Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
405 results found
-
Use a SAN instead of CN when managing certificate renewal
Currently if an admin wants SimpleMDM to manage the renewal of their SCEP certificates, SimpleMDM bulldozes the CN and replaces it entirely. This is problematic for workflows that require specific values to be in a CN and not a SAN. If possible, please use a SAN to insert any necessary tracking values. Intune is doing this with success (see the blue box at the top of https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep).
2 votes -
Enrollment Setting - Unassign Profiles at Re-Enrollment
We heavily utilize individually assigned profiles for Macs. There are also a few default profiles assigned via group. When a new out-of-box Mac is being enrolled for the first time only those default profiles are installed (around 5). Profiles are installed quickly and reliably. Later on during provisioning our configuration management tool handles installing other required per device profiles.
However, when a Mac from stock is being re-enrolled to be used by another person, every previously assigned profile is installed at setup assistant. Since in my case those individually assigned profiles are usually per user, team, department, etc. and no…
8 votes -
Make logging more detailed for MDM commands
While I appreciate how detailed SimpleMDM logs can be, especially with raw responses from MDM, sometimes they need to provide more detail. For example, when sending an OS update command the log only contains...
"Log Details
Full ID E7B0DBE9-A7C1-4EC8-8CB8-BFA4AB990C59
Created At 2023-08-17 3:34 PM
Namespace device
Type os.update.idle
Level info
Device redacted
UDID F405AA51-FF04-4B71-900F-9C09F0515398
Serial Number redactedMetadata
{
"update_version": "13.5.1"
}
"With OS updates in particular, it's useful to know what mode was used as well. 'downloadonly', 'notifyonly', 'installasap', or 'forceupdate' are all options, but there's no associated data. For some basic commands like…
9 votes -
WatchOS management support
We would like to deploy a fleet of Apple watches and would like to get support to manage these via DDM
3 votes -
Auto-admin password complexity settings
For the auto-admin password generation done by SimpleMDM, it'd be preferable to be able to manage the level of password complexity when the password is generated. Environments can have different password policy rules that all accounts, including MDM generated, need to abide by. The Dude abides.
Password storage apps like 1Password and Keeper offer, at minimum, password length, use of numbers, and use of special characters. See attached.
9 votes -
Support SCIM provisioning and de-provisioning for admin accounts
SCIM (System for Cross-domain Identity Management) is a REST/JSON protocol defined in RFC 7644 that allows identity providers to direct service providers to make account create, update, and delete actions. It is generally used to pre-provision access for new accounts and de-provision access for accounts that no longer require it.
Please add support for SimpleMDM to work with the SCIM protocol for administrator accounts. A minimum implementation for our purposes would be to create administrator accounts using SCIM at the default permission level, and have the delete function revoke access on the given account. In a perfect world, the SCIM…
17 votes -
Allow users to see the ipad locations on a map but nothing else
Allow users to see the ipad locations on a map but nothing else. Just users who want to see real-time location of all the ipads. But don't let them manage the ipads, change settings, etc.
1 vote -
Allow before/after (un)installation script overrides for shared apps
This would enable one to benefit from shared auto-updating apps while applying useful improvements such as
/Applications/Docker.app/Contents/MacOS/Docker --unattended --install-privileged-components.5 votes -
Allow for export of all config profiles
Currently you can only export the XML for custom config profiles. I am requesting that we are able to export the XML for all configuration profiles.
1 vote -
Upload more than 2 media files at once
Increase the upload limit, allowing more than 2 files at a time.
1 vote -
Make the `app_usage_data` portion of Munki optional
Having just confirmed with Eric and others in the Slack channel that SimpleMDM's Munki instance doesn't make use of the
app_usage_datafeature in Munki - would it be possible to create a toggle to turn it off?Additionally there are some global regions where tracking this kind of stuff falls foul of local privacy laws...
...and it's upset my privacy focused end users.
Thanks in advance
11 votes -
Filtering out data during Device Export
Have the ability to filter out certain data points when doing a Device Export
4 votes -
Notifications for nodes running low on disk space
Notifications for nodes running low on disk space
2 votes -
Implement "force password change when the user authenticates"
As per https://support.apple.com/en-ca/guide/deployment/dep4d6a472a/web, Apple has an API for forcing a user password change. This is useful when updating password policy - passwords that met the old policy but no longer meet the new policy are not evaluated and forced to change. This setting, however, would make it so.
6 votes -
Allow devices to be marked as unmanaged
Another idea to borrow from Jamf Pro. Please consider allowing SimpleMDM customers to mark devices as unmanaged in order to keep them for historical or data purposes without them actively being under management and NOT taking up a license. An unmanaged device would keep the same config, but not have the ability to interact with MDM moving forward. No profile installs, polling for device info, etc. It is a record stuck in time. Devices should be able to move freely between managed/unmanaged through the GUI and API.
As it today, every device which exists in a SimpleMDM tenant takes up…
4 votes -
Add Support for Munki Conditionals to SimpleMDM's Munki Implementation
Munki includes the ability to set "conditionals" for items in specific manifests to provide granular controls over the installation or appearance of items.
For example, if I have a multi-site organization, I can set a conditional on a NOPKG item that installs a printer so that the printer install NOPKG only shows up if the device user is connecting to Munki from a specific subnet. This allows me to refine the view of available self-service printers so that, for example, the printers available at Site A only show up if the user's local IP address matches the subnet at Site…
10 votes -
Support choosing which webhook events to subscribe to per endpoint
https://api.simplemdm.com/#webhooks
The current webhook events are as follows...
device.changed_group
device.enrolled
device.unenrolled
device.lock.enabled
abm.device.addedWhenever any of these events occurs, the webhook endpoint is pinged. However, processing these can get particularly noisy, especially in large environments and (hopefully) as SimpleMDM adds more supported events.
I am asking to add support for selecting which events are subscribed to per webhook endpoint. This way only events needed for a particular workflow are sent and the webhook receiver requires less work to filter out unneeded data.
The UI could look like other SimpleMDM settings with checkboxes for each event, where by default all are…
24 votes -
export list of apps on a device.
Would be nice to be able to export a csv file of all the apps on a device. Bossman wanted me to get a list of apps on these peoples devices and screenshots looked terrible. some folks have over 128 apps on their work devices. thanks!!
1 vote -
Update/upgrade WhatsApp in Shared Apps for macOS
The current version has now "WhatsApp (old)" as name and the logo is grey now instead of green. It also suggests downloading the new app. But I prefer to install it from the self-service app (Munki). So can you add/update it?
1 vote -
Include "less than macOS version" and "greater than macOS version" for profile scoping
It would be very helpful to be able to define "less than" and "greater than" macOS version when scoping profiles. For example, I would prefer to specify "less than macOS 12" for a profile to apply to all versions of macOS 11. As it is, I have to update the maximum OS version every time a new dot release comes out.
10 votes
- Don't see your idea?