Hi everyone. Is there a simple way to generate an MDM report on a macOS, similar to what mdmdiagnostictool.exe does on Windows? Any built-in tool or script suggestions?
31 Views
Replies (6)
Marked SolutionPending Review
Participant
5 days ago
Marked SolutionPending Review
Hi @clauss ,
You are correct — macOS doesn’t offer a direct equivalent to the mdmdiagnosticstool.exe utility available on Windows. However, you can achieve similar functionality by running the following command in Terminal to list the configuration profiles applied via Apples’s MDM framework:
|
1 |
sudo /usr/bin/profiles list -output stdout-xml |
This command outputs the file information in XML format. But this won’t include configurations deployed via the Hexnode agent — only those applied through Apple’s MDM channel will appear.
Marked SolutionPending Review
Participant
5 days ago
Marked SolutionPending Review
Thank you @mees for the command. But I am having trouble understanding the XML output. I would prefer to get the MDM report in a more readable format.
Marked SolutionPending Review
Hexnode Expert
5 days ago
Marked SolutionPending Review
Hey everyone!
If you are looking for a more structured report on macOS, you can use a custom Bash script to collect relevant MDM-related diagnostics from the system.
Below are the steps to create and run such a script on macOS:
Step 1: Create the MDM diagnostic script.
Open Terminal and enter the following command to create a shell script named mdm_diagnostics.sh in your home directory:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
cat > ~/mdm_diagnostics.sh << 'EOF' #!/bin/bash OUTPUT_DIR=~/Desktop/mdm_diagnostics_$(date +%Y%m%d_%H%M%S) mkdir -p "$OUTPUT_DIR" echo "Collecting MDM logs (last 24h)..." log show --predicate 'subsystem == "com.apple.ManagedConfiguration"' --info --last 1d > "$OUTPUT_DIR/mdm_managedconfig.log" echo "Dumping installed MDM profiles..." profiles show > "$OUTPUT_DIR/mdm_profiles.txt" echo "Checking MDM enrollment status..." sudo profiles status -type enrollment > "$OUTPUT_DIR/mdm_enrollment_status.txt" echo "Done. MDM diagnostics saved to: $OUTPUT_DIR" EOF |
This command will automatically create a new script file with all necessary instructions to collect MDM diagnostics.
Step 2: Make the script executable.
Before running the script, you need to make it executable. For that, run:
|
1 |
chmod +x ~/mdm_diagnostics.sh |
Step 3: Run the script.
Now execute the script with administrative privileges:
|
1 |
sudo ~/mdm_diagnostics.sh |
You’ll be prompted to enter your macOS administrator password.
Upon successful execution, a new folder will be created on your desktop with a name like mdm_diagnostics_YYYYMMDD_HHMMSS . This folder will contain the following diagnostic files:
-
mdm_managedconfig.log — Recent MDM-related system logs.
-
mdm_profiles.txt — A full list of installed configuration profiles.
-
mdm_enrollment_status.txt — Current MDM enrollment status.
Marked SolutionPending Review
Participant
4 days ago
Marked SolutionPending Review
Thanks for the script @isabel_lora ! Just to confirm, do I need to run the script with sudo every time?
Marked SolutionPending Review
Hexnode Expert
4 days ago
Marked SolutionPending Review
Yes, you need to run the script with sudo because some of the commands require administrative privileges to access MDM enrollment status and system logs. Without sudo, those parts won’t work correctly.
Marked SolutionPending Review
Participant
4 days ago
Marked SolutionPending Review
Got it, thanks for the clarification, @isabel_lora ! I’ll run it with sudo then. Appreciate the help!
Save
