- 30 Dec 2024
- 3 Minutes to read
- Print
- PDF
Apple Settings
- Updated on 30 Dec 2024
- 3 Minutes to read
- Print
- PDF
From this section you can configure additional settings for better management of iOS and macOS devices. This article describes settings offered under Scalefusion Dashboard and how IT Admins can configure them.
How to Access
These settings can be configured by navigating to Utilities > Global Settings > Apple Settings on Scalefusion Dashboard.
User Account Management Settings
Capture and sync Apple ID of user accounts
For Scalefusion managed macOS devices, you can capture the Apple IDs of user accounts. The ID captured and synced is shown at following places:
- Device Info (Full Device Information > Device info), under iTunes Account Id.
- Device User Accounts Report
- User account information on clicking Info icon in User Accounts section
To capture Apple ID,
- Navigate to Utilities > Global Settings > Apple Settings
- Under User Account management settings, select one of the options from the drop-down:
- Not Configured: If you select this option, the Apple ID is not captured and shown as N/A
- Only Enrolled User: The Apple ID of only the enrolled user gets captured
- All User Accounts: Captures Apple IDs of all user accounts existing on the device
- Click on Save Settings
Configure Entitlements for BYO, User Based Enrollment and Apple User Enrollment on iOS devices
By enabling and configuring these settings, you can provide granular privacy controls for BYO, User Authenticated, and Apple User Enrolled (AUE) devices, to all device types (including supervised ones) for organizations prioritizing comprehensive employee privacy.
To configure settings,
- Navigate to Utilities > Global Settings > Apple Settings,
- Following are the settings that can be configured:
- Select Target: Admins can select the target where these controls will apply, by selecting one of the following:
- Unsupervised devices
- All devices: All devices means Supervised as well, for cases where an organization provides devices to employees.
- Allow device lock and passcode removal: Controls Scalefusion's ability to remove device locks and passcodes.
- Allow device erase: Controls Scalefusion's ability to remotely wipe the device.
- Allow query of network information: Controls Scalefusion's access to potentially private network data like phone numbers, SIM card numbers, and MAC addresses.
- Select Target: Admins can select the target where these controls will apply, by selecting one of the following:
Important Notes:
- These settings apply only during enrollment, not after. Changing these settings after a device has enrolled will have no effect on that device.
- These controls are specifically for devices enrolled via BYO, User-based enrollment, Managed Apple IDs (MAID) or Apple User Enrollment methods.
Create Admin Account
On enabling this, you can configure the Global Admin settings where a new admin account will be created using the specified details.
Pre-requisite: Scalefusion MDM Client (agent app for macOS) should be installed.
- Skip Account creation if DEP Admin account already exists: If this is enabled, a new global admin account will not get created if ADE Admin account already exists on the device. Provide the following details to create global admin account:
- Account Full Name
- Account Username
- Password: The configured password will be visible in the User Info section on the Device Details page. Select one of the options from below:
- Automatically generate a unique password per device
- Configure a static password: Enter a password for logging in with admin account. Password should be 8 characters or more and should adhere to Organization's password policy
- Mark as Hidden Account: With this enabled, the admin account will be created but won't be visible on the device.
- Admin Account Name conflict handling: Configure how to handle local account name conflicts for Global Admin Account by choosing one of the following options:
- Skip Creation: This will skip the creation of Global Admin Account.
- Delete Existing Account: This will delete the existing account and create a new one with the specified Username. Use this option with caution as this may cause Data Loss
- Mark as Global Admin: If you have configured Global Admin with a username that already exists on device as a local user, then the account will be converted to Global admin.
Enable Service Account Maintenance
If enabled, user will be prompted to enter the credentials in order to perform the maintenance activities for Service Admin accounts.
- Password Sync: User credentials will be used to reset password of Global and ADE Admin accounts if it was changed locally.
- Grant Secure Token Access: User credentials will be used to grant Secure Token to Global and ADE Admin accounts.
- Prompt frequency: Configure the frequency at which users will be prompted to enter credentials, from the following options:
- 12 hours
- 24 hours
- On Every Login
- Prompt Message: Configure the message that will appear when the user will be prompted
- Click on Save Settings