Getting Started With SimpleMDM

Purpose:?

You're new to SimpleMDM and need some help getting started.?

Resolution:?

This guide will cover the basics of getting started with SimpleMDM, including: Critical early decisions to make, creating a SimpleMDM account, configuring SimpleMDM, and Common Errors.?

The Complete SimpleMDM Knowledge Base can be found here:?
SimpleMDM Knowledge Base?

The Complete SimpleMDM API Documentation (Advanced) can be found here:?
SimpleMDM API Documentation?

Check out our YouTube Playlist for Getting Started With SimpleMDM:?
PDQ + SimpleMDM YouTube?

Table of Contents?

- Before You Get Started With SimpleMDM

- Configuring SimpleMDM

- Managing Devices With SimpleMDM

Before You Get Started With SimpleMDM

The Importance of Making Informed Early Decisions?

Making informed early decisions is crucial when Getting Started With SimpleMDM.?

Some examples of critical early decisions to be made are:?

• Whether or not to use Apple Business Manager?
• How you will manage your AppleIDs in your environment?
• Whether or not to supervise devices?
• Which enrollment methods will be used?

Apple Business Manager?

Apple Business Manager is not required for SimpleMDM to manage your devices, but it offers additional MDM functionality when utilized.?

Utilizing Apple Business Manager adds the following additional functionality:?

• Automated Device Enrollment - When purchased through Apple Business Manager or an Authorized Reseller?
• Volume Purchase Program - Allows installing App Store Apps without an end user AppleID?

Apple Business Manager is not available in all regions.?

SimpleMDM - What is Apple Business Manager??

Apple - Intro to Apple Business Manager?

Create an Appropriate AppleID?

An AppleID is required for managing Push Certificates. The AppleID created for managing your Apple devices with SimpleMDM should not be an individual's personal AppleID. It is considered best practice for this AppleID to use a generic administrator username, e.g.: 'MDMAdmin@company.com'.?

A new AppleID can be created at appleid.apple.com. The process is the same as creating an AppleID for personal use. This AppleID can be an Apple ID that is associated with your Apple Business Manager account, but is not required.?

Push Certificates?

An Apple Push Certificate is required for Apple devices to be managed via the MDM Protocol. Push Certificates need to be renewed yearly, using the same AppleID it was originally created with. Creating and uploading a Push Certificate to SimpleMDM is required during the SimpleMDM account creation process.?

When creating your Push Certificate, you should use the generic administrator AppleID for your organization. Instructions for creating a Push Certificate are provided during the SimpleMDM sign up process.?

Creating a Push Certificate - SimpleMDM?

Create a SimpleMDM Account?

When you are ready to create a SimpleMDM account, sign up for a free 30 day trial at:?

https://simplemdm.com/pricing/?

Additional SimpleMDM Administrators can be added after creating your organization's account.?

Supervising Devices?

Supervised Mode is a special iOS configuration that allows an organization's MDM Administrators additional MDM control & functionality. SimpleMDM can have a mix of supervised and un-supervised devices, so choosing whether or not to use device supervision is a decision that can be made on a per-device basis. Devices that are enrolled from Apple Business Manager (Automated Enrollment) will be in supervised mode automatically.?

Supervising Devices - SimpleMDM?

Supervision is the ideal configuration for company-owned devices, but it is not appropriate for employees who are bringing their own devices (BYOD).?

Configuring SimpleMDM

Managing SimpleMDM Admins?

In SimpleMDM you can create multiple users to manage your organization's account and devices. This includes the ability to create User Roles with different permissions, as well as security features such as 2 Factor Authentication and SAML Single Sign On.?

Adding Users & Roles - SimpleMDM?

Connecting SimpleMDM to Apple Business Manager?

Apple Business Manager allows for Automated Enrollment using the Device Enrollment Program (DEP) as well as the Volume Purchase Program (VPP) for deploying purchased applications with SimpleMDM. In order to link Apple Business Manager to SimpleMDM, to be able to use DEP and VPP with SimpleMDM, you must first create DEP and VPP tokens in Apple Business Manager and upload them to SimpleMDM.?

Connecting a DEP Account (Automated Enrollment) - SimpleMDM?

Connecting a VPP Account (Apps and Books) - SimpleMDM?

Apple - Assign, reassign, or unassign devices in Apple Business Manager?

It is always recommended to use a generic MDM Administrator email address for the AppleID that will be generating the DEP Token, in order to prevent DEP Token renewals from being linked to a personal AppleID.?

Enrollment Methods?

SimpleMDM has four methods for enrolling devices. The method you choose is dependent on who owns the device being managed, where it was purchased, and whether or not supervision will be used.?

The four enrollment methods are:?

• Automated Enrollment with Apple Business Manager?
• Apple Configurator (Requires a Mac computer)?
• Enroll by Link?
• User Enrollment?

Choosing An Enrollment Method - SimpleMDM?

Device Groups?

Device Groups in SimpleMDM are for grouping together devices that require the same Configuration Profiles, Restrictions, Passcode Settings, and Apps.?

Device Groups - SimpleMDM?

Configuration Profiles?

Configuration Profiles are the policies that can be applied to devices or Device Groups that allow an administrator to set up accounts, services, and other functionalities on devices.?

Configurations & Accounts - SimpleMDM?

Managing Devices With SimpleMDM

Managing Applications?

SimpleMDM provides multiple methods for managing applications for MacOS, iOS, and tvOS devices. Apps can be individually deployed to one or more devices, or assigned to Device Groups for simplifying app deployments.?

Deploying and Updating Apps - SimpleMDM?

App Catalog?

The App Catalog allows for the distribution of App Store Apps, purchased from Apple Business Manager under the Volume Purchase Program, for MacOS, iOS, and tvOS devices.?

Apple - Select and purchase content in Apple Business Manager?

Managing Applications for iOS & tvOS Devices?

There are three methods for managing applications for iOS & tvOS devices.?

• App Store - Volume Purchase Program (VPP)?
• App Store - Using Apple IDs?
• Enterprise & Ad-Hoc (Custom Apps)?

Managing Applications for MacOS Devices?

There are three methods for managing applications for iOS & tvOS devices.?

• App Store - Volume Purchase Program (VPP)?
• Custom Signed Packages?
• Munki - SimpleMDM Hosted?

Device Actions?

SimpleMDM offers the ability to perform Device Actions on managed devices, that can simplify remotely managing your devices. Device Actions include the ability to push assigned apps and media, send the device a message, clear the passcode, enable Lost Mode, Wipe the device, and more.?

Device Actions - SimpleMDM?

Additional Features?

Location Tracking?

Location Tracking is available for enrolled devices that have the SimpleMDM iOS app installed.?

Location Tracking - SimpleMDM?

Logging?

SimpleMDM retains Admin & Device Logs. The Admin Namespace logs activity from the SimpleMDM Portal & API, while the Device Namespace logs device activity between SimpleMDM and the devices being managed.?

Logs - SimpleMDM?

SimpleMDM only retains logs for two weeks. If you wish to retain the SimpleMDM logs for a longer period of time, logs can be exported with the SimpleMDM API.?

Advanced Configurations?

Custom Scripts?

SimpleMDM allows Custom Scripts to be uploaded and deployed to MacOS devices. Custom Script Jobs can be deployed to Device Groups, Assignment Groups, or individual devices.?

Scripts - SimpleMDM?

Attributes & Custom Attributes?

Attributes enable you to create configurations that are customized on a per-device basis. With attributes, you can create profiles and managed app configurations that include values specific to the device they are being installed to. Additionally, you can use custom attributes as a way to store device or asset metadata specific to your business.?

Attributes & Custom Attributes - SimpleMDM?

Authentication Integration for Enrollments?

SimpleMDM supports the ability to configure LDAP and SAML authentication for device enrollments.?

Authentication Integrations for Enrollments - SimpleMDM?

SAML SSO Integration?

For added security, SimpleMDM can integrate with the Security Assertion Markup Language (SAML) standard for Single Sign On (SSO). Several vendors can be configured as a Trusted Identity Provider to authenticate your SimpleMDM Administrators with SAML SSO.?

SAML Integration Guides - SimpleMDM?

SimpleMDM API?

The SimpleMDM API exists as a RESTful JSON implementation. It is designed to work over authenticated, HTTPS secured channels. Since the SimpleMDM API is based upon the HTTP protocol, you can directly interact with it using any HTTP client library.?

API Keys can be created in the API page of the SimpleMDM Portal, and each API key created can be configured with different permissions.?

SimpleMDM API Documentation?

See Also?

Common Questions - SimpleMDM?

Error Messages - SimpleMDM?