The Addigy platform can manage macOS, iOS, and tvOS devices using Addigy Mobile Device Management (MDM) functionality.
- Must be an Owner and have no policy restrictions
- You must create an Apple Push Certificate and assign it in Addigy by following our instructions here: Addigy Apple Push Certificates.
- You must configure an MDM Profile on at least one policy to see the MDM Profiles deploy to devices inside of that Policy (see more details below).
You must configure the MDM Profile to enable the MDM functionality on a policy. Once configured, the MDM Profile will be automatically installed on all macOS devices in the policy.
To enable the Addigy MDM integration on a policy, Navigate over to Policies -> Integrations (under the desired policy) -> select Mobile Device Management (MDM).
Setup the following configuration options in the MDM Profile:
- Display Name
- Company Name
- Description for your Mobile Device Management Profiles
This information will be available to the end-user on their device when the Profile is installed to let them know who manages the device.
So, make sure it's meaningful to the customer.
Below is an example of how it will appear on the end-user's device in System Preferences -> Profiles.
When the MDM Profile is deployed, the devices will appear in the MDM Integration section under MDM Devices as 'Active':
Additionally, if the device is a macOS device you can query the device using the List All Profiles script located in the community section:
This Script will return a verbose output of all the profiles currently installed on the device
Enrolling Your Devices With MDM
Now that you've set up your Push certificates and configured MDM in your policies, it's time to start enrolling new machines with MDM. It's important to note that this allows Addigy to bypass some of the
1. Head over to the Add Devices page
2. From the Select A Policy section, use the dropdown menu to select the policy you wish to add a device to.
Once selected a number of MDM installation options will appear.
Option 1: Downloads the .mobileconfig file that would allow you to directly install MDM directly onto the device when double clicked.
Option 2: Copies the url shown so that it may be pasted into a browser's navigation bar which will then attempt to install the MDM Profile. Alternatively this link will download the .mobileconfig associated with your environment which can then be double clicked to install the MDM Profile to the System Preferences of the desired device.
Option 3: This is a QR code that can be used to install MDM on an iPhone or iPad.
Please Note: If you do not see an installation url like the one below, then you still have to setup an Apple Push Certificate. Please reference the instructions found in this article Addigy Apple Push Certificates.
Here is what the QR code screen would look like:
Once the .mobileconfig file has been downloaded please proceed with the following steps:
1. Locate .mobileconfig file and double click it, this will open up System Preferences.
2. Select 'Install' on the Profiles screen:
You will then need to approve the profile by click Approve button on the Profile:
The profile should then show successfully installed, along with any other MDM Configurations that may be assigned in the policy:
If you have an Apple Business Manager or Device Enrollment Program (DEP) account and want to utilize DEP, then head over to our articles
- Configuring the Addigy DEP Integration Using an Apple Business Manager Account
- Configuring the Addigy DEP Integration Using an Apple Device Enrollment Program Account.
Below are some videos that walk through the MDM Integration.
Installing Mobile Device Management:
- Copy Download Link for MDM Profile
- Email Download Link to MDM Device
- Download and Install MDM Profile
- Copy the Profile to a USB or similar device for local installations
Videos contain no audio
Once the Addigy Profile is deployed and the device is checking-in, MDM Configurations need to be built and Deployed to the MDM Device.
Below is a walk-through video of building an MDM Configuration for Single App Lock to lock the Device to Maps App.
Then, the device will be assigned to the Policy and the changes will be confirmed and deployed:
Building & Deploying MDM Configurations:
- Building an MDM Configuration (Single App Lock for Maps)
- Adding the MDM Configuration to a Policy
- Assigning an MDM Device to a Policy
- Confirming the MDM Configuration Changes and Deploying Now
- Verify Settings (In the video, the device is locked to the Maps App)
Videos contain no audio
- iOS and tvOS devices will only be eligible for the MDM Profile URL Deployment (or DEP / Business and School Manager deployments).
- iOS and tvOS devices are not eligible for the Addigy Agent which recognizes device state (MDM-specific devices will show as a gray icon as shown in video above).
- iOS and tvOS support Remote Lock, Remote Wipe, and MDM Configurations.
- macOS supports both MDM Profiles and the Addigy Agent.
- macOS can reinstall both the Addigy Agent and the MDM Profile using the builtin Actions
Below are some other KB articles that walk-through other similar MDM and related tasks.
Kernel Extension Whitelisting with Addigy MDM Configurations:
Integrating Addigy with Apple Business Manager:
Integrating Addigy with VPP/DEP: