Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. macOS

Category filter

How to Enroll Mac Devices in Hexnode UEM

Jump To

Hexnode UEM provides extensive Device Management capabilities to secure, restrict, and manage your organization’s macOS fleet. To establish a secure connection for management, you must first enroll your devices. This guide details the various enrollment methods available and provides step-by-step instructions.

Prerequisites

Before initiating any enrollment, you must complete the following mandatory steps:

Available macOS Enrollment Methods

Hexnode UEM offers multiple flexible ways to enroll your devices, allowing you to choose based on scale, security requirements, and user involvement:

Note:


While enrolling the device, ensure Parental Controls are configured on the Mac if required by your policy. This must be done manually on the device via System Preferences > Users & Groups > Enable parental controls.

Method 1: Open Enrollment (Enrollment without Authentication)

This method allows users to enroll their Mac without providing any enrollment credentials, simplifying the process for corporate-owned devices or trusted environments.

Hexnode UEM Portal Steps

  1. Navigate to Enroll → Platform Specific → macOS → Email or SMS.
  2. Click Switch to Open Enrollment.
  3. Choose the correct user Domain. Only users belonging to this domain can be selected as the default user.
  4. Select a Default User who will be associated with the enrolled device.
  5. Change the Ownership based on the enrolling device (select either Personal or Corporate).
  6. Click Next.

Mac Device Steps

  1. Open the Safari browser on the Mac.
  2. Enter the Hexnode enrollment URL.
  3. Click Enroll. The MDM profile will download.
  4. To install the profile, click Continue and then Install.
  5. Enter the Mac administrator’s username and password when prompted.

The device will now be enrolled in Hexnode UEM.

Method 2: Authenticated Enrollment (Credential Required)

This is the main category where users must supply credentials. It is divided into two primary sub-methods:

Sub-Method A: Email or SMS Enrollment (Enrollment Request)

User enrollment is authenticated using credentials specifically generated and sent by the admin via email or SMS.

Hexnode UEM Portal Steps

  1. Navigate to Enroll → Platform Specific → macOS → Email or SMS.
  2. Click Switch to Authenticated Enrollment → Authenticated Enrollment.
  3. Select the enrollment type via Enrollment Request.
  4. Set the Ownership setting.
  5. Click Next. (A success message will display.)
  6. Check the box corresponding to Email or SMS for delivery.
  7. Change the Domain and select the specific User to enroll.
  8. Click Send.

Mac Device Steps

  1. Open the Safari browser and enter the enrollment URL.
  2. Click Enroll.
  3. Enter the unique username and password received in the enrollment request mail/SMS.
  4. Click Authenticate. The MDM profile will download.
  5. Click Continue and then Install to install the profile.
  6. Enter the Mac administrator’s username and password.

Sub-Method B: Self Enrollment

Self-Enrollment allows users to enroll using their existing credentials (e.g., Active Directory, Microsoft Entra ID, Google, Okta) or a common default password, streamlining the process.

Hexnode UEM Portal Steps

  1. Go to Enroll → Platform Specific → macOS → Email or SMS.
  2. Click Switch to Authenticated Enrollment → Authenticated Enrollment.
  3. Select the enrollment type via Self Enrollment.
  4. Set the Ownership setting.
  5. Click Next. (A success message will display.)

Mac Device Steps

  1. Open the Safari browser and enter the enrollment URL.
  2. Click Enroll.
  3. Select the domain.
  4. Enter your directory-specific username and password.
  5. Click Authenticate.
  6. Click Continue and then Install to install the profile.
  7. Enter the Mac administrator’s username and password.

Frequently Asked Questions (FAQs)

Q1. Why is the APNs certificate mandatory for Mac enrollment?

APNs (Apple Push Notification service) is the required communication channel established by Apple to send commands from your MDM/UEM server to the macOS device. Without a valid APNs certificate, enrollment cannot proceed.

Q2. What is the technical difference between Email/SMS Enrollment and Self Enrollment?

Both methods fall under Authenticated Enrollment, but they diverge based on the credential source:

  • Email or SMS Enrollment (Enrollment Request): The user authenticates with unique, temporary credentials that are automatically generated by the Hexnode UEM system and delivered via an enrollment request (email or SMS).
  • Self Enrollment: The user authenticates using either their existing corporate identity credentials (leveraging integrated SSO from directories like Active Directory or Entra ID) OR by using a default or individual password manually assigned from Hexnode for non-directory users. This dual capability makes Self Enrollment highly versatile.

Troubleshooting Enrollment Errors

1. Enrollment URL Inaccessible

Symptom:

The user is unable to access the enrollment URL provided via email or SMS.

Cause:

The Hexnode UEM server is blocked from reaching the device, most commonly due to strict local firewall settings on the Mac preventing incoming connections required for the enrollment process.

Solution: Temporarily adjust the device’s firewall settings to allow necessary connections:

  1. Go to System Preferences (or System Settings) > Security & Privacy > Firewall.
  2. Click Firewall Options.
  3. Uncheck the setting labeled Block all incoming connections.
  4. Click OK and attempt the enrollment again.

2. Network Connection Error During Profile Installation

Symptom:

During the installation phase of the MDM profile, an error message appears stating, “Profile installation failed. Network connection was lost.

Cause:

The device is failing to validate the MDM server’s SSL certificate, which is critical for secure profile installation. This failure is usually triggered by inaccurate date and time settings on the Mac.

Solution:

  • Time Sync: Ensure the date and time settings on the device are accurate and synchronized with a reliable network time server.
  • Persistent Error: If the problem persists after correcting the time, the underlying operating system integrity may be compromised. In this rare case, activate the device’s Recovery Mode and perform an OS restore to resolve core system issues.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Enrolling Devices
Managing Mac Devices