Open Source Mdm For Macos

by

  1. Open Source Mdm For Macos Windows 7
  2. Open Source Master Data Management
  3. Open Source Mdm For Macos Mac

Even much of MacOS's core is open source. Also, my Linux background made it easy to get comfortable with the macOS command line. I still use it to create and copy files, add users, and use other utilities like cat, tac, more, less, and tail. 15 great open source applications for macOS. Flyve MDM is a Mobile Device Management Software (SaaS) that enables you to secure and manage all the mobile devices of your business via a unique web-based console (MDM). Our solution allows you to efficiently and easily control any aspects of your Android-based mobile fleet, providing a panel of functionalities: check here.

Mac MDM, as the name suggests, is mobile device management for Macs. With the advent of modern management, iOS MDM solutions double up as macOS MDM (or OS X MDM) solutions. This requirement arose due to a multitude of devices running on diverse operating systems in organizations. However, to manage and secure these devices and the data contained within brings the need to deploy a mobile device management(MDM) solution. ManageEngine MDM is not just a Mac MDM software but it lets you manage all Apple devices running on iOS, macOS, and tvOS besides Android devices, Chromebooks, and Windows devices, making it more than a Mac MDM solution, as it reduces the time spent in managing an array of devices running on different operating systems from a single console, thereby eliminating the need for multiple device management software.

How to manage macOS (and OS X) machines?

ManageEngine MDM, the free Mac MDM solution supports the following features to manage machines running on macOS:

  • Device Enrollment
    • Enroll machines which are already deployed:

      Enrollment is the first step under Mac device management. macOS machines which are in use even before setting up ME MDM can be enrolled using MDM. Enrollment can be performed through Invites in case of managing machines present in your inventory. For employee-owned personal machines, using Self Enrollment is ideal. The enrollment URL is accessed to bring machines under management. Supported for macOS 10.7 and above.

    • Enroll new macOS machines:

      Integrating MDM with Apple Business Manager, facilitates out-of-the-box deployment. New machines can be enrolled and brought under management before being handed over to employees. Supported for macOS 10.9 and above.

    • Automate the creation of a local administrator account on Mac machines:

      During enrollment via Apple Business Manager, local admin account can be created on Mac machines to simplify device maintenance, configure system applications, add/remove user accounts, as well as for troubleshooting. Supported for macOS 10.11 and above.

  • Profile Management
    • Passcode:

      Secure your managed machines and data by defining parameters for a password policy. Supported for macOS 10.7 and above.

    • Device restrictions:

      In case your organization's security policy prevents users from installing unapproved apps, it is possible to restrict the same using ME MDM. Restrictions related to device functionality, security, location settings, etc can be applied as well. Supported for macOS 10.8 and above.

    • Wi-Fi configuration:

      Wi-Fi and proxy settings for the managed machines can be configured. You can also prevent machines from connecting to unapproved Wi-Fi networks by configuring Restrictions. Supported for macOS 10.7 and above.

    • VPN configuration:

      VPN and proxy settings can be configured. To know more about the supported types of VPN by MDM, click here. Supported for macOS 10.7 and above.

    • FileVault Encryption:

      Data stored in all the managed mac machines can be secured by encrypting them through a single console using FileVault Encryption. Supported for macOS 10.9 and above.

    • Firmware Password:

      A Firmware password prevents the device from being booted from any internal or external disk other than the default startup disk. This is important to prevent the theft of the physical device. This password can be set in bulk on machines using MDM. Supported for macOS 10.13 and above.

    • Certificate policy:

      Distribute CA certificates to the managed machines in order to secure and validate any network communication. Supported for macOS 10.7 and above.

    • Simple Certificate Enrollment Protocol (SCEP):

      In case of large organizations where it is a hectic task to distribute certificates manually, SCEP can be configured for scalable and simplified distribution of unique client certificates. Supported for macOS 10.7 and above.

    • AD Asset binding:

      Conventionally, binding Mac machines to your organization's Active Directory (AD) is a tedious task, requiring the manual intervention of the IT administrator. With MDM, the admin can configure the AD Asset binding policy to remotely bind managed Macs to your AD, without any sort of manual intervention by the admin or user. Supported for macOS 10.9 and above.

    • Custom Configuration:

      To configure policies which MDM does not currently support, create custom configuration profiles using third-party tools like Apple Configurator or ProfileCreator. The supported OS version depends on the policies configured witin the custom profile.

  • Security Management
    • Remote Scan:

      Granular details about the managed machines can be viewed using the remote scan command. Information about the Installed apps, blacklisted apps and restrictions imposed on the machines can be obtained as well. Supported for macOS 10.7 and above.

    • Remote Lock:

      The IT administrator can remotely lock the managed machines to enhance data security and to also secure any machines that might be lost. Supported for macOS 10.8 and above.

    • Complete Wipe:

      Suppose you require a machine to be handed over to another employee, all the data and settings on the managed machine can be completely wiped. The device will become as good as new. Supported for macOS 10.8 and above.

    • Corporate Wipe:

      Only the corporate data and settings pushed using MDM can be removed from the managed machines without deleting any personal data. Supported for macOS 10.7 and above.

    • Geotracking:

      The location of a Mac machine can be retrieved which makes it possible to know the whereabouts of a remote employee at work and also secure the device. Supported for macOS 10.7 and above.

  • App Management
    • Silent app installation:

      Apps purchased via ABM can be silently installed in the managed machines from the MDM server with zero user intervention. Supported for macOS 10.10 and above.

Sep 27, 2018 Management of devices via MDM requires a compatible commercial or open-source MDM server that implements support for the MDM Protocol. The Device Enrollment Program (DEP) is a service offered by Apple that simplifies Mobile Device Management (MDM) enrollment by offering zero-touch configuration of iOS, macOS, and tvOS devices. Munki is an open-source project that provides macOS software management functionality, including a self-service app store for the end-user. Munki has been integrated with SimpleMDM so that you may utilize it in your account without any additional setup. Device-enrolled macOS device (user enrollment is not supported) Supported App.

  • The 'Reset MDM' script removes the existing MDM profile on a client, then immediately re-installs a new MDM profile and runs a recon which will result in all configuration profiles being reinstalled on the client within a few minutes (if not immediately).
  • Nov 16, 2019  Privileges.app for macOS is an open source tool that Apple IT departments can use to granted time based access to local administrator rights. Switches, a mobile device management.

NOTE: It is mandatory to configure an APNs certificate before managing Apple devices using macOS MDM solutions. To know more about the steps involved, click here.

Last updated November 27, 2019

Administrators face numerous challenges when managing a macOS deployment. While an MDM may solve many of them, there are some workflows that can benefit from a little extra help. In this article, we introduce you to a variety of open source technologies that can automate workflows or enable additional functionalities for Mac deployments.

It is worth mentioning that many of these tools require a fair amount of technical aptitude to successfully implement. Additionally, you may find that these solutions are more than what is necessary to accomplish your goals. For this reason, we recommend first identifying the specific requirements for your deployment. Then evaluate which of them can be covered adequately using out-of-the-box features offered by your device management solution. Finally, look for options to address any remaining needs.

Munki

Munki is a tool for managing software installations on macOS. Perhaps one of the most common and reputable open-source solutions known to the Mac Admin niche, we would be remiss to not include it on this list.

Mdm

Its features are highlighted by an internal app store, known as the Managed Software Center. This provides users with a simple interface and self-serve experience for installing and updating software. Admins can also remotely deploy unsigned packages otherwise not permitted by Apple MDM, force software installations, updates and removals, and much more.

Munki is commonly integrated into deployment workflows alongside MDM and the Apple Device Enrollment Program (DEP). This offers a pleasant onboarding experience for users and admins alike. We have dedicated another article to this topic: Munki Deployment Using Apple DEP And MDM.

In addition, there have been various open-source contributions to further enhance Munki workflows. To name a few:

Sal

Sal is a client-based reporting dashboard for Munki that allows you to create hierarchical permission sets for viewing reports on your Mac deployment. For example, you can configure reporting permissions for the manager of an individual department allowing them to view only reports for their department. It also provides the ability to create custom reporting widgets, search for specific machines and deployment information, and even allows you to build your own plug-ins.

Munki-pkg

This is a tool for building macOS PKGs via the command line as part of your Munki deployment.

MunkiWebAdmin 2

The second iteration of MunkiWebAdmin, this tool provides a web-based interface for Munki administrators for managing their Munki repositories.

MunkiReport-PHP

This provides a web-based dashboard allowing you to run and view various reports on your Mac deployment.

Open Source Mdm For Macos Windows 7

DEPNotify

Much of the deployment process is often shrouded in mystery from the perspective of the device user, particularly during DEP enrollment. DEPNotify offers end-users transparency and insight into the magic that is happening behind the scenes through a sleek interface displayed during the initial setup process. It can be used to show custom messaging and visuals indicating the device’s progress, letting users know what is happening.

InstallApplications

InstallApplications (not to be confused with the InstallApplication MDM protocol command) can often be found as a central piece of Mac DEP enrollment workflows as the initial signed package deployed via MDM. This lightweight package can then handle the installation and/or configurations of additional software, profiles, and scripts. It is commonly used to deploy other MDM tools, such as Munki and DEPNotify, during the initial device setup process following DEP enrollment.

AutoPkg

Similar to Munki-pkg, AutoPKG is a command line tool for creating macOS packages. It is designed for use with Munki but can be used elsewhere for package creation. AutoPKG supports a feature called “recipes”, which are prebuilt sequences for automating many tasks of the build process. You can build your own recipes or even use pre-existing recipes to save even more time.

AutoPkgr

This free Mac app adds a slick, easy-to-use interface to the AutoPKG tool; a nifty addition for admins who prefer a more visual experience while managing their packages and recipes. It allows you to view your recipes, add new components with a few clicks, discover and subscribe to new recipes, and schedule checks for existing recipes, amongst other tasks.

NoMAD

NoMAD, short for “No More Active Directory”, fills a unique gap for Mac deployments that have traditionally used mobile accounts bound to Active Directory. Specifically, it provides admins with the ability to decouple their deployment from Active Directory while retaining the benefits of binding user accounts to it. User accounts remain local while NoMAD handles all the interactions with Active Directory, and it can be implemented while still bound, allowing for a smoother transition process. NoMAD also supports additional functionalities including single sign-on at the macOS sign-in window as well as password synchronization.

Open source mdm for macos mac

Crypt

Ensuring that FileVault is enabled on company-owned Macs is often a high priority. Apple MDM has built-in support for FileVault enforcement and key escrow, but Crypt expands on these capabilities. Crypt can be configured on your own server for storing FileVault recovery keys. Furthermore, it can enforce FileVault when devices are offline, enable admins to configure certain permissions for users, and offers a self-serve functionality to allow users to request their own recovery keys.

Payload-Free Package Creator

Open Source Master Data Management

The process of building macOS PKGs used only for deploying scripts can be repetitive and a hassle. Additionally, admins often do not want the package to leave anything behind after the script has run. This clever tool makes it easy for admins to quickly build packages from their scripts that can then be delivered via MDM.

Vfuse

Open Source Mdm For Macos Mac

Virtual machines can be incredibly useful for testing deployment strategies and implementations. For example, they can be used to test macOS enrollments with Apple DEP (our post Test Apple DEP with VMware, Parallels, and VirtualBox goes into further detail on this). However, creating or obtaining a VM image can be a tricky and time-consuming process. Vfuse simplifies this task by creating a VMware Fusion VM image directly from a DMG that has not been booted. It is commonly used with DMGs created using AutoDMG.

AutoDMG

AutoDMG allows you to quickly and easily convert a macOS installer downloaded from the Mac App Store into a deployable system image. Amongst other things, it can be particularly useful for creating system images that can then be used with Vfuse to generate a VM image.

Reposado

Managing macOS software updates for entire deployments can be a cumbersome task. Mac admins have traditionally had limited options for handling them. For example, it may not always be desirable to update all machines to the most recent OS version available in the App Store. Additionally, many devices downloading OS updates simultaneously can put a lot of stress on an individual network. Reposado allows you to download Apple Software Update catalogs and host them on your own server. As a result, admins have more control over installed versions. These update servers can be hosted locally which is particularly helpful for large deployments to reduce the impact on the connected network. It also features a command line tool that lets you create multiple branches of the update catalogs, which is useful for tasks such as testing new releases on a subset of devices.

Closing Thoughts

These are just a handful of the open-source tools that can provide efficient solutions to tasks that Mac admins may be faced with. Feel free to include additional suggestions or recommendations below for anything we may have missed. Finally, thank you to the contributors to these projects for their efforts in creating these useful solutions.