MAC Endpoint Management

enroll install Endpoint Manager deploy Apple Push Notification MDM profile configuration profile user device MAC OS X device Mac OS profile EM profile

This article will show you how to add Mac OS devices into Endpoint Manager.
Once you have added the profile, you can remotely deploy configuration profiles to various device settings and install antivirus protection.

You can add MAC devices to the Endpoint Manager profile either with or without installation.

Apple allows only one portal to access the protocol that manages devices. Customers who wish to use Endpoint manager in conjunction with other management platforms will have issues.
Endpoint Manager can be used to manage security, while another platform is used for general Mac management.
If you choose to enroll ‘profile-less,’ you will not be able to manage the following items:
During enrollment, you can select whether or not an EM profile is enabled.
Prerequisite – An Apple Push Notification Certificate (APN) is required on your EM instance if the Mac device management profile MDM profile is to be applied. This Wiki will help you with this.

These are the steps involved in enrolling:

Get into the Cyber Security Career now!

Enroll user device to Endpoint Manager. Create an installation package and send it to users.
Install the package – The user clicks on the link in the email to install the package.

You must add users (device owners) before you can enroll their devices. If you haven’t yet added users, please refer to this.

Enroll user device to Endpoint Manager

Log in to ITarian
Click on ‘Applications > ‘Endpoint manager’
Click on ‘Users > ‘User list’ to the left
Click ‘Enroll Device’ to select the users you wish to add devices.Or
Next, click the ‘Add’ button in the menu bar and then ‘Enroll Device.

The device enrollment wizard begins:

Step 1: Device Options

Choose a Device

Choose ‘Other device’

Specify the User

Learn Cyber Security Career Guide here!

All users that you have previously selected are listed in the “Specify User” box
Simply enter their email address into the box to add more users. Endpoint Manager will automatically suggest users that have been created.
Create a New User Click to add a user to Endpoint Management. You can’t add devices until you have added users to them. This explains the add-user process.

To proceed to step 2, click ‘Next’

Step 2: Enrollment options:

Choose the Operating System for the Device

Select’macOS.

Select Enrollment Type

EM works with two clients

Communication Client – Connects the device to Endpoint Manager for central administration. This client must be installed.
Comodo Security Client (CCS) This security software provides anti-virus protection. This client can be installed at your discretion.
You can choose whether to install only CC or both CC & CCS.
- Enroll and Protect – Installs both CCS and CC.
- Enroll to install only the communication client (CC). Remote installation of CCS is possible at any time.

Choose Method

You can choose whether an MDM profile from EM should also be installed on your device.

With MDM Profile (recommended). – Installs the Endpoint manager configuration profile and the communication client. Endpoint Manager tools can be used on all devices
No MDM profile – Installs only the communication software to connect to EM. Endpoint Manager can be used to manage security and another platform for general Mac management.

Device Name Options

Do not Change The existing name of the device is used to identify it within Endpoint Manager.
Enter a new name for your device.

To proceed to step 3, click ‘Next’

Step 3 – Installation Summary

Take a look at your choices thus far.
To revise your selections, click ‘Back’ or “Change Configuration” (top-right).

To proceed to step 4, click ‘Next’

Step 4: Installation Instructions

The last step is to send the enrollment email to the device owners.

Send to Email – Use the settings in steps 1 and 2 to send enrollment emails to users.

Tip: You can also copy the link and forward it to the user using any other out-of-band communication channel.

To exit the wizard, click ‘Finish.

Below is an example email:

Install the client package

The mail must be opened by the user at the endpoint.

Download the client and install it

Click the enrollment link in the mail you receive. This will launch the setup wizard.
Save the file by clicking the “Download macOS installer” button

Download the EM client configuration package file.

To install the communication client, open the file.
To complete the installation, follow the wizard.

When the package is installed with the EM profile configured, the screen for device profiles appears.

After installation, the communication client will connect with the Endpoint Manager to enroll the device.
If you include Comodo Client Security in your setup, it will be installed as well. You can install CCS remotely later, after device registration. This Wiki can help you install CCS on your device.
All Endpoint Manager profiles that have been assigned to the user will be applied to this device.
If the profile is not assigned, the default Mac OS profiles will be applied to the device.
Remote management of the device is now possible via the EM console.