An MDM Profile is an additional component for Endpoint Central Agent which can be installed to support complete management of the Laptops in Endpoint Central.
The following steps below illustrate how to deploy MDM profile for Windows and Mac separately.
Prerequisites
To deploy the MDM profile for Windows, the only prerequisite is to configure the NAT settings.
You need to configure NAT settings to manage both desktop and roaming Users (laptops). This will ensure communication between the desktop and roaming users via internet and the Central server. NAT settings can be configured in this path: Admin tab > Server Settings > NAT Settings
Once this is done, MDM profile will be automatically installed on the Windows machines.
Prerequisites
After the above two prerequisites are configured, the end user will be able to install the MDM profile via a notification window that will be prompted from his/her machine.
Configuring NAT settings
You need to configure NAT settings to manage Desktop & Roaming Users (laptops) which might be out of the reach of your corporate network. This ensures the communication from Desktop & Roaming Users via internet reaches the Central server . NAT settings can be configured in this path: Admin tab > Server Settings > NAT Settings.
Uploading an APNS Certificate
All communication between the MDM Profile and Apple devices are routed through the APNS certificate. An APNS certificate is required to secure this communication. Assure a corporate ID is used to create a certificate, as it has to be renewed in a year. Learn more on creating and uploading a APNS certificate.
If the above two prerequisites are met, the end user will be prompted via a notification window to install the MDM profile on their device. The end user has to approve to let Endpoint Central manage their Mac device.
Note: You can edit the message on the mac notification window by navigating to agent-> settings-> SoM Settings.
How does this Notification window work?
Notification window will pop-up on Endpoint Central agent machines to install the MDM Profile.
End-user needs to be an Administrator to install the MDM Profile.
If the end-user is a standard user, Endpoint Central Agent will promote the standard user as "Profiles Administrator" so that they can install the MDM profile. The 'Profiles Administrator' permission will be automatically revoked after 100 seconds.
The following are some of the frequently asked questions while configuring MDM profile in MAC.
No. MDM Add-on has been removed for Endpoint Central. MDM Profile does not require any additional license. Refer this page for more details.