Management MacOS Device
macOS DeviceManagementVMware Workspace ONE UEM 2001
macOS Device ManagementYou can find the most up-to-date technical documentation on the VMware website at:https://docs.vmware.com/If you have comments about this documentation, submit your feedback todocfeedback@vmware.comVMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.comCopyrightVMware, Inc. 2020 VMware, Inc. All rights reserved. Copyright and trademark information.2
Contents1 Introduction to Workspace ONE UEM for macOS 6Workspace ONE UEM macOS Management Prerequisites62 macOS Device Enrollment 8Enrollment with macOS Intelligent Hub10macOS Workspace ONE Intelligent Hub Download10Enable the Workspace ONE Intelligent Hub for Web-based Enrollment on macOS DevicesStage macOS Devices for Single User Enrollment11Configure a Sideloading Enrollment Profile for macOS DevicesConfigure Multi-User Staging for macOS Devices1213Single Staging with Pre-Registration and Non-Domain Joined Local UserCreate Single-Staging Flow with Pre-RegistrationSingle Staging with API11141516Apple Business Manager - DEP16Custom Bootstrap Packages for Device EnrollmentDeploy a Bootstrap Package17183 Software Distribution and Management for macOS Applications 204 macOS Device Profiles 21Configure a Passcode Policy Profile23Configure a Network Access Profile24Configure a VPN Profile26Configure a VPN On Demand ProfileConfigure an Email Profile2829Configure an Exchange Web Services ProfileConfigure an LDAP Profile3032Configure a CalDAV or CardDAV ProfileConfigure a Web Clips Profile3333Configure a SCEP/Credentials Profile34Configure a Privacy Preferences Control ProfileConfigure a Dock Profile37Configure a Restrictions Profile38Configure a Software Update Server ProfileConfigure a Parental Controls ProfileConfigure a Directory Profile414343Configure a Security and Privacy Settings ProfileConfigure a Full Disk Encryption ProfileVMware, Inc.3545463
macOS Device ManagementConfigure a Login Items Profile49Configure a Login Window Profile50Configure an Energy Saver Profile51Configure a Time Machine ProfileConfigure a Finder Profile5253Configure an Accessibility Profile54Configure a Printer Configuration ProfileConfigure a Messages ProfileConfigure a Proxy Profile545556Configure a Smart Card ProfileConfigure a Mobility Profile5859Configure an Associated Domains ProfileConfigure a Managed Domains ProfileConfigure an SSO Extension Profile606161Configure a System Extensions Profile63Configure a Web Content Filter Profile64Configure an AirPlay Whitelist ProfileConfigure an AirPrint Profile6566Retrieve AirPrint Printer InformationConfigure an Xsan Storage ProfileConfigure a Firewall Profile666767Configure a Firmware Password ProfileConfigure a Custom Attributes ProfileConfigure a Custom Settings Profile686969Configure a Kernel Extension Policy Profile705 Full Disk Encryption with FileVault 72Institutional and Personal Recovery for macOS DevicesInstitutional Recovery for macOS Devices7273Configure a FileVault Institutional Recovery Key for macOS DevicesPersonal Recovery for macOS Devices78Enable Personal Recovery Encryption for a macOS DeviceView Escrowed Personal Recovery Key on the UEM ConsoleView Escrowed Personal Recovery Key on the SSP787979Recover an Encrypted Disk Using a Personal Recovery KeyPersonal Recovery Key Rotation7380826 Compliance Policies 847 Apps for macOS Devices 85Workspace ONE Intelligent HubVMware, Inc.854
macOS Device ManagementConfigure Settings for the macOS Workspace ONE Intelligent Hub(Legacy) AirWatch Catalog and Workspace ONE CatalogContent Locker Sync8687878 Additional macOS Configurations 88Build a Device Kiosk for a macOS Device88Additional macOS Profiles for Kiosk Mode89Mirror Screens with Apple AirPlay on macOS DevicesCustom Fonts for macOS Devices90Manage Fonts on macOS Devices90Product Provisioning for macOS DevicesWorkspace ONE AssistDevice List View929293Device Details Page for macOS DevicesCertificate Profile Resiliency9496Admin Password Auto-RotationDevice Actions91919 macOS Device ManagementDevice Dashboard899797Request Device Log100Configure and Deploy a Custom Command to a Managed DeviceAppleCare GSX101101Obtain an Apple Certificate to Integrate AppleCare GSXConfigure AppleCare GSX in the UEM Console10210310 Shared Devices 104Define the Shared Device Hierarchy105Log In and log out of Shared macOS DevicesVMware, Inc.1065
Introduction to Workspace ONEUEM for macOS1Workspace ONE UEM powered by AirWatch provides complete management solutions for macOSdevices. With Workspace ONE UEM's Mobile Device Management (MDM) solution, enterprises canmanage Corporate-Dedicated, Corporate-Shared or Employee Owned (BYOD) macOS devicesthroughout the entire device lifecycle.Workspace ONE UEM supports devices running macOS versions 10.9 and all Apple devices runningthose operating system versions.This guide shows administrators how to:nEnroll macOS devices or allow end users to enroll the devices by themselves.nConfigure the Workspace ONE Intelligent Hub.nCreate profiles for macOS devices to manage compliance.nManage devices through the Workspace ONE UEM console and on the Self-Service Portal (SSP).nIntegrate with macOS tools such as File Vault 2.nEnable Product Provisioning.This chapter includes the following topics:nWorkspace ONE UEM macOS Management PrerequisitesWorkspace ONE UEM macOS Management PrerequisitesTo manage macOS devices, make sure you have the all the prerequisites mentioned in this section.You must have the following prerequisites ready:UEMnActive Environment – Your active Workspace ONE UEM environment and access to the UEMconsole.nAppropriate Admin Permissions – Type of permission that allows you to create profiles, policies,and manage devices within the UEM console.nGroup ID – A unique identifier for the organization group where the device is enrolled that defines allconfigurations the device receives.VMware, Inc.6
macOS Device ManagementnCredentials – User name and password combination used to identify and authenticate the useraccount to which the device belongs. These credentials can be AD/LDAP user credentials.Apple PlatformnApple Push Notification service (APNs) Certificate – A certificate issued to your organization toauthorize the use of Apple's cloud messaging services. For information about generating an APNscertificate, see Generate a New APNs Certificate in the Console Basics documentation.nApple ID for Apple Business Manager – An Apple ID is required to purchase the manageddistribution or the user-based licenses when using the Volume Purchase Program (VPP) witha macOS deployment. It is also used to enroll the macOS devices through Device EnrollmentProgram (DEP). Apple Business Manager is a web-portal which you can use with the Mobile DeviceManagement (MDM) solution for easily deploying and managing your Apple devices. For moreinformation about Apple Business Manager, see the VMware Workspace ONE UEM Integration withApple Business Manager documentation.Note Apple ID that is used for VPP or DEP must not be entered in the settings or preferences on thedevice. For example, do not use for iTunes or iCloud.OptionalnEnrollment URL – The web address entered into Safari to begin the enrollment procedure. Thislocation is specific to your company's enrollment environment. For example, this enrollment URLfollows the format of https:// companyspecificdeviceservicesurl /enroll.nApple Business Manager/Apple School Manager account or DEP/VPP accounts.Supported DevicesWorkspace ONE UEM currently supports devices running macOS 10.9 and later, including:nMacBookniMacnMacBook PronMac MininMacBook AirnMac ProniMac ProVMware, Inc.7
macOS Device Enrollment2Each device in your organization's deployment must be enrolled in your organization's environmentbefore it can communicate with Workspace ONE UEM and access internal content and features. macOSdevices enroll using MDM functionality built into the native OS in conjunction with Workspace ONE UEMfunctionality.Enrollment MethodsThere are three ways to initiate enrollment for macOS devices:nEnroll a device using the Workspace ONE Intelligent HubnSideload devices with an MDM profilenUtilize Apple Business Manager's Device Enrollment ProgramEnd user Enrollment Using the Workspace ONE IntelligentHubThe Hub-based enrollment process secures a connection between macOS devices and your WorkspaceONE UEM environment through the Workspace ONE Intelligent Hub app. The Workspace ONE IntelligentHub application facilitates User-Approved Device Enrollment, and then allows for real-time managementand access to device information.For more information, see:nChapter 7 Apps for macOS DevicesnEnrollment with macOS Intelligent HubAdmin Enrollment Using a Sideloaded Staging ProfileDevice Staging on the Workspace ONE UEM console allows a single admin to outfit devices for otherusers on their behalf, which can be particularly useful for IT admins provisioning a fleet of devices.Admins can sideload a staging profile for a single user devices and multi-user devices.VMware, Inc.8
macOS Device ManagementSingle-User StagingSingle-user staging allows an admin to stage devices for a single user, such as a company-issued laptop.LDAP binding or pre-registration is required when staging devices for single users.For more information, see Stage macOS Devices for Single User Enrollment.Single Staging with Pre-Registration and Local UserWorkspace ONE UEM also supports a new single staging enrollment flow for a local user with preregistration to help macOS admins who are moving towards a deployment model without domain join. Formore information, see Single Staging with Pre-Registration and Non-Domain Joined Local User.Multi-User StagingMulti-user device staging allows an admin to provision devices intended to be used by more than oneuser, such as a customer service kiosk computer. Multi-user staging allows the device to dynamicallychange its assigned user as the different network users log into that device.For more information, see Configure Multi-User Staging for macOS Devices.Bulk Device EnrollmentDepending on your deployment type and device ownership model, you may want to enroll devices in bulk.Workspace ONE UEM provides bulk enrollment capabilities for macOS devices using the Apple BusinessManager and Automated Enrollment.Bulk Enrollment with Apple Business ManagerDeploying a bulk enrollment through the Apple Business Manager's DEP allows you to install a nonremovable MDM profile on a device, which prevents end users from being able to remove the profile fromtheir devices. You can also provision devices in Supervised mode to access additional security andconfiguration settings.For more information about Apple Business Manager, see Integration with Apple Business Manager.This chapter includes the following topics:nEnrollment with macOS Intelligent HubnStage macOS Devices for Single User EnrollmentnSingle Staging with Pre-Registration and Non-Domain Joined Local UsernApple Business Manager - DEPnCustom Bootstrap Packages for Device EnrollmentVMware, Inc.9
macOS Device ManagementEnrollment with macOS Intelligent HubThe Hub-based enrollment process secures a connection between macOS devices and your WorkspaceONE UEM environment. Install the Workspace ONE Intelligent Hub application to facilitate the enrollmentand enable the real-time management and access to the relevant device information.Download the Workspace ONE Intelligent Hub installer from https://getwsone.com. When theWorkspace ONE Intelligent Hub is installed, the device begins prompting the user for the enrollmentauthentication. For different methods that are available to download Intelligent Hub, see macOSWorkspace ONE Intelligent Hub Download.Procedure1Navigate to https://getwsone.com and download the Workspace ONE Intelligent Hub installer on thedevice.2Open the pkg file and install the Intelligent Hub by following the prompts. After installation completes,the Intelligent Hub enrollment screen appears shortly.3Enter the enrollment URL and Group ID, or enter your email address.If the email autodiscovery is set up, select the email address option for authentication, instead ofentering the enrollment URL and Group ID. For information about configuring autodiscovery, see theAutodiscovery Enrollment topic of the Managing Devices documentation.If your user account is not allowed or blocked because your account is blacklisted and not approvedfor enrollment, you may now get a notification .4Follow the prompts in the Workspace ONE Intelligent Hub. For devices running macOS 10.13.1 andbelow, proceed to step 7. For devices running macOS 10.13.2 and above, proceed to step 5.5Enter the admin user name and password to install the MDM profile.6Once the process is complete, the Workspace ONE Intelligent Hub displays an Enrollment Completescreen and the device immediately begins receiving the configurations assigned by the administrator.7Click Continue to transition to the Hub's default Account screen.For more information on Workspace ONE Intelligent Hub for macOS and its deployment, seeDeploying VMware Workspace ONE Intelligent Hub.macOS Workspace ONE Intelligent Hub DownloadThe quickest and the easiest option available for downloading the Workspace ONE Intelligent Hub is fromgetwsone.com. The most recent version of the Workspace ONE Intelligent Hub is present and requiresno authentication. However, you can also download the Workspace ONE Intelligent Hub for macOSdevices at any time by logging into either UEM console or Self-Service Portal (SSP).Download options:nWorkspace ONE UEM console – Navigate to Groups & Settings All Settings Devices& Users Apple Apple macOS Hub Application and select Download Hub.VMware, Inc.10
macOS Device ManagementnSelf-Service Portal – Log into the SSP with an enrollment user who has an enrolled macOS deviceand select Download Hub from the top action menu.If the hub is installed after the device enrollment, then the Hub iconappears at the top of thedisplay indicating it is active and no additional end-user interaction is necessary.If the hub is installed before the device enrollment, then after the installation the device beginsprompting the user for the enrollment authentication.Enable the Workspace ONE Intelligent Hub for Web-basedEnrollment on macOS DevicesIf you are utilizing web-based enrollment, enable the Workspace ONE Intelligent Hub to be installed ondevices after enrollment through the Web.PrerequisitesFor web enrollment using the UEM console v7.3 and higher, make sure that the Require Intelligent HubEnrollment for macOS option is enabled (Navigate to Groups & Settings All Settings Devices &Users General Enrollment and enable the option).Procedure1From the UEM console Dashboard, navigate to Devices Device Settings Apple ApplemacOS Hub Application.2Select Install Hub after Enrollment to automatically install Hub on devices after enrollment.3Select Save.Stage macOS Devices for Single User EnrollmentSingle-User Device Staging on the Workspace ONE UEM Console allows a single administrator to outfitdevices for other users on their behalf, which can be useful for IT administrators provisioning a fleet ofdevices.Device staging through Workspace ONE Direct Enrollment is not supported. If you must stage a device,whether for single or multiple users, you must enroll the device using Workspace ONE Intelligent Hubinstead of Workspace ONE Direct Enrollment.Important LDAP binding is required when staging devices. To create this payload, see Binding a Deviceto the Directory Service in this guide.Procedure1Navigate to Accounts Users List View and select Edit for the user account for which you wantto enable device staging.VMware, Inc.11
macOS Device Management2In the Add / Edit User page, select the Advanced tab.aScroll down to the Staging section.bSelect Enable Device Staging.cSelect the staging settings that apply to this staging user.3Single User Devices stages devices for a single user. This user is the next Network User to log intothe device. Toggle the type of single user device staging mode to either Standard or Advanced.Standard staging requires an end user to enter login information after staging, while Advanced meansthat the staging user can enroll the device on behalf of another user.4Ensure that Multi User Devices is set to Disabled.5Enroll the device using one of the two following methods.aEnroll using the Workspace ONE Intelligent Hub by entering a server URL and Group ID.bOpen the device's Internet browser, navigate to the enrollment URL, and enter the proper GroupID.6Enter your staging user's credentials during enrollment. If necessary, specify that you are staging forSingle User Devices. You will only have to do this if multi-user device staging is also enabled for thestaging user.7Complete enrollment for either Advanced or Standard staging.aIf you are performing Advanced staging, you are prompted to enter the user name of the end-userdevice owner who is going to use the device. Proceed with enrollment by installing the MobileDevice Management (MDM) profile and accepting all prompts and messages.bIf you are performing Standard staging, then when the end user completes the enrollment, theyare prompted to enter their own credentials in the login window.ResultsThe device is now staged and ready for use by the new user.Configure a Sideloading Enrollment Profile for macOS DevicesObtain the MDM profile to prepare to sideload devices.Do this by using Automated Enrollment functionality to generate an enrollment profile for the desiredorganization group. Then, enroll devices using the MDM profile for standard or advanced staging. Last,download the Workspace ONE Intelligent Hub to complete enrollment and authenticate devices.Procedure1Configure a Staging user account in the UEM console, if you have not already. This can be a Basicuser account you manually create or a Directory user account that is enabled with staging. Ifconfiguring Multi-user staging for macOS devices, then choose a Directory user account. For moreinformation on creating users, see Mobile Device Management .2Navigate to Devices Device Settings Devices & Users Apple Automated Enrollment.VMware, Inc.12
macOS Device Management3Select Enabled for Automated Enrollment. You may need to Override the current organizationgroup to do this.4Choose macOS as the Platform.5Select the Staging Mode drop down menu.6aSingle user device – Stage the device for one user.bMulti-user device – Stage the device for multiple users.Choose the Default Staging User.aOnly staging users are available as Default Enrollment User options. Later, when staging iscompleted, the user's device details are updated in the UEM console and the device isassociated with that end user.7Select Save and Copy URL OK to save the .mobileconfig file that includes the name of theorganization group.8Select Export to export the .mobileconfig file. This profile is needed when staging devices.9Navigate to Groups & Settings All Settings Devices & Users Apple Apple macOS HubApplication and select Download Hub Download to install the Workspace ONE Intelligent Hub.10 Enroll using a local account and install the Workspace ONE Intelligent Hub. At this time, all profilesare pushed to the device.11 Distribute the device to the end user. The end user must log in from the device's Login Window tocomplete the staging process.Configure Multi-User Staging for macOS DevicesMulti-user device/shared device staging allows an IT administrator to provision devices intended to beused by more than one user. Multi-User staging allows the device to change its assigned userdynamically as the different network users log into that device.Device staging through Workspace ONE Direct Enrollment is not supported. If you must stage a device,whether for single or multiple users, you must enroll the device using Workspace ONE Intelligent Hubinstead of Workspace ONE Direct Enrollment.Procedure1Navi
n Apple Push Notification service (APNs) Certificate – A certificate issued to your organization to authorize the use of Apple's cloud messaging services. For information about generating an APNs certificate, see Generate a New APNs Certificate in the Console Basics documentation.
BigFix Power Management has extended support to include the following Microsoft Windows and Mac OS X versions. Windows 8.1 Windows 10 Windows Server 2016 OS X 10.9 OS X 10.10 OS X 10.11 macOS 10.12 macOS 10.13 macOS 10.14 macOS 10.15 System requirements BigFix Power Management supports the following .
BigFix Power Management has extended support to include the following Microsoft Windows and Mac OS X versions. Windows 8.1 Windows 10 Windows Server 2016 OS X 10.9 OS X 10.10 OS X 10.11 macOS 10.12 macOS 10.13 macOS 10.14 macOS 10.15
Deep Freeze Mac User Guide System Requirements System Requirements for Deep Freeze Mac: Deep Freeze Mac 7.3 is supported on: macOS Big Sur 11 (on Apple Silicon and Intel architectures) macOS Catalina 10.15 macOS Mojave 10.14 macOS High Sierra 10.13.5 Supports APFS file syste
OS: Windows 8.1, Windows 10 Mac OS X v10.10 (Yosemite) OS X v10.11 (El Capitan) macOS v10.12 (Sierra) macOS v10.13 (High Sierra) macOS v10.14 (Mojave) macOS v10.15 (Catalina) AG00021F03I. 1. Load the installation software CD supplied with the product. Display the contents of the CD and dou-
Como instalar uma VM do Windows 10 VirtualBox no macOS Instalar o VirtualBox no macOS: Primeiro, baixe a versão mais recente do VirtualBox para macOS. Clique em "OS X Hosts" e o download começará automaticamente. Abra o novo arquivo DM G e clique duas vezes em "VirtualBox.pkg" para abrir o instalador.
Un-Enrolling a macOS (Apple Mac) device - This includes the steps to un-enroll your device from the network -Note The Microsoft Intune application uses the term Enroll Company Portal refers to the Microsoft Intune application portal Enrolling a device with multiple Mobile Device Management (MDM) solutions will cause compatibility issues.
macOS: macOS 11, macOS 12. Java 11 as the recommended JDK. For download and install instructions, see Download Java. Version 1.68 of VS Code or above. Download VS Code from Microsoft Visual Studio Code. Install the extension 1. On the Extensions search bar, search for the Adobe ColdFusion Builder extension for Visual Studio Code.
Windows (Safe Exam Browser 2.4.1 for Windows 7, 8.1 and 10). For macOS Click on the Safe Exam Browser 3.0 for macOS button o Current version of Safe Exam Browser for macOS 10.15, 10.14, 10.13, 10.12, 10.11 (limited support for 10.10, 10.9, 10.8* and 10.7*) to download the software. For both operating systems, a new tab will open in the .
