Enrollment Settings - SimpleMDM

�

Account-Wide Enrollment Settings

To find these settings, navigate to Devices > Enrollments and click the 'Settings' tab.

�

Activation Lock

This field allows you to set a default state for Activation Lock on newly enrolled devices. The options are:

• Enabled - turn on activation lock devices when they enroll
• Disabled - turn off activation lock on devices when they enroll
• User Enabled - do not turn on activation lock, but allow user to enable it

�

Apple Remote Desktop

When set to "Yes", this setting allows you to have the "Enable Remote Desktop" command sent automatically after a macOS device enrolls in your MDM account. The command enable the Apple Remote Desktop service without user interaction.

�

Bootstrap Tokens

Store Bootstrap Tokens: when enabled, this setting allows MDM to retrieve and store Bootstrap Tokens on Macs running 10.15 or greater that are enrolled via Automated Enrollment (DEP). Bootstrap Tokens enable mobile accounts and user accounts created non-interactively to receive a Secure Token.

Create Cached Accounts: by default, network-authenticated accounts are destroyed when signed out. When enabled, this setting will install a profile on macOS that creates cached mobile accounts, which support Secure Tokens.

�

New Device Name Format

This field allows you to customize the format for the SimpleMDM name (the name shown in the Devices list) of new devices enrolled in your account. This feature supports the use of custom attributes. The default value is "{{device_name}}".

Example use: "{{device_name}} - {{serial_number}}". This would set new devices' SimpleMDM name to a value such as "Eric's iPhone - EXAMPLE0001"

�

Rosetta 2

When "Install Rosetta" is set to "Yes", SimpleMDM will automatically install Apple's Rosetta 2 on macOS devices with ARM architecture. This allows applications designed for Intel-based Macs to run on ARM-based Macs.

�

Automated Enrollment (DEP) Settings

To find these settings, navigate to Devices > Enrollments and click the name of the Automated Enrollment object you would like to modify the settings for. The

DEP Info tab

• DEP Account Details: basic information about the connected server
• DEP Devices: list of serial numbers assigned to the server in Apple Business Manager
• 'Sync with Apple' button: click this to force sync changes to device assignments in ABM
• 'Update Token' button: click this to update your server token

DEP Settings tab

• Setup Panes: a list of Setup Assistant options for automated enrollments
• Organization Details: information displayed to the user during enrollment
• macOS Account Setup: options relating to local user account creation during macOS enrollment
• macOS Host Pairing: see explanation here

�

One-Time / Group Enrollment Settings

Enrollment Info tab

Displays the Enrollment URL, QR code, and other information/options related to enrolling devices manually or via Apple Configurator.

All Types of Enrollment

General Settings tab

• Set the name of the device
• Select the group devices will be enrolled into initially
• Specify whether the enrollment profile will be eligible for User Enrollment (One-Time and Group Enrollments only)

Welcome Screen tab

This feature allows you to create a custom welcome screens that will be displayed to users during enrollment. Usage:

1. Select 'New Welcome Screen' from the dropdown.
2. Provide a name for the welcome screen.
3. Enter a message to display to users.
4. Choose a logo/image to be displayed to users.
5. Save.
6. Once created, select the welcome screen name from the dropdown list and save.

Authentication tab

Configure SAML or LDAP authentication settings used for enrollment authentication. For more information on configuring authentication for device enrollments, see this page.

�