Maintaining Mac Device Enrollment

Perform regular maintenance tasks to ensure that Mac Device Enrollment successfully performs scheduled activities on all the targeted endpoints and does not overuse endpoint or network resources. If Mac Device Enrollment is not performing as expected, you might need to troubleshoot issues or change settings. See Troubleshooting Mac Device Enrollment for related procedures.

Perform as-needed maintenance

Specify different Tanium Client version to install

You can specify to install the latest Tanium Client version, if the client has been updated after the initial tenant creation. You can specify a different Tanium Client version to install than was specified during the initial tenant creation. After you specify the latesta different client version, you must complete the request file sharing process again.

  1. (Optional) Update the client configuration in Tanium Client Management that supports macOS. For information, see Create a client configuration.

    If you want to install the latest client version and the initial client configuration specified the Latest version, skip this step. If you want to install a specific version, update the version in the client configuration.

  2. From the Main menu, go to Administration > Shared Services > Mac Device Enrollment.
  3. From the Mac Device Enrollment menu, click Configuration.
  4. For MDM Tenant, click Configure > Edit Details.
  5. From the Client Configuration dropdown list, select the updated Tanium Client Management client configuration.

  6. Click Update Client VersionDownload File and provide the downloaded request file along with a request to update your Tanium Client installer image to Tanium Support.

    Your support representative uploads the request file to the Tanium MDM Cloud to update the Tanium Client installer image.

Install Tanium Client on devices after enrollment

The Tanium Client is installed on devices as part of both the automated device and user-assisted enrollment. If necessary, you can re-install or upgrade the Tanium Client on a device without re-enrolling the device.

For example, you might re-install the client to troubleshoot issues or you might upgrade to the latest client version as a best practice. For guidance about client upgrade frequency, see Tanium Client Management User Guide: Review and upgrade Tanium Client versions.

You can install the Tanium Client version specified for your tenant in the Tanium MDM Cloud. To change this version, see Specify different Tanium Client version to install.

  1. From the Mac Device Enrollment menu, click Data Explorer.

  2. Select one or more devices and click Install Tanium Client.

    Confirm the client version that Tanium will install.

Perform annual maintenance

Renew an Apple MDM Push Certificate

Apple MDM Push Certificates, also referred to as APNs certificates, are valid for one year. You must renew the certificate each year using the same Apple ID that you used to create it. If you do not renew your certificate and instead request a new certificate, Mac Device Enrollment loses the ability to communicate with enrolled devices, and all devices must be re-enrolled.

The Apple Push Certificates Portal provides options to renew or to request a new certificate. You must select the option to renew your existing certificate. Otherwise, all users are required to re-enroll their devices.

Before you begin

Make sure you have the credentials for the same Apple ID that you used when you obtained the original Apple MDM push certificate.

Renew your certificate

  1. From the Main menu, click Administration > Shared Services > Mac Device Enrollment.
  2. From the Mac Device Enrollment menu, click Configuration.
  3. For Apple MDM Push Certificate, click Configure .
  4. Click Download Certificate Signing Request to download a certificate signing request file. You upload this certificate to the Apple Push Certificates Portal to request an Apple MDM Push Certificate.
  5. Click Create Apple MDM Push Certificate to go to the Apple Push Certificates Portal and request your MDM Push Certificate. Sign in to the Apple Push Certificates Portal with the same Apple ID you used to obtain the original certificate.

    Remember to select the option to renew your certificate.

  6. In the Apple ID field, enter the Apple ID that you used to request the MDM Push Certificate from Apple.
  7. Upload the new Apple MDM Push Certificate file that you receive from Apple and click Save.

Mac and macOS are trademarks of Apple Inc., and registered in the U.S. and other countries and regions.