Restrictions profile: several new keys added – September 18, 2024
The following keys have been added to the Restrictions profile:
- "Allow Genmoji"
allowGenmoji
- "Allow Image Playground"
allowImagePlayground
- "Allow Image Wand"
allowImageWand - "Allow iPhone Mirroring"
allowiPhoneMirroring
- "Allow Personalized Handwriting Results"
allowPersonalizedHandwritingResults
- "Allow Writing Tools"
allowWritingTools
- "Allow Auto Dim"
allowAutoDim
- "Allow call recording"
allowCallRecording
- "Allow media sharing modification"
allowMediaSharingModification
- "Allow web distribution app installation"
allowWebDistributionAppInstallation
NonRemovableFromUISystemExtensions key added – September 16, 2024
NonRemovableFromUISystemExtensions key now supported in System Extensions profile
This new key is available as the "Allow UI Removal" option in the System Extensions profile. Supported in macOS 15+, this key allows admins to prevent end-users from being able to remove System Extensions via the System Settings UI.
Support for Apple Vision Pro added – August 14, 2024
Apple Vision Pros can now be managed
Apple Vision Pros are now able to be enrolled in SimpleMDM to view inventory information, installs apps, and a limited set of other features.
Documentation for supported features is available here.
Services Background Tasks configuration added – July 23, 2024
Services Background Tasks configuration added
Services Background Tasks is a new configuration declaration that Apple announced support for during the Apple Worldwide Developers Conference (WWDC) 2024. This configuration allows admins to create and control background tasks for things like launchd configuration files and agents, and store them in a secure and tamper-resistant location. Available on macOS 15+.
Official Apple documentation for Services Background Tasks is available here.
Install beta OS updates during Automated Device Enrollment – July 11, 2024
New option to enroll devices into beta program during Automated Enrollment
The option to enroll a device into Apple's beta program and force it to update to a beta OS version during ADE has been added under the "Minimum OS Version Requirement" section on the Automated Enrollment > DEP Settings page. This option is available to accounts that are eligible for Apple's beta program and have the option enabled in Apple Business Manager.
Safari Extension Settings configuration added – July 10, 2024
Safari Extension Settings configuration added
Safari Extension Settings is a new configuration declaration that Apple announced support during the Apple Worldwide Developers Conference (WWDC) 2024. This configuration allows admins to control which Safari Extensions are allowed, enabled, or disabled during regular and private browsing, and which domains extensions are allowed to be active on. Available for iOS 18+ and macOS 15+.
Official Apple documentation for Software Update Settings declaration is available here.
New configuration declarations added – July 9, 2024
Software Update Settings configuration added
Software Update Settings is a new configuration declaration that Apple announced support during the Apple Worldwide Developers Conference (WWDC) 2024. This new declarative configuration is intended to replace the legacy System Settings Software Update configuration profile (com.apple.SoftwareUpdate - included in the Software Update Policy for macOS profile in SimpleMDM) going forward, starting with iOS 18+ and macOS 15+.
Official Apple documentation for Software Update Settings declaration is available here.
Disk Management Settings configuration added
Disk Management Settings is a new configuration declaration that Apple announced support during the Apple Worldwide Developers Conference (WWDC) 2024. This configuration allows admins to allow or restrict connections to external storage and network storage on macOS 15+ devices.
Official Apple documentation for Disk Management Settings declaration is available here.
Clear Restrictions Password command added, New Shared Apps – July 8, 2024
Restrictions password can now be cleared on iOS/iPadOS devices
We added the "Clear Restrictions Password" command to the available device actions on supervised iOS and iPadOS devices.
Official Apple documentation for Clear Restrictions Password command is available here.
New Shared Apps added
We added GoLand and IntelliJ IDEA to the Shared Apps directory.
Extensible Single Sign On profile updates – June 27, 2024
New options added to support Platform SSO
We updated the Extensible Single Sign On profile to add support for new options related to Platform SSO that were announced during Apple WWDC ’24, including settings like FileVault Policy, Authentication Grace Period, Login Policy, Unlock Policy, and more.
Official Apple documentation for the Extensible SSO payload with new changes is available here.
Restrictions profile updates – June 25, 2024
New keys added
We added the following new keys to the Restrictions profile:
allowESIMOutgoingTransfers
allowMediaSharing
New Shared Apps – June 24, 2024
New Shared Apps added
We added the following apps to the Shared Apps directory:
- Opera Browser
- Poly Lens
- TailScale
Return to Service for tvOS, Apple Intelligence skip key added – June 20, 2024
New for tvOS 18: Return to Service
We added support for the "Return to Service" option on tvOS 18+ devices when sending a Wipe command.
Apple Intelligence skip key added
We added the "Apple Intelligence" key to the "Panes to Skip" section in the automated enrollment DEP Settings.
Lock Screen Message Profile Changes – May 7, 2024
Lock Screen Messages have been moved to their own dedicated profile
We have moved the Lock Screen Message field out of Device Group Settings page and converted them to their own dedicated profiles. Lock screen messages can now be created and edited under the Profiles section. This change will not impact existing device lock screen messages. The purpose of this change is to make managing lock screen message profiles more consistent with other profile types, and to enable more logical management with future enhancements.
Assignment Groups API updates – May 1, 2024
New priority option added
We have added the ability to set the assignment group priority level when creating and updating assignment groups via API using the priority
argument.
Assignment Groups API updates – April 24, 2024
Default installs and managed updates install types added
We have added default_installs and managed_updates as available install types when creating an assignment group via API.
Assignment Groups API updates – April 23, 2024
Configuration profiles can now be managed for Assignment Groups via the API
A previous update allowed profiles to be assigned to Assignment Groups (instead of only Device Groups), thus adding support for multi-group membership for devices. We've now added the following endpoints to support managing configuration profiles on Assignment Groups via the API.
- Assign a profile to an assignment group
- Unassign a profile from an assignment group
- Sync profiles to devices for an assignment group
Restrictions profile updates – April 16, 2024
New keys added
We added the following new keys to the Restrictions profile:
forcePreserveESIMOnErase
allowESIMModification
allowPasswordAutoFill
allowManagedToWriteUnmanagedContacts
allowUnmanagedToReadManagedContacts
allowMarketplaceAppInstallation
-
allowLiveVoicemail
Devices API update – April 10, 2024
Key added to show if DDM is enabled on a device
The ddm_enabled key has been added to the Devices API response for devices with DDM enabled.
Declarative device management (DDM) available for all customers, profile Assignment Group support – April 3, 2024
DDM channel enabled for all customers
The DDM channel is now enabled automatically on all eligible devices when they check in with MDM. Admins do not need to take any action to enable this.
Assign configuration profiles via assignment groups
Admins can now assign configuration profiles to devices via assignment groups, allowing multi-group membership (inheriting profiles from multiple groups) for devices. For more information, refer to this support article on Configurations & Accounts under the section Assigning profiles to Assignment Groups.
New Munki install type options – April 1, 2024
Managed updates and default installs added
We added “Managed updates” and “Default installs” as new install types for Munki assignment groups. Managed updates allow admins to update software through Munki even if it was not originally installed on the devices via Munki. Default installs allow admins to install apps on devices that end users can choose to uninstall via the Managed Software Center.
DDM Beta: DDM channel enabled for all devices in beta accounts - March 26, 2024
DDM channel turned on for supported devices in beta accounts
The DDM channel has been enabled on all eligible devices within accounts that have opted into the beta program. Admins no longer need to manually turn on DDM for specific groups of devices.
Devices page: Sort by Custom Attribute values – March 25, 2024
Custom attribute column sorting added to Devices list
The Devices list view now allows for sorting on custom attribute values.
DDM Beta: Managed Software Updates – March 4, 2024
Managed Software Updates configuration available in the DDM beta
The Managed Software Updates configuration is now available to accounts that have the Declarative Device Management (DDM) beta enabled. This configuration allows admins to schedule specific OS versions to be installed on devices by a certain date and time, while device users receive enhanced notifications to inform them of the upcoming update. Additional documentation is available:
- Official Apple documentation: https://support.apple.com/en-gb/guide/deployment/depca14ecd4d/web
- SimpleMDM Knowledge Base: https://simplemdm.pdq.com/hc/en-us/articles/19355848135707-Declarative-Device-Management-Beta
New Shared Apps – February 12, 2024
New Shared Apps added
We added Mactracker and JetBrains Toolbox to the Shared Apps directory.
New UI for the Devices page - December 11, 2023
Updated design for the Devices page
We have released an updated design for the Devices page, an exciting step towards a new UI design that will extend to the rest of the product over time. Admins can now opt-in to using the new UI by clicking the option in the banner on the Devices page. After enabling the new UI, admins have the option to temporarily switch back the old view.
New skip keys added to automated enrollment DEP settings - December 7, 2023
New skip keys added
We added the “Enable Lockdown Mode” and "Wallpaper" keys to the “Panes to Skip” options.
Device information and profile updates - November 14, 2023
Restrictions profile update
We added the “Allow near–field communications (NFC)” key.
Passcode policy profile update
We added the “Minutes until failed login reset” key.
Device details information
- We added the “EID” field to Service Subscription information.
- The “Last Seen” column is now more precise.
New automated enrollment setting, Service configuration files - November 8, 2023
Configure a minimum OS version requirement during automated enrollment
Admins can now configure a minimum OS version requirement when a device enrolls through automated enrollment. When a device performs the initial MDM check-in during Setup Assistant and the device does not meet the specified version, users will see a prompt indicating that an update is necessary and be presented with a timer for an automatic restart to install the update. Once the update is complete, they will be able to proceed with the enrollment and finish Setup Assistant.
This option can be configured under the “DEP Settings” tab for automated enrollment. Supported for iOS 17+ and macOS 14+.
The Service configuration file declaration is now supported in the DDM beta
We added support for a new Service configuration asset type that allows admins to configure and manage preferences for system services on macOS, such as sshd, sudo, bash, etc. To do this, admins must upload a zip archive with matching directory structure that contains the configured preference files.
Updates to Privacy Preferences profile – October 17, 2023
Privacy Preferences profile updates
We added the following keys to the configurable access permissions:
- Update or delete other applications
- Access app data
New enrollment method: Account-driven enrollment – October 2, 2023
New enrollment method added
SimpleMDM now supports account-driven enrollment as a method for enrolling devices. Devices can be enrolled by signing in via the Settings app using a Work or School account as an alternative to using traditional profile-based enrollment methods. Account-driven enrollment can be used for both device enrollment and user enrollment types.
Declarative Device Management (DDM) Beta – September 27, 2023
Beta announcement
We added support for Declarative Device Management (DDM) and it is now available in Beta. The initial functionality will be available for macOS 14+ or iOS/iPadOS 17+ and includes:
- The ability to turn on DDM protocol for devices
- Enabling DDM channel status reports
- The ability to install some profiles with DDM and/or migrate existing profiles to DDM
If you are interested in having DDM enabled on your SimpleMDM account for testing, you can fill out this form and our team will enable in within 5-7 business days.
New Shared App – August 29, 2023
New Shared App added
We added AnyDesk to the Shared Apps directory.
SimpleMDM Status Page – August 9, 2023
Status Page added
We now have a status page for SimpleMDM and the other PDQ products. Visit our status page and subscribe for updates at: https://pdq.statuspage.io/
New Shared Apps – August 7, 2023
New Shared Apps added
We added RubyMine, Blender, Miro, and Nextcloud to the Shared Apps directory.
Welcome screen enhancements, new Shared Apps – July 26, 2023
New functionality added to the welcome screen feature
We added the ability to create a form and display it on the Welcome Screen during the enrollment process. The form fields are mapped to custom attributes, which allows the input from the user to be stored in the custom attributes once the form has been submitted and enrollment is complete.
New Shared Apps added
We added ClickUp and Powershell to the Shared Apps directory.
Gatekeeper Policy profile added, new Shared Apps – July 11, 2023
New profile added to admin interface
We added support for the "Gatekeeper Policy" profile in the SimpleMDM admin interface. This new profile enables admin to configure Gatekeeper settings on macOS, including force enabling Gatekeeper, allowing or disallowing identified developers, and disabling manual Gatekeeper override abilities.
New Shared Apps added
We added Todoist, Webex, and Wrike to the Shared Apps directory.
FileVault profile updates – July 3, 2023
ForceEnableInSetupAssistant key added
We added the "Force FileVault to be enabled in Setup Assistant" option to the FileVault profile. This allows admin to force end-users to enable FileVault during Setup Assistant, ensuring encryption is enabled before reaching the home screen. Requires macOS 14+ and Automated Device Enrollment.
"Set Time Zone" command added, API updates – June 29, 2023
New device action added
We added the "Set Time Zone" command to the Actions menu for supervised iOS, iPadOS, and tvOS 14+ devices, allowing admins to update the time zone on supported devices.
Install OS update options
We added the version_type
argument to the Update OS API to match what is available in the SimpleMDM admin interface, allowing admins to choose between latest_minor_version
and latest_major_version
as options.
Update Munki PkgInfo via API
We added the ability for admin to customize PkgInfo for Munki apps via the API.
New feature: Auto Attributes – June 28, 2023
Save script outputs in a custom attribute
Admins can now run a script and save the output/device response in a custom attribute. This enables admins to query devices for information beyond the scope of the MDM protocol. Once stored, these custom attribute values will be visible on device records and in the Device Inventory report export (CSV).
Return to Service support added, custom icons for SimpleMDM Munki, updates to Restrictions profile – June 27, 2023
New for iOS, iPad OS 17: Return to Service
We added support for the "Return to Service option on iOS and iPadOS 17+ devices when sending a Wipe command. This option enables admin to select an assigned Wi-Fi profile, allowing the device to automatically reconnect to Wi-Fi after the wipe and proceed through setup without requiring user interaction.
Upload custom icons for custom apps & NoPkgs
We added the ability to upload custom icons for custom apps & NoPkgs deployed using our hosted Munki integration. Once enabled, the Managed Software Center shows the uploaded custom icon.
Restrictions profile update
We added several new keys and/or updated them for macOS 14 and iOS 17.
"Run script" action added – June 12, 2023
New device action added
We added the “Run Script” action to the Device Actions menu. Selecting this will automatically populate the target device when creating the script job.
Printing profile added – June 6, 2023
New profile added to admin interface
We added support for Apple's "Printing" profile in the SimpleMDM admin interface. This new profile enables administrators to configure printing settings and preferences on macOS devices.
New user role permission set added – May 30, 2023
"No Access" permission set added
We added a new user role permission set called "No Access" that can be assigned to user accounts, allowing their creation without permitting the user to view any information within the account. This enables existing admin users to manage access by assigning a different user role or revoking the newly created user account. This role can be particularly useful as the initial user role for SAML SSO accounts where sign-in access is not being scoped on the identity provider's side.
Updates to Restrictions profile, export devices CSV – May 25, 2023
Restrictions profile update
We added the "Allow password sharing' key to the Restrictions profile.
Column added to device inventory export
We added a new column called 'Last Seen IP' to the device inventory export.
Bluetooth commands added to API – May 18, 2023
Enable & disable Bluetooth on devices via API
The “Enable Bluetooth” and “Disable Bluetooth” commands can now be sent to devices via the API.
Profile updates, device details added – May 9, 2023
System Extensions Policy profile update
We added the option to mark extensions as removable using the RemovableSystemExtensions key.
Software Update Policy for iOS profile update
We added an option to the Software Update Policy for iOS profile to schedule software update commands based on hours within a specific time zone or the time zone currently set on the device.
Time zone added to Device Details
A device's time zone is now reported within the Device Details section.
Schedule Script Jobs – April 26, 2023
Schedule Script Jobs
We added an option to schedule script jobs from the SimpleMDM admin interface. Schedule scripts to run immediately, at a specific date or time in the future, or recurringly.
Reinstall SimpleMDM Munki – April 13, 2023
New device action added
We added an option to "Reinstall SimpleMDM Munki' to the Actions dropdown for macOS devices using our hosted Munki integration. This will run an uninstaller and then reinstall Munki on the selected device.
Profiles and Custom Profiles API update – March 2, 2023
Profiles and Custom Profiles API updates
We added the ability to query by profile name using the "search={{name}}" param to the Profiles and Custom Profiles API endpoint.
macOS profiles update – February 21, 2023
macOS profiles update
We added the option to "Re-install profiles automatically after macOS software updates are detected" to configuration profiles supported on macOS. This allows admins to choose whether specific profiles should be re-pushed after an OS update is detected.
Web Content Filter profile updates, API updates – February 14, 2023
Web Content Filter profile updates
We added the “Custom Data” field to the Web Content Filter profile.
API updates
“Set auto-admin password” and “rotate auto-admin password” commands have been added to the API.
NoPkg support added to SimpleMDM Munki integration, device search improvements – February 9, 2023
NoPkg support added
We added NoPkg support to the SimpleMDM Munki integration. NoPkgs are PkgInfo files that can be deployed via Munki without an associated PKG or DMG.
NoPkgs are frequently used to:
- Provide self-service scripts to end-users within the Managed Software Center
- Automatically run scripts and check for changes in the installed state to determine if they need to be run again
A few example use cases for NoPkgs:
- Allowing end-users to install printers as needed
- Keeping the computer hostname in sync with other systems
- Automatically forcing a log out or restart
- Controlling SSH access
For more information on NoPkgs, see the official feature documentation in our Knowledge Base.
Device search improvements
We improved device search capabilities, so now devices with multiple phone numbers associated to them will appear in search results for either phone number.
Auto-admin password management – January 26, 2023
Auto-admin password management
We updated auto-admin password management, so now for any device with an auto-admin account created by SimpleMDM the password can be reset or rotated. This was previously tied to the “Store admin password for device in SimpleMDM” option in the DEP Settings