Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Get Started
  3. macOS

Category filter

Getting started with macOS device management

Jump To

macOS is a series of graphical operating systems developed for Apple’s Mac family of computers. To get started with macOS management in an enterprise environment, Hexnode UEM offers a comprehensive suite of tools ranging from zero-touch enrollment to advanced security configurations. This guide outlines the essential steps to configure, secure, and manage Mac devices effectively.

Enrollment & Onboarding

The first step to get started with macOS management is bringing devices under corporate control.

  • Prerequisite: APNs Configuration, before enrollment, you must configure the Apple Push Notification service (APNs) certificate. This certificate acts as the trust bridge between Hexnode MDM and Apple devices.
    • Action: Ensure a valid APNs certificate is uploaded to the Hexnode portal.
  • Device Enrollment Program (DEP) / Apple Business Manager (ABM): For the most streamlined experience, use Apple’s Automated Device Enrollment (ADE) (formerly DEP). This allows for over-the-air supervision and mandatory management.
    • Benefit: Enables “zero-touch” configuration where settings are applied immediately upon device activation.

Security & Restrictions

Once enrolled, securing the device ecosystem is critical.

  • Configure Restrictions: Hexnode UEM allows administrators to disable specific hardware or software features to ensure compliance.
    • Examples: Disable camera, restrict iCloud sync, or block USB media.
  • Prevent MDM Profile Removal
    • Requirement: Devices must be enrolled via Apple ADE.
    • Function: Prevents users from manually removing the management profile, ensuring permanent supervision.
  • Bypass Activation Lock: If a device is lost or an employee leaves without unlocking their Mac, Activation Lock can render the device useless.
    • Solution: Hexnode allows admins to remotely bypass Activation Lock to reclaim the device for new users.

Application Management

Efficiently deploy and manage software without user intervention.

  • Silent App Installation (VPP): Integrate with Apple’s Volume Purchase Program (VPP) (now part of Apple Business Manager).
    • Capability: Push apps silently to devices. Users do not need to interact with the App Store or enter an Apple ID.

Network & Web Security

Secure the communication channels used by your workforce.

  • Network Configurations: Push pre-configured settings so users connect automatically to secure networks. Supported configurations include:
  • Web Content Filtering: Control internet access by allowing or blocking specific URLs.
    • Use Case: Allowlist only business-critical sites to improve productivity and security.

Data Protection (Encryption)

Protect sensitive corporate data at rest.

  • FileVault Management: Enforce full-disk encryption using FileVault.
    • Function: Prevents unauthorized data access by encrypting the startup disk. Hexnode can escrow personal recovery keys to ensure data is recoverable by IT if a user forgets their password.

Personalization & User Experience

Customize the look and feel of the macOS environment to match company branding.

  • Login Window Preferences: Customize banners, disclaimer text, and restart/shutdown options.
  • Dock Preferences: Set dock size, position, and animation settings remotely.
  • Setup Assistant: Skip specific setup screens (e.g., Siri setup, Apple ID sign-in) during the initial boot to speed up user onboarding.
  • Screensaver Policies: remotely deploy and enforce corporate screensavers.

Troubleshooting Common macOS Management Issues

When you get started with macOS management, you may encounter these common hurdles.

1: MDM Profile Fails to Install

Cause: The APNs certificate may be expired or invalid.

Fix: Navigate to the Admin tab and renew the APNs certificate. Do not create a new one; renew the existing one to maintain connections with currently enrolled devices.

2: Apps Are Not Installing Silently

Cause: The device is not Supervised, or the VPP token has expired.

Fix: Ensure the device was enrolled via ADE (making it Supervised) and check that your VPP token in Hexnode is active and synced with Apple Business Manager.

3: Cannot Prevent MDM Removal

Cause: The device was enrolled manually via a web link/QR code rather than through Apple ADE.

Fix: To make MDM removal non-removable, the device must be wiped and re-enrolled using the Automated Device Enrollment method.

Frequently Asked Questions (FAQ)

Q: Can I manage macOS devices without an Apple Business Manager account?

Yes, you can use open enrollment (sending a link or QR code). However, devices will not be “Supervised,” meaning advanced features like “Prevent MDM Removal” and “Silent App Installation” (without user prompts) may be limited.

Q: Do specific websites be blocked on macOS using Hexnode?

Yes, using the Web Content Filtering feature, you can blocklist specific URLs or create an allowlist that restricts the browser to only load approved websites.

Q: What is the most critical step to get started with macOS management?

The configuration of the APNs (Apple Push Notification service) certificate is the most critical first step. Without it, the MDM server cannot communicate with the Apple devices.

Q: Does FileVault encryption delete data?

No, FileVault encrypts data to protect it. It does not delete data. However, if the encryption key (password or recovery key) is lost, the data becomes inaccessible. Hexnode can escrow these recovery keys for safety.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Get Started