Mobile Device Management (MDM)
General info
Supported platforms and OS
An overview of supported platforms and operating systems is provided, detailing functionalities across various systems including MacOS, Windows, Linux, ChromeOS, and iOS, while also noting current limitations and future priorities for unsupported systems like Android.
Introduction to Mobile Device Management (MDM)
Mobile Device Management (MDM) is a critical tool for managing, configuring, and securing your organization’s mobile devices, ensuring compliance, enhancing productivity, and protecting sensitive data through remote management capabilities.
Managing Windows Home
For organizations considering Windows Home, it's crucial to recognize its limitations in security, management, and compatibility compared to Windows Pro, which is better suited for professional use and offers advanced features essential for business environments.
Setup your MDM
Manage your apps via Primo & FleetDM (laptop)
Manage your apps efficiently using Primo and FleetDM by following the outlined steps for installing and removing applications, ensuring you understand the connection methods, configuration processes, and installation targets.
Managing administrator accounts
Managing administrator accounts in Primo allows you to create and manage administrator accounts on your devices, with options to set usernames and passwords, while specifying that policies can be edited or disabled, but cannot be changed once enabled on a profile.
Setting up APN certificate
To successfully set up the Apple Push Notification (APN) certificate for Mobile Device Management (MDM) with Primo, ensure you have a professional Apple ID and administrator access to the Primo Cockpit, then follow the outlined steps for creating, importing, and renewing the certificate, which is essential for remote communication with Apple devices.
Password Policy
The password policy outlines the enforcement of minimum length and complexity for session passwords, details the renewal process on macOS and Windows, and emphasizes that any changes will necessitate a password reset for Windows users at their next sign-in.
Disk encryption policy and recovery key storage
The disk encryption policy outlines the importance of encryption for data protection, details the encryption processes for MacOS, Windows, and Linux, and explains the automatic retrieval and storage of recovery keys during encryption to ensure data accessibility in case of password loss.
Manage Admin Accounts with FleetDM
Learn how to manage admin accounts effectively using FleetDM, including scripts for demoting and creating users, configuring policies for device compliance, and automating actions based on user account status.
Set up your MDM
Rollout Primo MDM
MDM Installation Guide
Follow the step-by-step guide to install Primo on your computer for effective fleet management, ensuring you have administrator rights and checking your email for the installation invitation.
Inviting your employees to MDM
You are provided with essential instructions for inviting employees to enroll in the Mobile Device Management (MDM) system, including how to send invitations and important details regarding the installation process and email validity.
Deploying MDM: FAQ
The FAQ section provides essential information regarding the deployment of the Primo MDM solution, addressing common concerns such as installation process, machine performance, and employee control, while also offering guidance for troubleshooting potential issues during the installation.
Resources for a successful MDM rollout
A comprehensive kit is provided to assist you in preparing for the deployment of the Primo Mobile Device Management (MDM) solution, including a proposed timeline, communication materials, and guidance for tracking installation progress.
Employee experience for OS Updates
Detailed guidelines are provided for managing OS updates for Mac and Windows users, including notification processes, deferral options, and special considerations for low disk space scenarios.
Using Primo MDM
MacBook Password Reset
To reset your MacBook password, follow the appropriate method based on whether your device is enrolled in MDM, linked to an Apple ID, or needs a complete reset in recovery mode if no other options are available.
How to use the iCloud Bypass Code
Learn how to effectively use the iCloud activation lock bypass code to unlock your device after a reset, while understanding its implications, legal considerations, and troubleshooting steps necessary for different macOS versions.
Device partially enrolled
Devices are deemed partially enrolled when the enrollment process is incomplete, which may result from various factors such as an incomplete installation of the Fleet agent or network issues, and troubleshooting steps should be followed to resolve these issues and ensure proper enrollment within 30 minutes.
One of your devices has been lost or stolen
If you've lost a device or had one stolen, Primo's MDM offers robust security features, including encryption, password quality control, and remote locking or wiping, to protect your data and help you manage the situation effectively.
Changing a Collaborator's Computer
To ensure a smooth transition when changing a collaborator's computer, follow the outlined steps for managing the old device, assigning the new one, and enrolling it in the MDM system.
Location tracking for Macs
Precise location tracking for Macs is not accessible through MDM due to privacy restrictions, and while features like remote lock and wipe commands are available, Lost Mode is not applicable on macOS, necessitating reliance on user-enabled services like “Find My” for location tracking.
Using Primo's MDM
Zero-Touch (ZTD)
Setting up Apple Business Manager with Primo
Learn how to set up Apple Business Manager with Primo to streamline device deployment and management through Zero Touch Deployment, including account creation, validation, and integration steps.
Understanding Zero-Touch Deployment (ZTD)
Zero-Touch Deployment (ZTD) is an automated process that enables quick and efficient device setup and configuration without IT staff intervention, enhancing security, improving the employee experience, and increasing overall organizational efficiency.
Windows Autopilot with Primo
Windows Autopilot with Primo simplifies the deployment of new Windows devices by allowing pre-configuration, ensuring a seamless user experience, and requires specific Microsoft licenses and administrative setup to manage device configurations effectively.
Create and authorise the FleetDM application on the Azure portal
The guide outlines the steps to create and authorize the FleetDM application on the Azure portal, including domain declaration, application creation, and setting FleetDM as the default MDM for new devices.
Library
Deploying an EDR with FleetDM
Learn how to deploy an EDR, such as SentinelOne, using FleetDM by following a series of steps that include uploading software, configuring deployment policies, and adding necessary configuration profiles to ensure effective security management across devices.
Useful scripts
You'll find useful scripts for modifying host names on macOS, along with a warning that all provided scripts are offered as-is and should be tested prior to implementation.
Library of custom Windows Policies
The library provides custom Windows policies, including guidelines for applying CSP policies, allowing personalization on Windows Pro, and setting background images and lock screens, along with important notes on compatibility and testing.
Library of OSQueries for Queries & Policies
Explore a comprehensive library of OSQueries that includes queries for user sessions, process analysis, IP retrieval, and policies for device enrollment and application presence across various operating systems.
Apps installation library
The content provides a comprehensive library of installation and uninstallation scripts for various applications, including Notion, Google Drive, Microsoft Teams, and Microsoft Office 365, along with relevant policies and details for effective software management.
MDM migration
Remove the MDM from a device
Learn how to remove the MDM from a device through disenrollment in Primo, including procedures for both Windows and macOS, along with prerequisites and important considerations.
Windows Autopilot with Primo
Windows Autopilot with Primo simplifies the deployment of new Windows devices by allowing pre-configuration, ensuring a seamless user experience, and requires specific Microsoft licenses and administrative setup to manage device configurations effectively.
Migrating from another MDM
The guide outlines the procedures for migrating macOS and Windows devices from one Mobile Device Management (MDM) system to another, detailing steps for both supervised and unsupervised devices, as well as specific instructions for integrating with Intune and Entra ID.