I use SyncroMSP for my RMM/PSA, and a new client CEO sent the following picture that gets prompted when you install the Syncro agent on a Mac. They have some employees that use their company machines for personal as well (photos, apps, etc). We’re working through approved and non-approved, but I was wondering if other RMM agents ask for the same level on a Mac, and how you quell their anxiety? I wanted to say “What are you so worried that I’m going to come across?”, even though I have zero time to be looking around for obscene photos/files/etc. I told him my “tools” needed this access to scan for things with security products like AV/Threathunting/etc, and wouldn’t he want to make sure that info is secure and free of malicious items, but obviously in a much nicer way, and he changed his tune by the end of the call, but it was hard for me to not say something to the effect of if I can’t see all of your computer, I can’t provide security to you, and therefore you could be the piece that lets in something bad. Would love to hear how other RMM’s install on a Mac, and if they require Full Disk Access (but in my head I’m thinking they all do)…and same when I start to roll out my managed security items.
All RMM agents, remote software and even apps need specific level of permissions. Addigy puts on a full MDM profile. If you’re also having Spalshtop installed you’ll need to do the same in Splashtop streamer. I have customers that don’t turn on screen recording for Syncro and the only thing I see is the screenshot in the Asset record shows permissions not granted and they can’t send screen shot opening ticket. Funny thing it’s usually Residential people for me. My Corporate customers understand the need for it all to be able to fully manage computers. You can see from screenshot they haven’t allowed anything full disk access so some Apps won’t update properly. AV also needs full disk access.
Garret nailed it. Macs are a much different animal when it comes to automation, and without the use of something like Addigy or another MDM, most “tools”, including all RMMs will need specific permissions granted in order to properly function.
Ya know what’s even more fun, the new M1 Macs, now you can’t just have the user accept the MDM enrollment with Addigy, you have to reboot into Recovery and turn on “Reduced Security” in the Startup options lol. Such a pain, but a necessary evil.
@garret @mgiordano thanks for the replies. Yeah, I’m looking at potentially using Addigy at some point, but the minimum spend is still way more than I need. I think Pax8 had a minimum of $200. I’ve got like five Macs currently. HA! My full-time gig uses JAMF Pro, and my buddy manages things in there. I can get in and do what I need, but he creates all the scripts and such. Just trying to plan things out I guess, more than anything. Looking for a good solution that does at least “most” of what is needed to manage Macs, is multi-tenant (or taggable to break things out), and has good documention. I think Syncro could be enough, but we’ll see. Do you guys use Addigy or something else for Macs then?
Yea Addigy. I was looking at Mosyle too lately, but not sure.