Several years ago, when Apple released macOS High Sierra 10.13.4, there were a few changes baked into the OS that changed how admins would deploy macOS moving forward. Doubling-down on this big change, macOS Mojave served to solidify the change in deployment workflow, leveraging mobile device management (MDM) solutions to handle the provisioning, configuration, and management of Apple devices.
SEE: Cheat sheet: Apple macOS Catalina (free PDF) (TechRepublic)
I previously wrote about Mac Deploy Stick (MDS), the free deployment utility developed by Twocanoes Software to aid Mac admins in deploying macOS to new and existing Apple computers, either standalone or over the network. Now, MDS has been updated to version 2.0, which has additional support for new deployment features, including an MDM server with a basic feature set to facilitate Mac management.
Organizations that support Apple devices of all sizes can and should apply for an Apple Business Manager (or Apple School Manager for education) account, allowing them to populate the online account with the serial numbers for their fleet of devices; this links the devices to the MDM server for an end-to-end solution. MDS 2.0 fits the MDM role nicely, supporting Apple’s frameworks for provisioning devices during enrollment without requiring costly device or subscription licensing fees like other MDM service providers.
The MDM feature in MDS 2.0 is based on MicroMDM and uses Apple Push Notification Services (APNS), Device Enrollment Profile (DEP), and an MDM configuration profile to enroll the device by first communicating with Apple’s servers when a device is at the Setup Assistant screen after being wiped or newly unboxed. During the activation phase, Apple’s servers will detect the device’s serial number and see that it is linked to the MDM service, so it will hand off to the MDM server for provisioning.
From here, MDS 2.0 provides the configuration profile that both enrolls the device and configures initial settings for the device, including skipping any additional setup screens that may be optionally configured as managed settings. The enrollment profile also serves as the management profile for the device, which allows for future configurations to be trusted during deployment and the device’s lifecycle.
Another benefit to MDS 2.0’s take on the MDM service is that it leverages the MicroMDM API to provide support for command line-based management using the Terminal. Also, it includes a simple yet effective web-based enrollment page that is tied to the hosting system’s IP address or fully qualified domain name (FQDN) so that users may be able to access the website to manually enroll their devices with the MDM service. This is especially useful during certain types of deployments, such as those where devices cannot be erased prior to enrollment, personal devices that are part of a BYOD initiative, or devices that are not physically accessible and must be provisioned remotely.
MDS is already a strong candidate for macOS deployment, and the added support as an MDM server–despite the limited features–is a welcome addition to your macOS management arsenal. This is especially true for those who may wish to gain experience with mobile device management and how to test deployments using Apple hardware to identify which methods work best to suit your organization’s specific needs.