Addigy’s New MDM Watchdog Utility: How to Resolve MDM Issues with macOS
In July 2011, Apple released macOS 10.7 Lion, which marked a significant shift in the way macOS devices are managed and deployed, specifically thanks to the introduction of MDM and MDM Profiles. Over the years, Apple has continued to improve its MDM management layer, adding support for managing macOS system updates via MDM commands at WWDC 2020 and expanding the MDM commands and protocol available for system updates at WWDC 2021. To stay in line with Apple’s native tools and support and to continue making system updates as seamless as possible, Addigy has launched system updates via MDM.
As MDM commands and frameworks are increasingly used for device management, the health and responsiveness of the macOS MDM stack on the device are critical. If the MDM client on the device is unresponsive, the necessary MDM actions can be delayed. To address this potential issue, the Addigy Product and Engineering Teams developed a new utility into the Addigy MDM Watchdog on the device. The new addition of MDM watchdog monitors the is_mdm_client_stuck and is_mdm_softwareupdated_stuck device fact values, and if they are stuck, the feature performs automated remediation after a device audit in which the condition was found.
But what can cause these stuck facts, and what should you look for on the device? It has been observed that the mdmclient binary gets stuck after executing the OSUpdateScan command, and it stops communicating with MDM. This information is collected on the device using the unified system logging binary, filtering for the mdmclient process, and looking for indicators of a hung service. The search results, if a hung service is found, are critical to understanding why updates or communications are not occurring in a timely manner. Relying on the MDM stack for updates and then having the update process start hanging up can lead to a chicken-and-egg problem, in which the device may end up in a hung state. Addigy’s Watchdog Utility steps in and bounces the services needed, similar to a reboot, to get the device up and communicating again.
The MDM Watchdog Utility is available now to all Addigy customers. We will also release an MDM Watchdog Utility that is free to customers of all MDM vendors within the next three weeks. Click here to view the official news release.
For more information on the new MDM Watchdog Utility, check out the Knowledge Base article.