Mac Device Management

From macOS 10.13.2 Apple began to change its security posture to prevent third-party applications from unauthorized interaction with the computer.

The security and privacy control settings default to blocked and the user must first grant the applications the required permissions before they can access the computer. As these settings relate to privacy and security, they are not remotely configurable through a remote assistance tool.

This can generate numerous notifications and configuration requirements that appear daunting to the end-user as they have to approve each request. Either from new software installations or where previously permitted applications now require re-authorization after an Operating System update.

If the end-user does not allow the required access, then this can prevent the application from running, or the application runs, but with restricted functionality.

To reduce the volume of notification displayed to the end-user from our software and ensure all our installed applications have the required permissions, from Mac Monitoring Agent 3.4.0 RC we utilize Appleā€™s Mobile Device Management (MDM) framework.

Apple-designed MDM to allow administrators to securely and remotely configure enrolled devices managing this through profiles and we use this to approve any access required by our applications.

Our MDM profile uses this technology to silently configure the computer's security and privacy controls for our software, applying the required permissions to any deployment or update to our applications in both the current and future versions of the Operating System.

To use this functionality, you must first request an Apple Push Notification certificate and upload this to your Dashboard. Once the certificate association is in place, we will prompt the end-user to enroll in our Mac Device Management service and apply the related profile when the Agent updates to version 3.4.0 RC. The dialog contains your Dashboard company name and Agent branding (where selected) to ensure the user knows the source of this enrollment request.

Enrolling the computer in Mac Device Management is a one-time process for the user.

What do you want to do?