Category filter

Configure Hexnode UEM profile removal password for Mac

Hexnode’s UEM profile password feature for macOS allows you to configure a unique password for UEM profile removal from the device. This enforcement makes the profile non-removable, even for users with admin access. Users will be prompted to enter the profile removal password while attempting to remove the profile from the device. Configure macOS profile removal password to enhance security in corporate environments by limiting unauthorized profile removals. This ensures that the device remains managed to comply with the organizational policies.

Configure the UEM profile password for macOS in Hexnode

  1. Navigate to Enroll > Settings or Admin > Enrollment.
  2. Within Enrollment Settings, go to Security > UEM profile password.
  3. Select the required UEM profile password configuration.
  4. Click on Save to configure.

Admins are required to select one of the following UEM profile password configurations.

  1. Unique device passwords: This option assigns each macOS device a unique password. Hexnode UEM automates generating passwords for each macOS device during enrollment based on the password criteria. Here, admins can customize password criteria (for automatic password generation) aligned to the organization’s security policy for enrolled devices. Choose the required password configurations from the following.
    • Password requirement: Admins can choose from Alphanumeric, Alphabet, or Numeric for Unique device passwords.
    • Password length: Admins can choose a password length between 5 to 10 characters to generate the password when the option Unique device passwords is chosen.

  2. Common password: Select this option to set a common password for all devices. Enter the desired password in the Password field. (Admins can set any password combinations ranging from a minimum of 5 to a maximum of 10 characters.)

  3. No password: Select this option if you don’t want to set a password for profile removal.
Notes:

  • Devices enrolled after configuring the UEM profile password setting will have that configuration associated.
  • Admins can renew the UEM profile password of a specific device from the Security Info section of the Device Info page. Refer Renew UEM profile password of a device for more info.
  • When you modify the UEM profile password configuration in the Enrollment Settings, the newly modified password configuration will only be effective for macOS devices enrolled after the changes are made. Devices that were enrolled before the modifications will retain their previously set password configuration. The devices will not adopt the new password settings automatically unless updated individually.
  • The default setting for the UEM profile password is “No password.”

Configure UEM profile password for a specific device

If the device has No password configured,

  1. Navigate to Manage > Select a device > Device Info.
  2. Go to Security Info > UEM profile password.
  3. Click the Configure button.
  4. Configure UEM Profile Password prompt will open.
  5. Input your desired password in the Enter the password field.
  6. Click Confirm to save the password.

Configure macOS profile removal password for a specific device

Find UEM profile password for a specific device

  1. Navigate to Manage > Select a device > Device Info.
  2. Go to Security Info > UEM profile password.
  3. Click on the show password icon.

Find the UEM profile removal password for a specific macOS device under Security Info from Device info

Renew UEM profile password of a device

  1. Navigate to Manage > Select a device > Device Info.
  2. Go to Security Info > UEM profile password.
  3. Click the Configure button.
  4. Configure UEM Profile Password prompt will open.
  5. Select the Update password option for Renew UEM profile.
  6. Enter the new password into the Password field.
  7. Click Update.

Prompt to update UEM profile removal password for macOS device

Find the UEM profile password updates

  1. Navigate to Reports > Audit Reports.
  2. Go to UEM profile password history.

In the UEM Profile Password History report, you can see the updated passwords and password history within the specified Created Time along with the details of the Technician who made the updates.
Configure macOS profile removal password and maintain a report of the UEM profile password history

Remove UEM profile password

  1. Navigate to Manage > Select a device > Device Info.
  2. Go to Security Info > UEM profile password.
  3. Click the Configure button.
  4. Configure UEM Profile Password prompt will open.
  5. Select the Remove password option for Renew UEM profile.
  6. Click Update to remove an existing password.

Remove existing UEM profile password

Find the current UEM profile password for all macOS devices

  1. Navigate to Reports > Device Reports > All Devices or Manage > Devices.
  2. Click the edit icon to include the UEM profile password column.
  3. Click on Done to view the UEM profile password.

Once the ‘UEM Profile Password’ column is included in the Reports > Device Reports > All Devices or Manage > Devices, you can view the UEM profile passwords for enrolled macOS devices.
UEM profile password column in All Devices report

What happens at the device end?

If the device has the UEM profile removal password configured, clicking on the “-” icon on the Profiles preferences prompts the user to enter the profile removal password and then the local administrator password to remove the profile.

Prompt on the device end to enter the profile removal password.

Prompt on the device end to enter the local admin password.

If the UEM password hasn’t been set up, users will be prompted to enter only the local admin password to remove the UEM profile.

  • Managing Mac Devices