Hexnode empowers IT teams to streamline remote actions on macOS devices through automation, ensuring endpoints remain secure, compliant, and efficient. Routine tasks such as patching, app deployment, device controls, user management, and security enforcement are transformed into policy‑driven workflows. This reduces manual effort, minimizes errors, and guarantees every Mac stays consistently aligned with organizational standards while improving IT responsiveness.
Patches and Updates: Automated Security & Stability
| Action Name |
Definition |
Use Case |
| Auto Patch |
Enforces the installation of macOS security patches and updates based on rules. |
Consistent Security: Ensures critical vulnerabilities are fixed across the entire fleet simultaneously, eliminating the risk of users ignoring update prompts. |
| Manual Patch |
Allows admins to selectively approve and deploy specific system updates. |
Stability Control: Automating “Tested Only” patches ensures creative or dev teams don’t receive updates that might break specialized software. |
App Distribution: Scalable Deployment & Onboarding
| Action Name |
Definition |
Use Case |
| App Distribution |
Simplifies the large-scale deployment of VPP or enterprise Mac apps. |
Scalable Onboarding: Automating the rollout of software (e.g., Adobe Suite) to specific groups ensures new hires are productive from the first minute. |
| App Uninstallation |
Removes a specific managed app from the Mac. |
Compliance Cleanup: If a scan detects a blacklisted app, the system can automatically uninstall it to maintain corporate standards. |
Device Control: Remote Management & Lifecycle
| Action Name |
Definition |
Use Case |
| Power Off |
Remotely shuts down the Mac. |
Hardware Longevity: Automatically powering off shared Macs at midnight reduces energy costs and hardware fatigue without requiring on-site staff. |
| Restart Device |
Triggers an immediate or scheduled reboot of the macOS. |
System Refresh: Weekly automated restarts clear “zombie” processes and refresh memory, maintaining peak performance for high-end workstations. |
| Set Friendly Name |
Assigns a custom label to the device in the Hexnode portal. |
Dashboard Organization: Using wildcards like %serial% to automate naming allows admins to identify and search for Macs without manual data entry. |
| Change Owner |
Reassigns the device to a new user. |
User Lifecycle: Automating owner changes ensures profiles, apps, and permissions are updated instantly when a Mac is handed to a different employee. |
| Change Ownership |
Moves the device into a new organizational category or group. |
Group Alignment: Automating ownership changes updates policies and configurations when a Mac shifts between departments or roles. |
| Clear Activation Lock |
Bypasses the iCloud Activation Lock on the Mac. |
Hardware Recovery: Automating this during offboarding ensures IT can wipe and redeploy machines even if an employee leaves their Apple ID locked. |
| Update OS |
Deploys the latest version of macOS over-the-air. |
Fleet Standardization: Scheduling upgrades during holiday breaks ensures the entire organization returns to a standardized macOS version. |
| Edit Device Attributes |
Modifies metadata like Asset Tag or Department. |
Inventory Sync: Automating attribute updates based on group or location keeps asset tracking records accurate with zero manual effort. |
Policy: Dynamic Compliance & Access Control
| Action Name |
Definition |
Use Case |
| Associate Policy |
Links a specific configuration (FileVault, Wi-Fi) to the Mac. |
Instant Compliance: Automation applies a “Restricted Policy” the moment a Mac is detected as non-compliant, enforcing security without intervention. |
| Remove Policy |
Detaches a policy from the Mac or group. |
Access Control: Automatically removing an “External Drive Access” policy when a device leaves a high-security zone protects data when the Mac is mobile. |
Scans: Proactive Monitoring & Visibility
| Action Name |
Definition |
Use Case |
| Scan Device |
Refreshes hardware info, battery health, and compliance. |
Proactive Support: Scheduling automated scans identifies Macs with failing batteries or low disk space before it impacts the user. |
| Sync Local Accounts |
Fetches info about all local user accounts on the Mac. |
Admin Rights Audit: Daily syncs allow IT to instantly detect if a user has unauthorized “Admin” privileges, posing a security risk. |
| Scan Device Location |
Fetches instantaneous GPS or network coordinates. |
Asset Security: Automated location scans for high-value MacBooks create a movement history essential for recovery if a device is stolen. |
| Scan for Updates |
Checks for available macOS system and security updates. |
Visibility & Planning: Automated scans ensure dashboards show exactly which Macs need patching, aiding in maintenance planning. |
| Scan for Apps |
Updates the list of all installed software on the Mac. |
Software Audit: Automated app scans help identify “Shadow IT,” allowing the system to trigger non-compliance alerts immediately. |
User Controls: Account Creation & Access
| Action Name |
Definition |
Use Case |
| Create User Accounts |
Remotely creates a new local user account on the Mac. |
Standardized Setup: Automating an “IT Support” admin account during enrollment ensures helpdesk staff always have access for repairs. |
Security: Protection, Wipe & Compliance
| Action Name |
Definition |
Use Case |
| Lock Device |
Instantly locks the Mac and requires a system PIN. |
Immediate Data Shield: An automated lock command renders lost hardware unusable to a thief and protects encrypted data on the drive. |
| Wipe Device |
Erases all data (Corporate Wipe or Factory Reset). |
Severe Breach Defense: In a critical security failure, automation triggers a wipe to destroy sensitive company code or client data instantly. |
| Grant Secure Token |
Enables a user to perform disk-encryption related tasks. |
Encryption Management: Automating Secure Token grants ensures users can manage passwords and FileVault without manual IT intervention. |
| Hexnode App Logs |
Requests diagnostic logs from the Hexnode macOS app. |
Faster Diagnostics: Automating log collection when a policy fails gives IT the technical evidence needed to solve issues proactively. |
| Delete Location History |
Wipes movement history from the portal. |
Privacy Compliance: Automating the deletion of location data every 30 days ensures adherence to GDPR or internal privacy policies. |
File Management: Distribution & Cleanup
| Action Name |
Definition |
Use Case |
| Deploy Files |
Pushes specific files or PKG installers to the Mac. |
Resource Distribution: Automatically deploying “Brand Assets” to the Marketing group ensures they always have the latest templates. |
| Remove Files |
Deletes specific files from the macOS directory. |
Disk Cleanup: Automating the removal of temporary setup files or outdated videos keeps storage optimized for daily work. |
Scripts: Advanced Configuration & Self-Healing
| Action Name |
Definition |
Use Case |
| Execute Custom Script |
Runs Shell (.sh) scripts remotely on the Mac. |
Advanced Configuration: Automating scripts for specialized settings allows “Self-healing” by automatically fixing known system errors. |
Alerts: Instant Notifications & Incident Awareness
| Action Name |
Definition |
Use Case |
| Broadcast Message |
Sends a pop-up text notification to the screen. |
Incident Awareness: Automating messages for outages or emergency procedures notifies every user instantly, reducing helpdesk volume. |
App Management: Deployment & Compliance
| Action Name |
Definition |
Use Case |
| Install Application |
Remotely pushes a Mac app for installation. |
Zero-Touch Readiness: Automating the install of VPNs or Antivirus upon enrollment ensures the Mac is secure before it reaches the employee. |
| Uninstall Application |
Removes a specific managed app from the Mac. |
Compliance Cleanup: If a scan detects a blacklisted app, the system can automatically uninstall it to maintain corporate standards. |
