New Security Device Facts
Coming in the next Addigy update are 18 new security device facts. These new facts will give you even more power to monitor the current state of your fleet of devices and further leverage remediations when devices are not properly secured. These new facts include being able to quickly determine the status of firmware security on Mac devices, Passcode states on iOS devices, the type of enrollment methods for each devices, and more.
The security Device Facts can be added to the Devices view table and appear in the GoLive Device Fact list on the Device Overview tab. The new Facts will also appear on the GoLive Device Security tab. Security Facts that do not apply to the device type being viewed on GoLive will not appear. Facts that do not apply to the current device will appear in the Devices view with a value of “n/a”.
The New Facts
(note that these device facts are collected via MDM and require devices to be enrolled with Addigy MDM)
Fact | Supported OS, Hardware | Values | |
External Boot Level | macOS 15+ with T2 | Allowed, Disallowed, or Not supported | |
Secure Boot Level | macOS 15+ with T2 | Off, Medium, Full, Not Supported | |
Hardware Encryption Capability | iOS | Block-level encryption, File-level encryption, or Both. | |
Enrolled via DEP (Automated Device Enrollment) | iOS, iPadOS, macOS | True or False | |
User Enrollment | iOS and iPadOS 13+, macOS 15+ | True or False | |
Has MDM Profile Approved | iOS, iPadOS, macOS | True or False | |
Passcode Present | True of False | ||
Passcode Compliant with Profiles | iOS and iPadOS | Set to true if the userʼs passcode is compliant with requirements from profiles | |
Passcode Compliant | iOS and iPadOS | Set to true if the userʼs passcode is compliant with all requirements on the device, including Exchange and other accounts. | |
Passcode Lock Grace Period Enforced ** | iOS and iPadOS | The current enforced value for the amount of time in seconds the device must be locked before unlock will require the device passcode. | |
Passcode Lock Grace Period ** | iOS and iPadOS | The user preference for the amount of time in seconds the device must be locked before unlock will require the device passcode. The minimum value is 0 and the maximum value is 14400 seconds. | |
Firewall Allowed Applications | macOS | List of apps allowed through enabled firewall | |
Firewall Block All Incoming Connections | macOS | True of False | |
Firewall Enabled | macOS | True or False | |
Firewall Stealth Mode Enabled | macOS | True or False | |
Firmware Password Exists | macOS | True or False | |
Firmware Password Change Pending | macOS | True or False | |
Firmware Passwords Allow Orams | macOS | True or False |
** For Passcode Lock Grace Period values to report anything other than 0 (Immediate), Settings→ Touch ID & Passcode → iPhone Unlock must be disabled.
Additional Resources
The new security Device Facts are available to create Custom Monitoring and Alerting. See this KB article for details.
To add remediation to the alerts you have created, see this KB for details.
For additional details on these facts please see Apple’s MDM Protocol Reference.