Getting Started With SimpleMDM

Purpose:

You're new to SimpleMDM and need some help getting started.

Resolution:

This guide will cover the basics of getting started with SimpleMDM, including: Critical early decisions to make, creating a SimpleMDM account, configuring SimpleMDM, and Common Errors.

The Complete SimpleMDM Knowledge Base can be found here:
SimpleMDM Knowledge Base

The Complete SimpleMDM API Documentation (Advanced) can be found here:
SimpleMDM API Documentation

Check out our YouTube Playlist for Getting Started With SimpleMDM:
PDQ + SimpleMDM YouTube

Table of Contents

- Before You Get Started With SimpleMDM

- Configuring SimpleMDM

- Managing Devices With SimpleMDM

Before You Get Started With SimpleMDM

The Importance of Making Informed Early Decisions

Making informed early decisions is crucial when Getting Started With SimpleMDM.

Some examples of critical early decisions to be made are:

  • Whether or not to use Apple Business Manager
  • How you will manage your AppleIDs in your environment
  • Whether or not to supervise devices
  • Which enrollment methods will be used

Apple Business Manager

Apple Business Manager is not required for SimpleMDM to manage your devices, but it offers additional MDM functionality when utilized.

Utilizing Apple Business Manager adds the following additional functionality:

  • Automated Device Enrollment - When purchased through Apple Business Manager or an Authorized Reseller
  • Volume Purchase Program - Allows installing App Store Apps without an end user AppleID

Apple Business Manager is not available in all regions.

SimpleMDM - What is Apple Business Manager?

Apple - Intro to Apple Business Manager

Create an Appropriate AppleID

An AppleID is required for managing Push Certificates. The AppleID created for managing your Apple devices with SimpleMDM should not be an individual's personal AppleID. It is considered best practice for this AppleID to use a generic administrator username, e.g.: 'MDMAdmin@company.com'.

A new AppleID can be created at appleid.apple.com. The process is the same as creating an AppleID for personal use. This AppleID can be an Apple ID that is associated with your Apple Business Manager account, but is not required.

Push Certificates

An Apple Push Certificate is required for Apple devices to be managed via the MDM Protocol. Push Certificates need to be renewed yearly, using the same AppleID it was originally created with. Creating and uploading a Push Certificate to SimpleMDM is required during the SimpleMDM account creation process.

When creating your Push Certificate, you should use the generic administrator AppleID for your organization. Instructions for creating a Push Certificate are provided during the SimpleMDM sign up process.

Creating a Push Certificate - SimpleMDM

Create a SimpleMDM Account

When you are ready to create a SimpleMDM account, sign up for a free 30 day trial at:

https://simplemdm.com/pricing/

Additional SimpleMDM Administrators can be added after creating your organization's account.

Supervising Devices

Supervised Mode is a special iOS configuration that allows an organization's MDM Administrators additional MDM control & functionality. SimpleMDM can have a mix of supervised and un-supervised devices, so choosing whether or not to use device supervision is a decision that can be made on a per-device basis. Devices that are enrolled from Apple Business Manager (Automated Enrollment) will be in supervised mode automatically.

Supervising Devices - SimpleMDM

Supervision is the ideal configuration for company-owned devices, but it is not appropriate for employees who are bringing their own devices (BYOD).

Configuring SimpleMDM

Managing SimpleMDM Admins

In SimpleMDM you can create multiple users to manage your organization's account and devices. This includes the ability to create User Roles with different permissions, as well as security features such as 2 Factor Authentication and SAML Single Sign On.

Adding Users & Roles - SimpleMDM

Connecting SimpleMDM to Apple Business Manager

Apple Business Manager allows for Automated Enrollment using the Device Enrollment Program (DEP) as well as the Volume Purchase Program (VPP) for deploying purchased applications with SimpleMDM. In order to link Apple Business Manager to SimpleMDM, to be able to use DEP and VPP with SimpleMDM, you must first create DEP and VPP tokens in Apple Business Manager and upload them to SimpleMDM.

Connecting a DEP Account (Automated Enrollment) - SimpleMDM

Connecting a VPP Account (Apps and Books) - SimpleMDM

Apple - Assign, reassign, or unassign devices in Apple Business Manager

It is always recommended to use a generic MDM Administrator email address for the AppleID that will be generating the DEP Token, in order to prevent DEP Token renewals from being linked to a personal AppleID.

Enrollment Methods

SimpleMDM has four methods for enrolling devices. The method you choose is dependent on who owns the device being managed, where it was purchased, and whether or not supervision will be used.

The four enrollment methods are:

Choosing An Enrollment Method - SimpleMDM

Device Groups

Device Groups in SimpleMDM are for grouping together devices that require the same Configuration Profiles, Restrictions, Passcode Settings, and Apps.

Device Groups - SimpleMDM

Configuration Profiles

Configuration Profiles are the policies that can be applied to devices or Device Groups that allow an administrator to set up accounts, services, and other functionalities on devices.

Configurations & Accounts - SimpleMDM

Managing Devices With SimpleMDM

Managing Applications

SimpleMDM provides multiple methods for managing applications for MacOS, iOS, and tvOS devices. Apps can be individually deployed to one or more devices, or assigned to Device Groups for simplifying app deployments.

Deploying and Updating Apps - SimpleMDM

App Catalog

The App Catalog allows for the distribution of App Store Apps, purchased from Apple Business Manager under the Volume Purchase Program, for MacOS, iOS, and tvOS devices.

Apple - Select and purchase content in Apple Business Manager

Managing Applications for iOS & tvOS Devices

There are three methods for managing applications for iOS & tvOS devices.

Managing Applications for MacOS Devices

There are three methods for managing applications for MacOS devices.

Device Actions

SimpleMDM offers the ability to perform Device Actions on managed devices, that can simplify remotely managing your devices. Device Actions include the ability to push assigned apps and media, send the device a message, clear the passcode, enable Lost Mode, Wipe the device, and more.

Device Actions - SimpleMDM

Additional Features

Location Tracking

Location Tracking is available for enrolled devices that have the SimpleMDM iOS app installed.

Location Tracking - SimpleMDM

Logging

SimpleMDM retains Admin & Device Logs. The Admin Namespace logs activity from the SimpleMDM Portal & API, while the Device Namespace logs device activity between SimpleMDM and the devices being managed.

Logs - SimpleMDM

SimpleMDM only retains logs for two weeks. If you wish to retain the SimpleMDM logs for a longer period of time, logs can be exported with the SimpleMDM API.

Advanced Configurations

Custom Scripts

SimpleMDM allows Custom Scripts to be uploaded and deployed to MacOS devices. Custom Script Jobs can be deployed to Device Groups, Assignment Groups, or individual devices.

Scripts - SimpleMDM

Attributes & Custom Attributes

Attributes enable you to create configurations that are customized on a per-device basis. With attributes, you can create profiles and managed app configurations that include values specific to the device they are being installed to. Additionally, you can use custom attributes as a way to store device or asset metadata specific to your business.

Attributes & Custom Attributes - SimpleMDM

Authentication Integration for Enrollments

SimpleMDM supports the ability to configure LDAP and SAML authentication for device enrollments.

Authentication Integrations for Enrollments - SimpleMDM

SAML SSO Integration

For added security, SimpleMDM can integrate with the Security Assertion Markup Language (SAML) standard for Single Sign On (SSO). Several vendors can be configured as a Trusted Identity Provider to authenticate your SimpleMDM Administrators with SAML SSO.

SAML Integration Guides - SimpleMDM

SimpleMDM API

The SimpleMDM API exists as a RESTful JSON implementation. It is designed to work over authenticated, HTTPS secured channels. Since the SimpleMDM API is based upon the HTTP protocol, you can directly interact with it using any HTTP client library.

API Keys can be created in the API page of the SimpleMDM Portal, and each API key created can be configured with different permissions.

SimpleMDM API Documentation

See Also

Common Questions - SimpleMDM

Error Messages - SimpleMDM

Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.