🛰️

Mobile Device Management (MDM)

Testing Primo & FleetDM

The guide provides an overview of testing FleetDM within the Primo framework, highlighting key features, prerequisites, and practical steps for managing devices, using controls, and executing queries and policies effectively.

General info

Supported platforms and OS

An overview of supported platforms and operating systems is provided, detailing functionalities across various systems including MacOS, Windows, Linux, ChromeOS, and iOS, while also noting current limitations and future priorities for unsupported systems like Android.

Managing Windows Home

For organizations considering Windows Home, it's crucial to recognize its limitations in security, management, and compatibility compared to Windows Pro, which is better suited for professional use and offers advanced features essential for business environments.

Introduction to Mobile Device Management (MDM)

Mobile Device Management (MDM) is a critical tool for managing, configuring, and securing your organization’s mobile devices, ensuring compliance, enhancing productivity, and protecting sensitive data through remote management capabilities.

Setup your MDM

Setting up APN certificate

To set up and manage Apple's Push Notification service (APNs) for Primo, ensure you have a professional Apple ID and administrator access, then create and import the APN certificate, which must be renewed annually to maintain communication with Apple devices.

Password Policy

The password policy outlines the enforcement of minimum length and complexity for session passwords, details the renewal process on macOS and Windows, and emphasizes that any changes will necessitate a password reset for Windows users at their next sign-in.

Manage your apps via Primo & FleetDM

Manage your apps effectively using Primo and FleetDM by following a structured process for installation and removal, ensuring seamless integration and configuration tailored to your organizational needs.

Disk encryption policy and recovery key storage

The disk encryption policy outlines the importance of encryption for data protection, details the encryption processes for MacOS, Windows, and Linux, and explains the automatic retrieval and storage of recovery keys during encryption to ensure data accessibility in case of password loss.

Manage Admin Accounts with FleetDM

Learn how to manage admin accounts effectively using FleetDM, including scripts for demoting and creating users, configuring policies for device compliance, and automating actions based on user account status.

Rollout Primo MDM

MDM Installation Guide

Follow the step-by-step guide to install Primo on your computer for effective fleet management, ensuring you have administrator rights and checking your email for the installation invitation.

Inviting your employees to MDM

You are provided with essential instructions for inviting employees to enroll in the Mobile Device Management (MDM) system, including how to send invitations and important details regarding the installation process and email validity.

Resources for a successful MDM rollout

A comprehensive kit is provided to assist you in preparing for the deployment of the Primo Mobile Device Management (MDM) solution, including a proposed timeline, communication materials, and guidance for tracking installation progress.

Employee experience for OS Updates

Detailed guidelines are provided for managing OS updates for Mac and Windows users, including notification processes, deferral options, and special considerations for low disk space scenarios.

Deploying MDM: FAQ

The FAQ section provides essential information regarding the deployment of the Primo MDM solution, addressing common concerns such as installation process, machine performance, and employee control, while also offering guidance for troubleshooting potential issues during the installation.

Zero-Touch (ZTD)

Setting up Apple Business Manager with Primo

Set up Apple Business Manager with Primo to streamline device deployment and management through Zero Touch Deployment, ensuring efficient configuration for new employees and seamless integration with your MDM system.

Understanding Zero-Touch Deployment (ZTD)

Zero-Touch Deployment (ZTD) is an automated process that enables quick and efficient device setup and configuration without IT staff intervention, enhancing security, improving the employee experience, and increasing overall organizational efficiency.

Windows Autopilot with Primo

Windows Autopilot with Primo simplifies the deployment of new Windows devices by allowing pre-configuration, ensuring a seamless user experience, and requires specific Microsoft licenses and administrative setup to manage device configurations effectively.

Create and authorise the FleetDM application on the Azure portal

The guide outlines the steps to create and authorize the FleetDM application on the Azure portal, including domain declaration, application creation, and setting FleetDM as the default MDM for new devices.

Using Primo MDM

Device partially enrolled

Devices are deemed partially enrolled when the enrollment process is incomplete, which may result from various factors such as an incomplete installation of the Fleet agent or network issues, and troubleshooting steps should be followed to resolve these issues and ensure proper enrollment within 30 minutes.

One of your devices has been lost or stolen

If you've lost a device or had one stolen, Primo's MDM offers robust security features, including encryption, password quality control, and remote locking or wiping, to protect your data and help you manage the situation effectively.

How to use the iCloud Bypass Code

Learn how to effectively use the Activation Lock Bypass Code to unlock devices secured by Activation Lock, with step-by-step instructions for different macOS versions and important legal considerations.

Changing a Collaborator's Computer

To ensure a smooth transition when changing a collaborator's computer, follow the outlined steps for managing the old device, assigning the new one, and enrolling it in the MDM system.

Location tracking for Macs

Precise location tracking for Macs is not accessible through MDM due to privacy restrictions, and while features like remote lock and wipe commands are available, Lost Mode is not applicable on macOS, necessitating reliance on user-enabled services like “Find My” for location tracking.

Library

Deploying an EDR with FleetDM

Learn how to deploy an EDR, such as SentinelOne, using FleetDM by following a series of steps that include uploading software, configuring deployment policies, and adding necessary configuration profiles to ensure effective security management across devices.

Useful scripts

You'll find useful scripts for modifying host names on macOS, along with a warning that all provided scripts are offered as-is and should be tested prior to implementation.

Library of custom Windows Policies

The library provides custom Windows policies, including guidelines for applying CSP policies, allowing personalization on Windows Pro, and setting background images and lock screens, along with important notes on compatibility and testing.

Library of OSQueries for Queries & Policies

Explore a comprehensive library of OSQueries that includes queries for user sessions, process analysis, IP retrieval, and policies for device enrollment and application presence across various operating systems.

Apps installation library

The content provides a comprehensive library of installation and uninstallation scripts for various applications, including Notion, Google Drive, Microsoft Teams, and Microsoft Office 365, along with relevant policies and details for effective software management.

    Step into the future of IT