LiveDesktop provides an unrivaled experience for remotely controlling macOS devices. Unlike third-party tools that install a separate application to control the device, LiveDesktop uses the Remote Management framework built into macOS. Then, LiveDesktop securely tunnels traffic from that service to a unique URL which you can access from Addigy.
LiveDesktop does not require Privacy Preferences or Control Permissions to connect to macOS devices.
Directory
Prerequisite
- The target device must have `Remote Management` enabled with full control (via MDM or manually).
Technical Information
With the absence of native OS apps for LiveDesktop to connect to devices, there may be a need to have certain URLs allow listed.
- tunnel.addigy.com
- tunnel-sydney.addigy.com
- tunnel-frankfurt.addigy.com
- Port range for the tunnel server: 40000-40199
- app.addigy.com access port 2053
How to Enable LiveDesktop
Enabling the Integration
To begin using Addigy LiveDesktop, head over to the Account > Integrations page. Select the Addigy LiveDesktop tile and enable the integration using the toggle in the top right. LiveDesktop does not install any software on devices enrolled in your Addigy account.
Note: LiveDesktop is enabled for all Policies by default when enabled via the Integrations page.
Enabling or Disabling LiveDesktop per Policy
- Navigate to the Policies page and select a policy.
- Select Integrations & Settings.
- Select the Remote Control tab.
- LiveDesktop can be toggled on or off for all devices in the policy:
Connecting to a LiveDesktop Session
Once LiveDesktop is enabled, new sessions can be started from the Devices Page or from the GoLive page.
Clicking the LiveDesktop icon will present a prompt to initiate and start a session.
- Addigy automatically will try to select the best relay for connection (Best region found option). You can change this at any time.
- Addigy automatically checks to see if `Remote Management` is enabled on the device.
- If `Remote Management` is not enabled, Addigy will present the following dialog for you to try and enable it via Addigy MDM:
- If `Remote Management` is not enabled and the device is not enrolled in Addigy MDM, you will be presented with the following screen (As you need to enable Remote Management through the existing MDM or manually):
Enabling Remote Management
`Remote Management` can be enabled using the native dialog that appears during the session if we detect it is not enabled. Alternatively, it can be enabled in or by navigating to GoLive > Device Commands.
Connecting from a macOS Device
If you connect from a macOS device, you must click "Start Session" to initiate a session. macOS will ask if you want to open the Screen Sharing application; click Allow.
Connecting from a Windows Device
When starting a LiveDesktop session, the pop-up will give you the VNC URL and the VNC password for the connection. This can be used from a Windows-based VNC application. Moreover, this URL can be used to connect to macOS devices from iOS, and iPadOS, among other OSes.
Authenticating to a LiveDesktop Session
When connecting to LiveDesktop from macOS Screen sharing or Remote Desktop (ARD), there are a few options for authenticating to the device.
Note: LiveDesktop sessions will time out after 1 hour, and the address will no longer be valid. The following prompt may appear when LiveDesktop times out:
1. If you are connecting from Screen Sharing or Remote Desktop on a Mac and someone is already logged into the device, you request permission to share their desktop session.
Please note: Due to Apple's Screen sharing functionality, when requesting permission using LiveDesktop, there is a timeout of 10 minutes. Apple's security measure will require this in intervals of 10 minutes with no activity.
2. You may always authenticate with a local username and password for the target macOS device, even if no one is logged into the device. The session will be shared if you provide the same username and password as someone logged into the device. Otherwise, a new desktop session will be created.
Please note: This method will negate the 10-minute interval prompt when requesting permission.
Enabling Remote Management
LiveDesktop automatically enables Remote Management for devices when starting a new session for the first time. For devices running macOS 10.13 and older, LiveDesktop needs no additional settings to enable Remote Management. For devices running macOS 10.14 Mojave and newer, LiveDesktop requires MDM to function properly. For full details on enabling Remote Management for LiveDesktop, see our article Enabling Remote Management for LiveDesktop.
Monterey (12) and earlier:
Ventura (13) and higher:
Configuring LiveDesktop Privileges
When LiveDesktop has been enabled, all Addigy users with the owner or admin and user role will be able to start sessions with macOS devices they can access.
To enable LiveDesktop access for custom roles, go to the Account -> Users page. Navigate down to the Roles table and select the 3 dots "..." > Edit to edit the relevant custom role.
Add the Run LiveDesktop privilege to the role and Save the change.
Connecting to an Offline Device
While it is unlikely that you will be able to connect to a device that Addigy sees as offline, you may still attempt to start a LiveDesktop session. This is particularly useful when wanting to connect to a device immediately as it is turning on or coming online.
Before initiating the session, you may see hover-text above the LiveDesktop icon indicating the offline status of the device.
When initiating a session for an offline device, a message will be presented to remind you that the connection may not be successful. However, LiveDesktop will still queue the necessary commands to initiate the session.
If the device receives the commands, then LiveDesktop should continue to work normally as it would for a device detected as online.