Site Key Distribution over MDM Profile for macOS
Tobias Linder
What we would love to see is the ability to send the Site Secret Key and other optional values directly with the MDM Profile to the Mac the same way we do it with iPadOS and iOS (see screenshot). Like this we could skip the Deployment script and just push the package to the Mac the same way we normally distribute software.
It would also be very convenient for the scoping of different sites. Then we could use the same install policy for all Macs and would just have to create different MDM Profiles for different device groups.
Photo Viewer
View photos in a modal
Minetta Gould
Merged in a post:
macOS: Optionally allow admins to manage RC configs in MDM profiles.
D
Daniel Stranathan
Since it's 2026 it would be nice to manage the macOS DNSFilter agent in a more dynamic, modern method using MDM (XML/JSON) profiles rather than flat UNIX-style text files. There should be a way for the RC agnate to check a MDM file like '/Library/Managed Preferences/com.dnsfilter.agent.macos.plist' before checking '/Library/Application Support/DNSFilter Agent/daemon.conf'
Minetta Gould
Merged in a post:
XML Configuration MDM Suggestion
M
Matthew Jurado
You have 3 XML MDM payloads that must be downloaded and pushed via MDM. Combined_Certificates, DNSAgent Extension, DNSAgent Proxy. I’m downloading the MSP/Whitelabel versions.
When they are uploaded in the the MDM (ours is Addigy), they show up as the snips I have attached. Note the Combined_Certificates payload uploads as ‘Untitled.’
It would be nice if the uploaded 'PayloadDisplayName' values were DNS Filter Combined Certificates MSP, DNS Filter Agent Extension MSP, DNS Filter Agent Proxy MSP. This way, all 3 would be grouped together and easier to find in a larger MDM Catalog (again we use Addigy).
The Standard versions of these files appear to have slightly different names, I would suggest the same three names above, minus the MSP word.
M
Matthew Koch
Ideally, we could have a single mobileconfig file with all of the configuration: no more daemon.conf or configuration.json, and have everything in a single mobileconfig file for deployment (SSL trust, extensions, site enrollment key, etc). This would greatly improve MDM deployment as there can be race conditions with multiple MDM policies.
Jonathan Bullock
I think at one point in time there was a way to auto approve all devices coming from a specific IP address for a short window.