SuperOps now offers granular Role-Based Access Control (RBAC) for Mobile Device Management (MDM), allowing you to define precisely who can access, configure, and perform key MDM actions. This enhancement provides greater security, accountability, and delegation capabilities for your IT team.
β
These permissions apply to both Android and IOS devices
Understanding MDM Permissions
Under the Asset Management category, you can assign three specific MDM permissions:
β
1. MDM Organisation Settings
This permission grants access to manage global MDM configurations. It is ideal for administrators who oversee the initial MDM setup, integration, and overall policy structure. Technicians with this role can:
Link Apple Business Manager (ABM) or Android Enterprise accounts.
Set up APN or Android Enterprise tokens.
Manage default enrollment and policy configurations.
2. MDM Device Enrollment
This allows users to enroll and assign devices to MDM. By assigning this role, you ensure only authorized technicians can add new devices to your managed environment. This permission allows them to:
Add or import new devices.
Generate enrollment profiles or QR codes.
Assign devices to sites, users, or policy sets.
3. MDM Device Wipe
This critical permission enables the secure remote wipe of managed devices, erasing all data and configurations. It is essential for data security in case of device loss, theft, or reassignment. Due to its irreversible impact, this permission should be limited to trusted senior administrators.
How to Configure MDM Permissions
Navigate to Settings > Technician Roles. You can also create a customised role by clicking on "Create"
On the 'Edit technician role' screen, scroll down to the Asset Management section. To grant MDM permissions, select the checkbox next to 'MDM Organization settings'. This will automatically enable the related sub-permissions for 'MDM device enrollment' and 'MDM device wipe'.
Click Save in the top-right corner to apply the changes.
Understanding MDM Permissions
Under the Asset Management category, you can assign three specific MDM permissions:
β
1. MDM Organisation Settings
This permission grants access to manage global MDM configurations. It is ideal for administrators who oversee the initial MDM setup, integration, and overall policy structure. Technicians with this role can:
Link Apple Business Manager (ABM) or Android Enterprise accounts.
Set up APN or Android Enterprise tokens.
Manage default enrollment and policy configurations.
2. MDM Device Enrollment
This allows users to enroll and assign devices to MDM. By assigning this role, you ensure only authorized technicians can add new devices to your managed environment. This permission allows them to:
Add or import new devices.
Generate enrollment profiles or QR codes.
Assign devices to sites, users, or policy sets.
3. MDM Device Wipe
This critical permission enables the secure remote wipe of managed devices, erasing all data and configurations. It is essential for data security in case of device loss, theft, or reassignment. Due to its irreversible impact, this permission should be limited to trusted senior administrators.
Summary
By leveraging enhanced RBAC for MDM, you can create a more secure and efficient operational workflow. Assigning specific MDM permissions ensures that technicians have access only to the tools they need, reducing the risk of accidental changes or unauthorized actions.