Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
458 results found
-
Record administrator logins in Logs
Currently, there is no visibility in the logs when an admin session is started from a login. We'd like to see log in and log out for at least "local" SimpleMDM accounts if not IdP initiated sessions as well, populated into the admin namespace. It would be helpful if the logs contained the account email, IP address they are logging in from, and the usual timestamp / "At" value. A user agent value would be a bonus but it's understandable if that's not available.
25 votes -
Implement Munki managed uninstalls
The SimpleMDM Munki implementation does not currently support managing uninstalls of software as a "pure" deployment of Munki might. Please implement uninstall management.
27 votes -
add baseline to munki shared apps
Add Baseline to the default munki shared apps
3 votes -
Group based on Enrollment Custom Attributes
Ability to assign devices to a group based on a custom attribute during enrollment.
We would love to be able to use a department attribute from our idp to be able to map devices to a group during enrollment, to help automate the process and keep it almost a 0 touch deployment for new devices.
1 vote -
Filter Profiles by Device Type, Assigned Groups
It would be amazing if we could get more granular filtering for the profiles section. It gets very messy very quick.
Maybe a way to filter profiles by group, or profiles by device type would be amazing.
1 vote -
Remove the device name pop-up in the new devices page UI
The device name pop-up in the new devices page UI is intrusive and makes it difficult to open the device in a new tab
1 vote -
Monitoring unpatched CVEs
Interesting post by Graham about using the Sofa feed info to track unpatched CVEs in their mac fleet with osquery.
Last checked: 2024-05-03T20:33:36+00:00Z
Machine readable feed: v1/macosdatafeed.jsonhttps://grahamgilbert.com/blog/2024/05/03/investigating-unpatched-cves-with-osquery-and-sofa/
1 vote -
Option to auto renew ACME Certificates - DDM and Profiles - Managed Device Attestation
We would like an option to have ACME certificates auto renew. This is a feature currently available for SCEP issued certificates.
Our use case is using managed device attestation and the new ACME payloads to create certificates that can be used for 802.1x, but we need them to auto renew before they expire (for internal reasons the validity period is 91 days).
It would also be helpful to provide tokenised values for the CN.
3 votes -
Saving column sorting / pin column
If device columns can't be custom sorted and saved at this time, it would be nice if the "pin to the left" feature remained pinned - not sure if it times out or reverts after X amount of navigating to different groups, but it doesn't stay pinned too long.
1 vote -
Sort the Scripts -> Jobs -> History tab by newest to oldest by default
Right now, the sorting is by name (I think?) which is not useful. It would be great to show the most recently queued jobs in the history first by default.
8 votes -
Support custom MDM commands
I'd like to see SimpleMDM support sending custom MDM commands with arbitrary payloads. Advantages being...
- Customers don't have to wait for SimpleMDM to implement new commands to start testing. With WWDC coming up this is especially pressing because new commands and/or keys need to be tested quickly during the summer beta cycle for any chance at improvement.
- Possible to test beta/RSR updates by passing in the product key to a software update command.
- WS1 has this feature and please don't make me say anything nice about WS1.
As an example, here's how WS1 implements it with the author using EnableRemoteDesktop. …
28 votes -
API - Provide clear documentation about API timeout response object and headers
In the Sync Profiles API documentation here - https://api.simplemdm.com/#sync-profiles - there is a note indicating this specific endpoint is rate limited to 1 request per 30 seconds, and the header 'X-RateLimit-Reset' can be checked to see when the limit will be reset.
Can you please include specific examples in the documentation for this particular endpoint that demonstrate what the response headers will look like.
Additionally, for all API endpoints that have a rate limit, please indicate how the API will respond if the rate limit is hit and whether there will be a header 'X-RateLimit-Reset' value that indicates when that…
3 votes -
Add Reporting Tool
It'd be great to have a reporting tool in the GUI. This way I can easily look up a specific app and see what version is installed on multiple/all devices. I know there is an API tool but having something in the GUI would be great.
1 vote -
Integrate Google’s Santa project into SimpleMDM?
The clue is in the name SimpleMDM - your product makes the difficult parts of managing your Mac devices simple - setting up and managing Munki could be challenging, and now the easy to use implementation you’ve provided is a great fit for lots of organisations.
Can you apply the same magic to Google Santa please?
https://github.com/google/santa
Here’s the use case. In our organisation, end users run with administrator access. This empowers them to do all the things they need to do to be productive, and ensures IT isn't a bottleneck…
…but - with great power comes great responsibility. There’s…
3 votes -
Allow setting device naming schemes per enrollment
We use the device naming template under Settings -> General. This works great for our macOS and iOS devices that come in through manual enrollment and ADE as our template contains the serial number attribute, but fails when User Enrolled devices are named because that attribute isn't available. It would be useful to allow us to set a different device naming scheme per enrollment, or at least to set a backup or some sort of logic should one of the attributes be null.
20 votes -
Custom Configuration Profiles API - Download the profile as a JSON object, not a text object
Currently it looks like the download method for the custom configuration profiles API returns the profile being downloaded as a text object not a JSON object.
The preferred (at least for me) response object that should be returned is a JSON object in keeping with all other responses.
3 votes -
Apps & Media > Assignment UI redesign
The user interface for the Apps & Media > Assignment area of SimpleMDM is rather clunky for viewing and adding assignment groups, etc.
For example, after creating an assignment group to allocate profiles to, picking/selecting a profile is a pain as you have to know the name of a profile in order for it to appear in the list of app/media/profiles that can be added to the group. This is most painful when there are more than three profiles that can be selected (in my particular case there are over twenty profiles that can possibly be selected).
This part of…
3 votes -
Report on profile status - pending, installed, failed
SimpleMDM currently only surfaces profile assignment in the main profiles UI. To see the status of a specific profile on a device an admin must navigate to a device record. What information isn't readily available is the status of a profile. Even if it's assigned to 100 devices, there's no way to tell how many of those devices the profile successfully installed.
Specifically asking...
- Add three columns to the view at/profilesin the UI - installed, pending, failed.
- In the profiles and custom profiles API endpoints include data about these status as well.The major driver behind…
11 votes -
Introduce source IP based allow listing
While complex username/password + TOTP requirement is a standard and solid security requirement for administrative access to the SimpleMDM controls, it could be made even stronger with the addition of IP allow listing. I would love to have +1 layer of opt-in friction between the internet at large and a tool has the ability to brick all of my organization's laptops simultaneously.
If implemented, I'd request that a minimum of 2, preferably 3 remote sources be required before the service could be enabled: this will provide small businesses with redundancy for the event that they change ISPs and cannot bring…1 vote -
add the ability to deploy individual files/folders to macOS
I would like the ability to deploy individual files or folders to our Mac devices.
Sometimes an app has an additional config file that needs deployed to make it work. We also use PDQ Connect in our environment, and that allows for us to can create packages that contain .msi, .exe, or PowerShell or CMD scripts, then also have the option to attach additional files to use in the package (see screenshot).
Also, there are times where we may just need to send a file/folder to all devices. Something else besides an app, profile, or script. A simple option to…
7 votes
- Don't see your idea?