VMware AirWatch 9.0 Adds New Admin Capabilities for macOS Management

Jan 9, 2017
Claire Feeney


Claire Feeney is a senior product marketing manager at VMware focused on mobility. Her love for reading and writing began at an early age, and she enjoys combining her passion for writing with her interests in mobile technology. An Apple enthusiast since she held her first click wheel iPod, she loves covering technology stories that highlight business transformation through business mobility. Claire graduated from the University of Georgia with a BBA in marketing.

Share This Post On

VMware Workspace ONE, powered by VMware AirWatch 9.0, is now generally available, including new features and functionality for macOS management. AirWatch already supported macOS Sierra on the day of availability, adding new restrictions and more features to support the Device Enrollment Program (DEP). And, a highly requested feature is also included in the release: pre-staged admin accounts for macOS laptops enrolled through the DEP.

Read on to learn more about configuration admin accounts for macOS management, and watch our on-demand webinar for a closer look at what’s new for both macOS and iOS in AirWatch 9.0.

AirWatch iOS and macOS management webinar

Pre-Staged Admin Accounts for macOS Management

Apple’s macOS 10.11 (El Capitan) brought the capability to stage a local, administrative user account through DEP enrollment (with the option to hide the admin account). In AirWatch 9.0, this feature is supported as part of a staging workflow, via the DEP profile configuration. This allows users to have a non-administrator, user account, while the AirWatch administrator gains a hidden administrator account that can be used for troubleshooting.

To set up a typical workflow, perform the following:

  • Click Devices > Profiles & Resources > Profiles > Add > Add Profile > macOS > Device Profile.
  • Configure a profile with a Directory payload and assign it to assignment groups that will contain your DEP-enrolled devices.
    • This payload binds the macOS device to your directory. Information about this payload can be found in the macOS Platform Guide in MyAirWatch.
  • Click Devices > Device Settings > Apple > Device Enrollment Program.
  • Click Add Profile.
  • In the DEP profile settings, set the following:
    • Authentication: Off
    • Staging Mode [None, Single User or Multi-User]
    • Default Staging User
    • Await Configuration: Enabled
    • Account Setup: Skip
    • Admin Account Creation details (including whether to hide the account)
  • Save the DEP profile.
  • Assign the profile using batch upload or manual assignment in the Enrollment Lifecycle page (per the VMware AirWatch Guide for the Apple DEP on MyAirWatch).

When the device completes enrollment, the device will be bound and allow log-in by Network user accounts (while the administrator account will be pre-staged and hidden).

macOS Admin Account Creation - GIF

468 ad