Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
421 results found
-
Include Rancher in Munki managed apps
This request is to include Rancher in the munki shared apps
Rancher is an open-source application that provides all the essentials to work with containers and Kubernetes on the desktop
1 vote -
Include Notion Calendar in munki shared apps
"Notion" is currently included in the munki shared apps. This request is to also include the Calendar App - https://www.notion.so/product/calendar
1 vote -
Route SSO-only users to their account-specific SSO
When our SSO-only users go to a SimpleMDM bookmark in their browser, they get routed to the email/password login page. Since SSO login (via SAML) requires an organization-specific sign-in page, they don't know where to go to sign in.
A suggestion that I hope would help here would be to route a user whose account is SSO-only to their organization's SAML login page so that they can complete their sign-in flow. This could either be letting them enter their email on the existing login page or having a button on the page for "Log in via SSO" so they could…
7 votes -
Record administrator logins in Logs
Currently, there is no visibility in the logs when an admin session is started from a login. We'd like to see log in and log out for at least "local" SimpleMDM accounts if not IdP initiated sessions as well, populated into the admin namespace. It would be helpful if the logs contained the account email, IP address they are logging in from, and the usual timestamp / "At" value. A user agent value would be a bonus but it's understandable if that's not available.
25 votes -
add baseline to munki shared apps
Add Baseline to the default munki shared apps
3 votes -
Sort the Scripts -> Jobs -> History tab by newest to oldest by default
Right now, the sorting is by name (I think?) which is not useful. It would be great to show the most recently queued jobs in the history first by default.
11 votes -
Filter Profiles by Device Type, Assigned Groups
It would be amazing if we could get more granular filtering for the profiles section. It gets very messy very quick.
Maybe a way to filter profiles by group, or profiles by device type would be amazing.
1 vote -
Allow setting device naming schemes per enrollment
We use the device naming template under Settings -> General. This works great for our macOS and iOS devices that come in through manual enrollment and ADE as our template contains the serial number attribute, but fails when User Enrolled devices are named because that attribute isn't available. It would be useful to allow us to set a different device naming scheme per enrollment, or at least to set a backup or some sort of logic should one of the attributes be null.
20 votes -
Remove the device name pop-up in the new devices page UI
The device name pop-up in the new devices page UI is intrusive and makes it difficult to open the device in a new tab
1 vote -
Monitoring unpatched CVEs
Interesting post by Graham about using the Sofa feed info to track unpatched CVEs in their mac fleet with osquery.
Last checked: 2024-05-03T20:33:36+00:00Z
Machine readable feed: v1/macosdatafeed.jsonhttps://grahamgilbert.com/blog/2024/05/03/investigating-unpatched-cves-with-osquery-and-sofa/
3 votes -
Option to auto renew ACME Certificates - DDM and Profiles - Managed Device Attestation
We would like an option to have ACME certificates auto renew. This is a feature currently available for SCEP issued certificates.
Our use case is using managed device attestation and the new ACME payloads to create certificates that can be used for 802.1x, but we need them to auto renew before they expire (for internal reasons the validity period is 91 days).
It would also be helpful to provide tokenised values for the CN.
3 votes -
Saving column sorting / pin column
If device columns can't be custom sorted and saved at this time, it would be nice if the "pin to the left" feature remained pinned - not sure if it times out or reverts after X amount of navigating to different groups, but it doesn't stay pinned too long.
1 vote -
Support custom MDM commands
I'd like to see SimpleMDM support sending custom MDM commands with arbitrary payloads. Advantages being...
- Customers don't have to wait for SimpleMDM to implement new commands to start testing. With WWDC coming up this is especially pressing because new commands and/or keys need to be tested quickly during the summer beta cycle for any chance at improvement.
- Possible to test beta/RSR updates by passing in the product key to a software update command.
- WS1 has this feature and please don't make me say anything nice about WS1.
As an example, here's how WS1 implements it with the author using EnableRemoteDesktop. …
28 votes -
Custom Configuration Profiles API - Download the profile as a JSON object, not a text object
Currently it looks like the download method for the custom configuration profiles API returns the profile being downloaded as a text object not a JSON object.
The preferred (at least for me) response object that should be returned is a JSON object in keeping with all other responses.
3 votes -
Introduce source IP based allow listing
While complex username/password + TOTP requirement is a standard and solid security requirement for administrative access to the SimpleMDM controls, it could be made even stronger with the addition of IP allow listing. I would love to have +1 layer of opt-in friction between the internet at large and a tool has the ability to brick all of my organization's laptops simultaneously.
If implemented, I'd request that a minimum of 2, preferably 3 remote sources be required before the service could be enabled: this will provide small businesses with redundancy for the event that they change ISPs and cannot bring…1 vote -
Support for defined build numbers in DDM software update
It's fantastic that we can get started with DDM software updates... however, I think the protocol does allow for us to push a specific build number.
This is handy for testing - as I've got a device enrolled in the beta that I'd love to push specific build numbers too, to try out the functionality - without having to reach for DFU mode on a long suffering test system.
Going forward, it would be fantastic to nudge/enforce specific build numbers for beta testers, so we can ensure testers are all on latest betas where appropriate.
Thanks :)
2 votes -
Use a SAN instead of CN when managing certificate renewal
Currently if an admin wants SimpleMDM to manage the renewal of their SCEP certificates, SimpleMDM bulldozes the CN and replaces it entirely. This is problematic for workflows that require specific values to be in a CN and not a SAN. If possible, please use a SAN to insert any necessary tracking values. Intune is doing this with success (see the blue box at the top of https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep).
2 votes -
Enrollment Setting - Unassign Profiles at Re-Enrollment
We heavily utilize individually assigned profiles for Macs. There are also a few default profiles assigned via group. When a new out-of-box Mac is being enrolled for the first time only those default profiles are installed (around 5). Profiles are installed quickly and reliably. Later on during provisioning our configuration management tool handles installing other required per device profiles.
However, when a Mac from stock is being re-enrolled to be used by another person, every previously assigned profile is installed at setup assistant. Since in my case those individually assigned profiles are usually per user, team, department, etc. and no…
8 votes -
Make logging more detailed for MDM commands
While I appreciate how detailed SimpleMDM logs can be, especially with raw responses from MDM, sometimes they need to provide more detail. For example, when sending an OS update command the log only contains...
"Log Details
Full ID E7B0DBE9-A7C1-4EC8-8CB8-BFA4AB990C59
Created At 2023-08-17 3:34 PM
Namespace device
Type os.update.idle
Level info
Device redacted
UDID F405AA51-FF04-4B71-900F-9C09F0515398
Serial Number redactedMetadata
{
"update_version": "13.5.1"
}
"With OS updates in particular, it's useful to know what mode was used as well. 'downloadonly', 'notifyonly', 'installasap', or 'forceupdate' are all options, but there's no associated data. For some basic commands like…
9 votes -
Make the `app_usage_data` portion of Munki optional
Having just confirmed with Eric and others in the Slack channel that SimpleMDM's Munki instance doesn't make use of the
app_usage_datafeature in Munki - would it be possible to create a toggle to turn it off?Additionally there are some global regions where tracking this kind of stuff falls foul of local privacy laws...
...and it's upset my privacy focused end users.
Thanks in advance
14 votes
- Don't see your idea?