This checklist outlines the deployment steps and checklist for managing macOS devices using MaaS360, focusing on organizations that require only basic device management capabilities. It’s ideal for scenarios where devices are either personally owned by employees or are company-owned but not enrolled through Apple Business Manager (ABM) or Apple Configurator 2 (AC2). There is no difference between work and personal data on these devices unless MaaS360 is used.
Use this setup when:
This guide is intended for environments where employees are using their own macOS devices or where the organization provides unsupervised company devices. In either case, the installation of the management profile requires user or administrator interaction. These devices do not need to be wiped before being enrolled, and users can remove the management profile at any time. This basic management level is better suited for user-owned devices, offering fewer restrictions and limited policy enforcement compared to fully supervised company devices.
Deployment tip:
MaaS360 offers a wide range of configuration and management options. This checklist is designed to help you start with common, essential steps. It’s recommended to test the set up with a small group of devices first, tune the configuration as best fit your organization, then proceed with the deployment of other macOS machines
Before you begin:
1. Complete the MaaS360 “Getting Started” checklist (available in the portal).
2. Select your preferred method for enrolling devices:
a. Self-Service URL: Create an enrollment URL where users can enroll on their own by logging in with their local or corporate credentials. (OTP not supported)
b. Unique enrollment request: Initiate a unique enrollment request that is sent to users via email or SMS text. This is accompanied by an OTP.
c. Bulk Enrollment: Set up and distribute multiple enrollment links to a large group of users. These links often include OTP’s and can support both local and corporate authentication options.
Tip: Take advantage of the guided walkthroughs provided in the MaaS360 portal. They offer clear, step-by-step instructions to help you complete each stage of the process efficiently.
|
Task
|
In Portal Help
|
Best Practice
|
|
Create an APNS Certificate
|
MaaS360> SetUp> Services> Mobile Device Management> APNS Certificate
|
Use a company owned Apple ID account instead of a personal account. Use an email that everyone in your organization has access to.
|
|
Configure Directory and User Authentication Setup
|
In MaaS360> Setup> Settings> Directory and Enrollments> Directory and Authentication> User Authentication Set up> Select Default Authentication
|
User authentication for enrollment is based on the authentication type specified in the user record (Local or Corporate).
|
|
Add Local Users if Applicable
|
MaaS360> Users> Directory> Add User
|
It is recommended to use a different email address for each added user to prevent multiple notifications sent to one email. User Passwords can be generated automatically or set them manually via Set up> Settings> User Settings.
|
|
Configure User Settings
|
In MaaS360> Setup> Settings> User Settings> User Password Settings
|
Configure local user password generation. You can decide for the system to not generate, manually set or auto generate the password.
|
|
Configure Device Enrollment Settings
|
In MaaS360> Set up> Settings> Basic Enrollment Settings> User Input at Authentication
|
Select what users should input during authentication. (username and domain, email or username)
|
|
Configure a MacOS Security Policy
|
In MaaS360> Security> Policies> View to view the MacOS MDM policy or ‘Add’ to add a new one
|
Configure Restrictions, App Compliance, System Preference, functionality and more
|
|
Integrate MaaS360 with Apple Volume Purchase Program (VPP)
|
MaaS360> Security> Policies> MacOS MDM Policy
|
VPP licenses are used to install apps with no Apple ID account required.
|
|
Build an App Catalog and Distribute Apps
|
MaaS360> Security> Policies> MacOS MDM Policy
|
You can associate as many licenses needed if the app is free. If the app is paid, you want to purchase the total number of app licenses per device.
|
|
Provide Self Service Enrollment URL if applicable
|
In MaaS360> Setup> Settings> Basic Enrollment Settings> Self Enrollment
|
Publish the Self-service enrollment URL to your users.
|
|
Generate enrollment request( s) if applicable
|
In MaaS360> Setup> Enrollment Programs> Bulk Add CSV file.
|
To generate multiple enrollment requests to send to users.
|
|
Users enroll devices
|
Via the device> Safari> Enrollment URl> Search
|
A Safari browser is needed for enrollment. Launch the browser and enter the URL enrollment.
|
|
Manage Devices in the portal
|
In MaaS360> Devices> Inventory> Click View to view the device record.
|
Devices in your inventory are utilizing a device license unless showing the device record status as Inactive.
|