Tags
malware activity virus scope autoruns Proxy servers fallback flag Inactive discovered devices SNMP Apple Device Enrollment Program set up service explorer manually deploy Comodo EDR agent parent process multiple ticket selection selected tickets security events folder transfer discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard itarian unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos Rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection virtual desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to enroll Mac OS X devices without installing an Endpoint Manager profile

Release Time
12/27/2018
Views
none
Category
Devices
Tags

  • Apple only allow one MDM platform to use the protocol which manages devices. Historically, this caused issues with customers who wanted to use Endpoint Manager to manage device security, but use a different platform for general MAC management.
     
  • 'Profile-less' enrollment lets you add MAC devices without installing the Endpoint Manager profile. This solves the use-case above by letting you use Endpoint Manager in conjunction with another management platform.
     
  • Please note, if you choose profile-less enrollment, you cannot use Endpoint Manager to manage the following items:
    • Certificates
    • Restrictions
    • VPN
    • Wi-Fi

 

Process in brief

  • Login to ITarian
     
  • Click 'Applications' > 'Endpoint Manager'
     
  • Click 'Users' > 'User List'
     
  • Select the users of the Mac endpoints that you want to enroll
     
  • Click the 'Enroll Device' button above the table
     
  • The 'Enroll Devices' dialog is pre-populated with the users you chose in the previous step
     
  • Click 'Email enrollment instructions' to send out device enrollment mails to these users
     
    • Click 'Show enrollment instructions' if you want to view the contents of the mail
       
  • The end-user should open the enrollment mail on the Mac endpoint itself
     
    • Click the link in the mail to open the device enrollment page
       
    • Scroll to the 'For MAC OS devices' section
       
    • Click the 'Enrollment without MDM profile' link
       
    • Follow the profile installation wizard to install

 

 

Process in detail

Step 1

  • Login to ITarian
     
  • Click 'Applications' > 'Endpoint Manager'
     
  • Click 'Users' > 'User List'
     
  • Select the users of the Mac endpoints that you want to enroll
     
  • Next:
    • Click the 'Enroll Device' button above the table

      OR
       
    • Click the '+' button on the right and choose 'Enroll Device'

 


 

  • The 'Enroll Devices' dialog is pre-populated with the users you picked in the previous step
     
  • Click 'Email enrollment instructions' to send device enrollment mails to these users
     
    • Click 'Show enrollment instructions' if you want to view the contents of the mail

 

  • End-users should:
     
    • Open the mail on the Mac endpoint you want to enroll
       
    • Click the link in the mail to open the device enrollment page
       
    • Scroll to the 'For Mac OS devices' section
       
    • Click the link under 'Enrollment without MDM profile':

 

  • This will download the communication client setup file and start the setup wizard:


     
    • Click 'Continue'
       
    • Choose the location to install the client:



       
    • Choose the installation type and click 'Install' to start the setup process:



       
    • The end-user should enter their username and password to authorize the installation:



       
    • Once the installation is complete, the client will connect to the EM server:



       
    • That's it. The device is now enrolled and can be remotely managed from Endpoint Manager.
       
    • Click 'Devices' > 'Device List' to view the endpoint:


       
  • To implement security, the next step is to install Comodo Client Security for Mac (CCS) on the endpoint. See Remotely Install Packages on Mac OS Devices for help to do this.
     
  • Endpoint Manager will also apply a configuration profile to the device. A configuration profile lets you specify a device's antivirus policy, scan schedule and other general settings.
     
  • The profile may be one of two basic types – custom or default:
     
    • Custom profile - A profile created by an admin to implement specific settings on a device
       
    • Default Profile -  Applied to newly added devices if no custom profile exists. Default profiles are operating system specific and are applied to all new devices that match their operating system (...if no custom profile exists)
       
  • If you remove all custom profiles from a device then the default profiles are implemented to take their place. This ensures you always have a working profile in place.
     
  • See 'How to clone a profile' and 'How to configure antivirus settings in a profile' for more help with this topic.