General - macOS Endpoint Management Baseline
Table of Contents
Users retain administrative rights on their macOS devices and can perform all admin-level functions. However, several applications cannot be removed, as they are configured to be automatically reinstalled should a user attempt to uninstall them. Those applications include Workspace ONE Intelligent Hub, Lansweeper, and GlobalProtect. If you experience any issues with these applications such that you would like one or more of them to be removed, please contact the LTG Help Desk.
- Used for software deployment, profile management, and security compliance
- Allows LTG to inventory hardware and software for asset tracking and lifecycle management
- Used for VPN access
- renames the device to include the last eight (8) digits of its serial number;
- Example: "GLS-MLAP-1A2B3C4D"
- sets the time zone to either Central Standard Time or Central Daylight Time, depending on the current date; and
- enables Apple Remote Desktop.
- macOS firewall is turned on.
- Certain kernel extensions, also known as "kexts," and system extensions are enabled to make deployed software operational.
- Users are allowed to grant both kernel extensions and system extensions permissions for software they install manually.
- A password is required if the macOS device is awakened from sleep mode.
- The initial login window will prompt for both a username and password.
- An LTG Admin account is added.
- The password for this account is unique for every macOS device (i.e., no two devices have LTG Admin accounts with matching passwords), and the password changes regularly.
- Cisco Secure Endpoint (AMP) - An Introduction to Cisco Secure Endpoint (AMP)
- Qualys - An Introduction to Qualys Cloud Platform for Vulnerability Management
If you would like any of the optional software listed above added to your macOS device, please contact the LTG Help Desk, and they will add your device to the appropriate group to automatically receive it.