macOS Enrollment

IMPORTANT: macOS is currently in beta mode. If you are an existing customer and would like to access the macOS beta, please visit How to join the KACE Cloud MDM beta program where you can review details, read and accept the beta agreement, and finalize your participation.

  1. Select the Devices tab in top navigation.
  2. Click Enroll Device.

To enroll a device in KACEĀ® Cloud Mobile Device Manager (KACEĀ® Cloud MDM), a provisioning profile must be installed on the mobile device. A macOS device can also be enrolled using the Apple Device Enrollment Program.

A device admin can provide an enrollment URL to the device user to initiate enrollment, or send the URL with instructions by email. The admin can copy the URL or assemble as follows:

  • (Westeurope data centers only.)

Note: Passcode rules are not currently supported for macOS, but will be added as a feature in an upcoming release.

Role Requirement

A user must have the Device User role assigned in order to enroll a device. The Device User role is assigned by default for every new user that is created, but if it has been unassigned at any point, it will cause an error in the enrollment process.

Unenroll Device

There are two ways to unenroll a device:

Device Admin-initiated

  1. Select the Devices tab in top navigation.
  2. Select a device from the list.
  3. In the right panel, click the More Actions dropdown.
  4. Choose Unenroll Device.
  5. Click Confirm.

Device User-initiated

A device user can unenroll their device. On a macOS device, the device user can remove the KACE Cloud MDM Profile from the Device Management Settings section.

Set Up Using Apple DEP

An admin can set up KACE Cloud management of macOS devices in the Apple Device Enrollment Program (DEP).

macOS-specific Settings

When creating a DEP profile, an admin can choose macOS-specific settings for devices, which include the ability to:

  • Force token authentication
  • Set supervision in the form of local user accounts
  • Set disk access options

Force Token Authentication - When configuring a device with a DEP profile on a Mac-enabled tenant, an admin can enable 'force token authentication'. This setting forces a user to enter their username and a deployment token to enroll their device. This restriction helps prevent unauthorized access to sensitive customer information like VPNs, certificates, and custom applications.