Limited Support for Mac MDM
IMPORTANT:At this time, device enrollment via MDM or Over The Air (OTA) is limited and should be used for evaluation purposes only. Future releases will include full support as the capabilities are fleshed out.
You can enroll Mac MDM devices to a zone either via ADE/DEP or OTA. Any Mac device that already exists in zone as a ZENworks Agent only device, can be enrolled again via MDM and it reconciles to the existing device present in the zone.
The Mac MDM devices can be enrolled in the zone.
The Device Enrollment Program (DEP) is part of the Apple Deployment Programs and provides administrators with a streamlined way to deploy multiple corporate owned devices. Upon device activation, configuration of the device is immediate and enrollment with the MDM server is automatic. There is no need for IT administrators to physically access each device to complete the setup.
For more information, see Enrolling Mac MDM using ADE/DEP.
You can now securely enroll non-DEP devices into ZENworks via User-less Enrollment via OTA Profile which deploys the enrollment profile without a reset of the device.
Devices that already have ZENAgent deployed, can onboard MDM without having to reset the device and go through ADE enrollment.
Devices in use can enroll in ZENworks without having to reset the device and go through ADE enrollment.
For more information, see Enrolling Mac MDM using the OTA Profile.
Using the macOS MDM Bundle, you can deploy the configuration profile and commands to Mac devices to apply the settings and provision resources. For more information, see Creating the macOS MDM Bundle.
Now, using the iOS/iPadOS Bundle, you can deploy the commands to iOS and iPad devices.
In ZENworks Control Center, you can initiate a device refresh for devices enrolled via macOS MDM or ZENworks Agent. The quick task sends a synchronization request to the device. When the device connects to the ZENworks Primary Server, it syncs updated device information and receives configuration changes that have not already been sent to the device.
Enhancements have been made to the Device Refresh schedule page to define how often Mac MDM devices contact the ZENworks Server to update the bundle information.
The following Mac MDM features are not supported in ZENworks 23.3. These features would be included in the upcoming release.
During enrollment of Mac MDM devices, the registration rules will not be honored.
For Mac MDM devices, only the Refresh QuickTask is supported.
Purchase and distribution of Apple Volume Purchase Program (VPP) apps is not supported.
Post CA remint, Mac MDM devices will not be able to communicate with the server.
To resolve this issue, you should re-enroll the device after a CA remint to enable the Mac MDM device to communicate with the server.
Retiring of devices is not supported.
Unenrollment of Mac MDM devices from the ZENworks Server.