In macOS Catalina (10.15), Apple introduces a new method of Secure Token enablement called Bootstrap Token. This is a new MDM-based feature that automatically provides a Secure Token on all mobile accounts. Addigy MDM solution supports the Bootstrap Token and can provide SecureToken to a mobile user account. This is a seamless process with a small subset of requirements outlined below. The Bootstrap Token does not require additional MDM Configurations to be deployed.
Note: This process does not affect or apply to how a local user obtains a Secure Token.
- macOS Catalina 10.15+
- Enrolled via Automated Device Enrollment (Addigy's Apple Business Manager, or Apple School Manager, integration is required)
- Must be bound to a directory service like Active Directory.
- A Managed Administrator account must be created.
NOTE: In macOS Catalina 10.15.4 or later, any user created during the Automated Device Enrollment process can escrow the bootstrap token.
While there are no additional configurations needed on the Addigy platform, outside of Automated Device Enrollment, there are some additional considerations on the device that need to be considered.
You can confirm if the Bootstrap Token is on the device by running the following command on the macOS device:
sudo profiles status -type bootstraptoken
The following output should be shown if the Bootstrap Token is enabled properly.
profiles: Bootstrap Token supported on server: YES profiles: Bootstrap Token escrowed to server: YES
To check if the user has a Bootstrap Token. Run the following command:
diskutil apfs listcryptousers /