This article explains how to add Mac OS devices to Endpoint Manager.
Once added, you can remotely deploy configuration profiles for various device settings and implement antivirus protection.
MAC devices can be added either with or without installing the Endpoint Manager profile.
Apple only allows one portal to use the protocol which manages devices. This causes issues with customers who want to use Endpoint Manager in conjunction with another management platform.
'Profile-less' enrollment lets you use Endpoint Manager to manage security while using another platform for general Mac management.
However, you cannot manage the following items if you choose 'profile-less' enrollment:
Certificates
Restrictions
VPN
Wi-Fi
You can choose whether or not EM profile is installed along with enrollment while adding the device for a user.
Prerequisite - You need an Apple Push Notification (APN) certificate on your EM instance if you wish to manage Mac devices by applying MDM profile. See this wiki if you need help to do this.
Enrollment involves the following steps:
Enroll user devices to Endpoint Manager - Create an installation package then send an email to users with a link to install the package.
Install the package on the device - User clicks the link in the mail to install the package on the device.
Note - You need to add users (device owners) before you can enroll their devices. Please see this wiki if you have not yet added users:
Enroll user devices to Endpoint Manager
Login to Comodo One / Xcitium
Click 'Applications' > 'Endpoint Manager'
Click 'Users' > 'User List' on the left
Select the users for whom you want to add devices then click 'Enroll Device'
Or
Click the 'Add' button on the menu bar then 'Enroll Device'.
The device enrollment wizard starts:
Select Device
Choose 'Other device'
Specify User
Any users you selected earlier are listed in the 'Specify User' box
You can add additional, existing users by simply typing their email address in the box. Endpoint Manager will auto-suggest users that have already been created.
Create New User – Click if you want to add a new user to Endpoint Manager. You cannot add devices unless you have first added the users that own them. The add-user process is explained here.
Click 'Next' to proceed to step 2.
Step 2 – Enrollment options:
Select Operating System of the Device
Choose 'macOS'
Select Enrollment Type
EM uses two clients:
Communication Client (CC) - Connects the device to Endpoint Manager for central management. It is mandatory to install this client.
Comodo Client - Security (CCS) - This is the security software that provides antivirus protection. It is optional to install this client.
Choose whether you want to only install CC, or both CC and CCS.
Enroll and Protect - Installs both CC and CCS.
Just Enroll - Installs only the communication client (CC). You can remotely install CCS at a later time.
Select Method
Choose whether or not MDM profile from EM should be installed on the device along with the enrollment.
With MDM profile (recommended) - Installs both the communication client and the Endpoint manager configuration profile. You can use the full suite of Endpoint Manager tools on your devices
Without MDM profile - Installs only the communication client for connection to EM. 'Profile-less' enrollment lets you use Endpoint Manager to manage security while using another platform for general Mac management.
Device Name Options
Do Not Change - The device’s existing name is used to identify it in the Endpoint Manager.
Change - Enter a new device name.
Click 'Next' to proceed to step 3
Step 3 - Installation Summary
Review your choices so far:
Click ‘Back’ or 'Change Configuration' (top-right) to revise your choices.
Click 'Next' to proceed to step 4
Step 4 - Installation Instructions
The final step is to send the enrollment emails to the device owners:
Send To Email - Click to send enrollment mails to users with the settings you choose in steps 1, 2 and 3.
Tip: Alternatively, you can copy the link and forward to the user through any out-of-band communication method.
Click 'Finish' to exit the wizard
An example email is shown below:
Users must open the mail on the endpoint itself.
Download and install the client
Open the mail on the target device and click the enrollment link. This starts the setup wizard.
Click the 'Download macOS Installer' button and save the file:
The EM client setup package file gets downloaded.
Open the file to install the communication client.
Follow the wizard to complete the installation.
If the package has been configured to install the EM profile, the device profiles screen appears when installation is complete:
After installation, the communication client will connect to the Endpoint Manager and enroll the device.
Comodo Client Security (CCS) will also be installed if you included it in the setup process. If not, you can remotely install CCS later, after device enrollment. See this wiki if you need help to install CCS on the device.
Any Endpoint Manager profiles assigned to the user will now be applied to the device.
If no profiles are assigned to the user, then the default Mac OS profiles are applied to the device.
The device can now be remotely managed from the EM console.