In macOS Catalina (10.15), Apple introduces a new method of SecureToken enablement called Bootstrap Token. This is a new MDM-based feature that automatically provides a SecureToken on all mobile accounts and other local accounts created by Addigy. Addigy MDM solution supports the Bootstrap Token and can provide SecureToken to a mobile user account. This is a seamless process with a small subset of requirements outlined below. The Bootstrap Token does not require additional MDM Configurations to be deployed.
In order to check if the Bootstrap Token was escrowed, check out our article on How to Verify the macOS Bootstrap Token Was Escrowed
Note: In macOS 11 or later, the Bootstrap Token can grant a SecureToken to any user logging into a macOS device, including local user accounts.
Device Requirements
- macOS Catalina 10.15+
- If macOS Catalina, it has to be enrolled via Automated Device Enrollment. If macOS Big Sur 11+, all MDM Enrollment methods (except BYOD) will grant Bootstrap Token.
- Must be bound to a directory service like Active Directory (only for mobile accounts).
- A Managed Administrator account must be created.
Note: In macOS Catalina 10.15.4 or later, any user created during the Automated Device Enrollment process can escrow the bootstrap token.
Configuration Requirements
While there are no additional configurations needed on the Addigy platform, outside of Automated Device Enrollment, there are some additional considerations on the device that need to be considered.