Enable Apps access for a custom role and deploy apps to Android Enterprise and macOS devicesSolved

To give an existing custom role access to the Apps section, modify the role permissions in Hexnode:

1. Go to Admin > Technicians and Roles.
2. Open the Roles tab.
3. Find the custom role and select Modify Role from the more options menu.
4. Scroll to the Apps permissions section.
5. Enable access to the Apps tab.
6. Select the required granular permissions, such as adding apps, modifying apps, or managing existing apps.
7. Save the role.

The updated permissions apply to all technicians assigned to that custom role.

For Android Enterprise app deployment, first add the app to the Hexnode app inventory:

1. Go to Apps.
2. Select +Add Apps > Managed Google Apps.
3. Search for the required app in Managed Google Play.
4. Select the app to add it to the inventory.

After that, deploy the app either through a remote action or a policy.

For a one-time installation, go to Manage > Devices, select the Android Enterprise devices, then use Actions > Install Application.

For continuous enforcement, add the app under Policies > Android > App Management > Required Apps and assign the policy to the required devices, users, or groups. On Android Enterprise devices enrolled as Device Owner, apps pushed through Hexnode can be installed silently without user interaction.

That clears up the Android side. For macOS, especially Mac mini devices, do we need users to sign in with a Managed Apple ID before apps can be installed? Or is there a better approach for deploying App Store apps silently?

For Mac mini devices, the recommended method for deploying App Store apps is Apple VPP with device-based assignment. With device-based VPP app assignment, apps are assigned directly to the Mac rather than to a user. This means the user does not need to be signed in with a personal Apple ID or Managed Apple ID for the app to be deployed. Hexnode can push the VPP app silently to the device, and the app license remains managed by the organization. macOS device management itself is primarily profile-based and relies on Apple’s native MDM framework. A Managed Apple ID is not required just to manage the Mac through MDM.

Is the Hexnode macOS agent still needed then, or is the native MDM profile enough for most Mac management tasks?

The native MDM profile is sufficient for standard macOS management tasks such as Wi-Fi and VPN configuration, FileVault settings, passcode policies, security restrictions, OS update management, and VPP app deployment.

The Hexnode macOS agent is recommended when you need advanced management capabilities that are not fully handled by the native Apple MDM protocol. Examples include:

• Deploying custom in-house apps such as PKG or DMG files.
• Running custom shell scripts.
• Collecting more detailed system analytics.
• Using advanced dynamic compliance checks.

So, for basic macOS management and App Store app deployment through VPP, the native MDM profile is usually enough. For a more complete enterprise setup, especially where custom apps or scripts are required, installing the Hexnode macOS agent is recommended.