Getting Started Guide
Welcome to Addigy! Our goal is to provide you with the very best in cloud-based Apple device management. In general, Addigy helps your IT team in two areas:
- Keeping your devices operating efficiently 24/7 — updating as needed and monitoring for possible problems
- Providing full and direct device control to help you remediate problems when they arise
If you haven’t had a live demo, our team is ready to schedule one for you.
In order to get the most out of this guide, we recommend having the following:
- An Addigy account (Don't have an account? Sign up)
- A Push Certificate (or an Apple ID for creating one)
- A test Mac with admin account access
Step 1: Addigy MDM
Note: A complete Addigy MDM setup includes configuring Apple Business Manager (or Apple School Manager), but you can do that later. However, if you intend to use ABM, the Apple ID used to create your Push Certificate should be from the same organization that owns the ABM account and the device.
Migrating from another MDM Provider? The steps below are for devices that are not managed via MDM yet. There’s another process when migrating from another provider.
Creating and uploading a Push Certificate
Push Certificates are needed for Addigy to securely communicate with your devices using Apple’s MDM protocol. You will create a certificate on Apple’s Push Certificate website and then upload it to your Addigy account. Here’s how:
Go to Account > MDM Settings and add a new certificate. A new pop-up window should appear. Here are the steps to add a new certificate:
- Download the AddigyCSR file (.plist)
- Upload it to the Apple Certificate Portal
- Download the associated Certificate (.pem file)
- Upload the .pem file to your Addigy account
Creating an Enrollment Profile
With your Push Certificate uploaded, you can now create a global Enrollment Profile for your account in just a couple of steps:
Note: The following steps are for accounts that only need one Enrollment Profile. If your organization needs multiple profiles (MSPs for example), we recommend using only internal or test devices for this guide. Later you can decide whether to use policy-scoped Enrollment Profiles or separate child accounts.
- Go to Account > MDM Settings and add a new Global Enrollment Profile
- Enter name, company information, and the certificate you created in the previous step
🤩 Great job! Setting up MDM is one of the trickier parts of getting started with Addigy. Now we can add devices and see how Addigy works.
- Overview: Apple Push Certificates
- How to Configure Automated Device Enrollment
- Multi-Tenant Setup for Enrollment Profiles
Step 2: Adding Your First Device
Essentially, a device is “added to Addigy” when an Enrollment Profile is installed onto it. Let’s install the profile you created onto a device.
- Go to to the Add Devices page
- For the policy drop down, select the first default option for now. We’ll go over policies a bit later.
- A few installation options will appear, but we’ll focus on getting the profile directly by either downloading the .mobileconfig file itself or copying the download URL. In either case, the target device will prompt the user to approve the installation (admin password required).
- On the test device, paste the URL into a browser window to download the Enrollment Profile.
- Once approved, the device’s Settings (System Preferences) will have a new “Profiles” section showing the Enrollment Profile.
- The device will then check into Addigy MDM and complete the installation of some other related Addigy files.
🤩 Nicely done! Not only is that device ready to be fully managed in your Addigy account, but you can also use that same URL for all the devices you like (send it out in a bulk email to your employees, for example). If you selected a policy in the drop down, the device is also assigned to that policy which saves us a step later.
Note: The installation and profile approval experience can vary slightly between macOS versions. Read additional information
Recommendation: If you have an Apple Business Manager account, setting up Automated Device Enrollment will pre-install an Enrollment Profile for new devices purchased through the account.
👉 Next: View device details
- Assigning Devices in Apple Business Manager for Automated Device Enrollment
- How to configure Apple’s Automated Device Enrollment Integration with Addigy
Step 3: View Live Device Details
Once a device checks into Addigy, a full audit of the device’s current state is available to review. Let’s now see how to get a detailed look at the audit data for the device(s) you added.
The Devices page
The Devices page has a lot of powerful features like customizable table views, running shell scripts on multiple devices, and direct chat, but right now let’s go right to the “GoLive” page, which shows all the device facts Addigy gathers during each audit.
👉 From the Devices page, click on the name of any of the devices to go to its GoLive page.
GoLive - the device details page
For macOS devices, Addigy supplements MDM with a lot more data and control tools, all visible on a device’s GoLive page. For example, you can:
- Quickly view or edit the device’s policies
- Launch a remote command line session on the devices
- Easily send Restart, Shutdown, Lock, or Erase commands
- Remotely control the device (or just view the screen)
- Run any available system updates
- View a list of all installed applications
- Launch a chat session with the current user
- View live usage for memory, swap file, and CPU
- View several dozen data points from the latest audit (date and time of last restart, FileVault status, CPU cycles, etc)
- …and a lot more
Most industry tools can only display information available via MDM, but with Addigy, that's only the beginning.
👉 Next: Use policies to manage settings and deploy assets
- Overview: GoLive
- LiveTerminal (root level command line access)
- LiveDesktop (view and control any remote Mac)
Step 4: Policies
In Addigy terms, a Policy is a collection of settings and assets to be applied to many devices at once. Addigy automates the enforcement of those settings and deploys any assets to the assigned devices.
Here’s how policies work:
- You create and configure policies with settings and assets (like software, profiles, etc)
- You assign devices to one or more policies
- Addigy automates deployment of any updated policy changes when devices check in
Policies can be configured in just about any way to fit the structure of your organization. Our support team and the Addigy community can help with recommendations and best practices.
Creating assets and adding them to policies
Addigy offers several kinds of assets that can be added to a policy, like Public Software (from Addigy’s large library of popular apps, Apps and Books from Apple Business Manager, or your own custom software), Profiles (settings payloads using Apple’s MDM protocol), OS and Office Updates for macOS, and many more.
Assigning devices to policies: 3 methods
- Manual Assignment:
Most organizations with a small number of devices can manually select policies for each device — this is done by going to each device’s GoLive page and selecting or deselecting policies.
Policies can optionally be configured with a set of filters, based on device facts , to determine whether a device should be assigned to that policy during each device check-in. This dynamic approach allows large organizations to use a set of rules rather than selecting policies for each device separately.
For example, you can configure a policy to be assigned to “all iMacs running any OS earlier than 12.2”. Or another one for “any device that has an IP address that starts with 10.2.12.53”.
- Initial Enrollment Policy:
The third way to assign a device to a policy is during its enrollment. You may have already done it in an earlier step if you selected a policy when copying the Enrollment Profile URL. If you did, the device would have been assigned to that policy during enrollment and Addigy would have started deploying assets and settings to the device immediately!
👉 Assign your device
Let’s use option #1 above because it’s the most direct way for now:
- Go back to the device’s GoLive page (this is the device details page you can find starting at the Devices page).
- Under the device name at the top, click the button that indicates the device’s assigned policies (at this point it should say either “0 Policies…” or “1 policy…”)
- A pop up window will appear listing your current policies and any that are selected for the device. If none are selected, select one. You’ll modify that policy in Step 5.
🤩 Done! Your device is assigned to a policy, although it’s not doing anything yet. Let’s get that policy working for us.
A note about your Catalog
Any assets you create for a policy, like Profiles, Software, Maintenance Jobs, etc, will also be saved in your Catalog so they can be edited and reused. If, for example, you assigned a custom software to several policies, you can later edit that item in the Catalog and each policy will deploy the updated item during the next cycle.
👉 Next: Deploy your first asset through a policy
- MDM Configuration Profiles
- Policies Overview
- Auto-Assign Devices with Flex Policies
- Understanding the Policy Hierarchy
- Profiles for a Multi-Tenant Environment
Step 5: Deploying an asset to a device
Now that your device has been assigned to a policy, you can add settings and assets to that policy to deploy to its devices. Let’s send out an MDM Profile for Wi-Fi settings.
- From the Policies page, click the name of the policy you assigned
- Select the tab for “MDM Profiles” and click “New”
- Select Wi-Fi and complete the payload fields, and click Save
- You should now see your new Wi-Fi profile on the list
- Select the row and click the “Add or remove…” button at the top of the table. Then select “Add to policy”
🤩 Woo hoo! Next time your device checks in, the new profile will be deployed to your device (or, you can push the deployment now in the Overview tab).
If this was a brand new device to your network, it would have received a payload that allowed it to connect to your Wi-Fi without the device’s user even being involved. Any device that gets assigned to that policy will also receive the payload. Plus, you can also go back and change that Wi-Fi payload any time you like and all assigned devices will get updated!
Try adding other things to a policy, like software from the public library (macOS devices only), monitoring or maintenance items, or OS Users. Each time a device checks into Addigy, your updates will be applied to the device.
You’ve finished the very basics for setting up Addigy MDM, enrolling your devices, and deploying assets using policies. Next up depends on your needs. Here’s a list of articles we recommend next:
- Policy-Level MDM Profiles
- Recommended macOS Security Settings
- System Updates
- GoLive: Direct and live device data and management
- Adding users to your Addigy account
- Monitoring and automatic remediation
- Self-Service app for Macs
- Scheduled maintenance
- Apple Business Manager and Apple School Manager
- Automated Device Enrollment
- Addigy Identity
- 3rd Party Integrations
- The Devices page
- Running shell commands with LiveTerminal
- Getting Help
- Addigy Certification Training