important fields...
- Certificate name
- CA/issued by
- Expiration
- Current validity status
- If possible, whether…20 votes -
3 votes
-
Reject enrollments for unsupported macOS versions when using SAML
I am requesting SimpleMDM add guards for ADE where a macOS device is under 10.15. Copying directly from enrollment authentication config...
"OSes prior to macOS 10.15 and iOS 13 using Automated Enrollment and all devices enrolled with Apple Configurator do not support SAML authentication and will not be authenticated. Optionally enroll them in a less secure initial device group."
A helpful setting for sure since it means a device can be dropped into a group with no access to organization profiles, packages, or secrets. However, the device is still allowed to enroll and takes up a license. If that Mac…
1 vote -
Add username field to `device.enrolled` webhook event
The goal is to have a
username
field in thedevice.enrolled
webhook event.This field would be populated using the the custom attribute defined in the "Username custom attribute" setting in the Automated Enrollment Authentication section.
In our use case, a user will be prompted to auth using Okta during Automated Device Enrollment (ADE). The username that is returned by Okta would be part of the webhook event payload. We use the username and device serial number to help with automating other internal processes to help determine which user is assigned to which device.
This could be covered by https://suggestions.simplemdm.com/forums/204404-suggestions/suggestions/46831099-control-webhook-data…
6 votes -
Allow SimpleMDM to release devices in ABM/ASM
Allow SimpleMDM to release devices without having to sign in to Apple Business Manager. This feature is enabled by default when you add an MDM server in ABM/ASM. You can remove this feature by deselecting the option for any new or existing MDM servers you created.
But SimpleMDM has not implemented this feature yet. Would be nice to automate the decommissioning process of the devices.
https://support.apple.com/en-sg/guide/apple-business-manager/axmec4d28461/web
3 votes -
Support choosing which webhook events to subscribe to per endpoint
https://api.simplemdm.com/#webhooks
The current webhook events are as follows...
device.changed_group
device.enrolled
device.unenrolled
device.lock.enabled
abm.device.addedWhenever any of these events occurs, the webhook endpoint is pinged. However, processing these can get particularly noisy, especially in large environments and (hopefully) as SimpleMDM adds more supported events.
I am asking to add support for selecting which events are subscribed to per webhook endpoint. This way only events needed for a particular workflow are sent and the webhook receiver requires less work to filter out unneeded data.
The UI could look like other SimpleMDM settings with checkboxes for each event, where by default all are…
18 votes -
Allow entry of Custom Integers for Software Update Delay Fields in Restrictions Payload
Currently we only have the option to choose from predefined options in the dropdown list as shown below.
Please add the ability to add a custom ineger up to the maximum allowed by Apple.1 vote -
Add reMarkable to shared apps
DMG file available publicly here:
https://downloads.remarkable.com/3 votes -
Support "Non-Removable" flag on deployed iOS Store Apps
As noted here on the SimpleMDM blog, an option was added to iOS starting in 14.x where individual apps can be marked as "non-removable" by the administrator when being deployed.
https://simplemdm.com/blog/mdm-ios-14-macos-11-big-sur/
https://it-training.apple.com/tutorials/deployment/dm195"To prevent a user from uninstalling a managed app, mark the app as nonremovable when you assign the managed app to a user or device. Depending on your MDM solution, you might need to deselect a Removable attribute or set a nonremovable attribute. With your MDM solution, you may also be able to set this attribute on apps that are already installed on a device."
I feel it…
16 votes -
Add support for ZIP and XIP as well as DMG
A fair number of apps are distributed as ZIPs (and one prominent app uses XIPs) instead of DMGs. It would be convenient to be able to upload these as is, instead of having to locally convert them to DMGs first
$(unzip App.zip && hdiutil create -format ULMO -o App.dmg -srcfolder App.app)
3 votes -
Scope profiles to build version
With the advent of RSRs, the OS version is no longer a definitive identifier of what OS rev a system is on. The OS build numbers would be a more consistent way to identify target OSes.
Historically, macOS minor builds have followed an pattern of
[Major OS number][A...Z minor build][Patch Number] moniker.Now with RSRs, the build numbers are a bit more complicated but the values still go up and each build number is larger than the last based on the pattern above.
13.3.1 22E261
13.3.1 RSR 22E772610a
13.4.0 22F66
13.4.1 22F82
13.4.1 RSR 22F770820bI propose that Build numbers…
5 votes -
Add AWS VPN Client to the list of managed applications
Adding a picture of ducks discussing the idea to improve chances of upvoting.
Thanks!
1 vote -
Customize Self Service Kiosk
I want to be able to change text and icon for the kiosk
https://kb.filewave.com/attachments/16?open=true
Doesn't have to be this complete but simple changes so it says <company name> software kiosk
6 votes -
Include the Enrollment group in Device Details section
It would be helpful to include the Enrollment group in Device Details section
1 vote -
New notification options
I'd love for a lot more notification options. Given SimpleMDM's position on the device already, it hopefully shouldn't be too heavy of a lift.
- New User added
- User priv changes
- OS update skipped
- Device visible (after being offline)
This is off the top of my head, but I'm sure I could come up with quite a few more given some time.
3 votes -
Include "less than macOS version" and "greater than macOS version" for profile scoping
It would be very helpful to be able to define "less than" and "greater than" macOS version when scoping profiles. For example, I would prefer to specify "less than macOS 12" for a profile to apply to all versions of macOS 11. As it is, I have to update the maximum OS version every time a new dot release comes out.
7 votes -
Disable ActivationLock via API
It should be possible to disable the ActivationLock via API call, this is specificly helpfull if you want to decomission a device.
8 votes -
Improve Device Search with More Attributes
Currently device search only supports device name, serial number, IMEI, MAC, and phone number.
Scenarios where search doesn't return the results I need:
- When I need to search by a custom attribute. For example, say I want to return all devices where the username attribute is "nathaniel.strauss". I am unable to since those attributes are not exposed in search. This is a common ask - "How many devices does x have?" The same holds true for any custom attribute set from SAML assertion - team, department, etc.
- When the device name (SimpleMDM defined) doesn't match the Device Name…64 votes -
Control Webhook data
Webhooks are very limited in what they provide without triggering another API call to pull in more information. The ability to control the payload within the webhook endpoint creation screen would be a huge help in interfacing with other programs. The ability to add static data to the payload (like we can already do to the header) or be able to add dynamic data through attribute support.
7 votes -
Add support for additional com.apple.MCX keys in FileVault profile type
The current FileVault profile builder in the admin GUI only has options included in com.apple.MCX.FileVault2, the escrow payload, and dontAllowFDEDisable. Please add support for dontAllowFDEEnable and DestroyFVKeyOnStandby from com.apple.MCX as well.
Apple docs here: https://developer.apple.com/documentation/devicemanagement/fdefilevaultoptions
6 votes
- Don't see your idea?