Suggestions
Have a great idea that you’d like to see added to our service? Perhaps there’s an existing feature that you’d like to have extended or modified? Share it here!
430 results found
-
Allow setting device naming schemes per enrollment
We use the device naming template under Settings -> General. This works great for our macOS and iOS devices that come in through manual enrollment and ADE as our template contains the serial number attribute, but fails when User Enrolled devices are named because that attribute isn't available. It would be useful to allow us to set a different device naming scheme per enrollment, or at least to set a backup or some sort of logic should one of the attributes be null.
17 votes -
Implement Munki managed uninstalls
The SimpleMDM Munki implementation does not currently support managing uninstalls of software as a "pure" deployment of Munki might. Please implement uninstall management.
21 votes -
Route SSO-only users to their account-specific SSO
When our SSO-only users go to a SimpleMDM bookmark in their browser, they get routed to the email/password login page. Since SSO login (via SAML) requires an organization-specific sign-in page, they don't know where to go to sign in.
A suggestion that I hope would help here would be to route a user whose account is SSO-only to their organization's SAML login page so that they can complete their sign-in flow. This could either be letting them enter their email on the existing login page or having a button on the page for "Log in via SSO" so they could…
4 votes -
Auto-admin password complexity settings
For the auto-admin password generation done by SimpleMDM, it'd be preferable to be able to manage the level of password complexity when the password is generated. Environments can have different password policy rules that all accounts, including MDM generated, need to abide by. The Dude abides.
Password storage apps like 1Password and Keeper offer, at minimum, password length, use of numbers, and use of special characters. See attached.
12 votes -
Introduce source IP based allow listing
While complex username/password + TOTP requirement is a standard and solid security requirement for administrative access to the SimpleMDM controls, it could be made even stronger with the addition of IP allow listing. I would love to have +1 layer of opt-in friction between the internet at large and a tool has the ability to brick all of my organization's laptops simultaneously.
If implemented, I'd request that a minimum of 2, preferably 3 remote sources be required before the service could be enabled: this will provide small businesses with redundancy for the event that they change ISPs and cannot bring…1 vote -
Support for defined build numbers in DDM software update
It's fantastic that we can get started with DDM software updates... however, I think the protocol does allow for us to push a specific build number.
This is handy for testing - as I've got a device enrolled in the beta that I'd love to push specific build numbers too, to try out the functionality - without having to reach for DFU mode on a long suffering test system.
Going forward, it would be fantastic to nudge/enforce specific build numbers for beta testers, so we can ensure testers are all on latest betas where appropriate.
Thanks :)
2 votes -
Use a SAN instead of CN when managing certificate renewal
Currently if an admin wants SimpleMDM to manage the renewal of their SCEP certificates, SimpleMDM bulldozes the CN and replaces it entirely. This is problematic for workflows that require specific values to be in a CN and not a SAN. If possible, please use a SAN to insert any necessary tracking values. Intune is doing this with success (see the blue box at the top of https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep).
2 votes -
Enrollment Setting - Unassign Profiles at Re-Enrollment
We heavily utilize individually assigned profiles for Macs. There are also a few default profiles assigned via group. When a new out-of-box Mac is being enrolled for the first time only those default profiles are installed (around 5). Profiles are installed quickly and reliably. Later on during provisioning our configuration management tool handles installing other required per device profiles.
However, when a Mac from stock is being re-enrolled to be used by another person, every previously assigned profile is installed at setup assistant. Since in my case those individually assigned profiles are usually per user, team, department, etc. and no…
8 votes -
Make logging more detailed for MDM commands
While I appreciate how detailed SimpleMDM logs can be, especially with raw responses from MDM, sometimes they need to provide more detail. For example, when sending an OS update command the log only contains...
"Log Details
Full ID E7B0DBE9-A7C1-4EC8-8CB8-BFA4AB990C59
Created At 2023-08-17 3:34 PM
Namespace device
Type os.update.idle
Level info
Device redacted
UDID F405AA51-FF04-4B71-900F-9C09F0515398
Serial Number redactedMetadata
{
"update_version": "13.5.1"
}
"With OS updates in particular, it's useful to know what mode was used as well. 'downloadonly', 'notifyonly', 'installasap', or 'forceupdate' are all options, but there's no associated data. For some basic commands like…
9 votes -
Improve API docs with examples for each endpoint
SimpleMDM's API documentation (https://api.simplemdm.com/) is inconsistent in what information is included per endpoint. For example, https://api.simplemdm.com/#custom-configuration-profiles shows the response body for a GET call, but the POST (create) section has no usage information. It's up to the user to intuit from other endpoints the format in which those arguments should be.
https://api.simplemdm.com/#custom-attributes shows how to set a value for a device, but not create a new custom attribute globally.
We (the customer) end up making assumptions about API formats which are usually true, but only able to confirm through guessing. It would help to ensure the official docs…
10 votes -
WatchOS management support
We would like to deploy a fleet of Apple watches and would like to get support to manage these via DDM
3 votes -
Allow users to see the ipad locations on a map but nothing else
Allow users to see the ipad locations on a map but nothing else. Just users who want to see real-time location of all the ipads. But don't let them manage the ipads, change settings, etc.
1 vote -
Allow before/after (un)installation script overrides for shared apps
This would enable one to benefit from shared auto-updating apps while applying useful improvements such as
/Applications/Docker.app/Contents/MacOS/Docker --unattended --install-privileged-components
.5 votes -
Allow for export of all config profiles
Currently you can only export the XML for custom config profiles. I am requesting that we are able to export the XML for all configuration profiles.
1 vote -
add the ability to deploy individual files/folders to macOS
I would like the ability to deploy individual files or folders to our Mac devices.
Sometimes an app has an additional config file that needs deployed to make it work. We also use PDQ Connect in our environment, and that allows for us to can create packages that contain .msi, .exe, or PowerShell or CMD scripts, then also have the option to attach additional files to use in the package (see screenshot).
Also, there are times where we may just need to send a file/folder to all devices. Something else besides an app, profile, or script. A simple option to…
4 votes -
Upload more than 2 media files at once
Increase the upload limit, allowing more than 2 files at a time.
1 vote -
Make the `app_usage_data` portion of Munki optional
Having just confirmed with Eric and others in the Slack channel that SimpleMDM's Munki instance doesn't make use of the
app_usage_data
feature in Munki - would it be possible to create a toggle to turn it off?Additionally there are some global regions where tracking this kind of stuff falls foul of local privacy laws...
...and it's upset my privacy focused end users.
Thanks in advance
11 votes -
Shared App Request: Tailscale
Please add Tailscale to the shared app library. Thanks!
2 votes -
Support SCIM provisioning and de-provisioning for admin accounts
SCIM (System for Cross-domain Identity Management) is a REST/JSON protocol defined in RFC 7644 that allows identity providers to direct service providers to make account create, update, and delete actions. It is generally used to pre-provision access for new accounts and de-provision access for accounts that no longer require it.
Please add support for SimpleMDM to work with the SCIM protocol for administrator accounts. A minimum implementation for our purposes would be to create administrator accounts using SCIM at the default permission level, and have the delete function revoke access on the given account. In a perfect world, the SCIM…
15 votes -
Notifications for nodes running low on disk space
Notifications for nodes running low on disk space
2 votes
- Don't see your idea?