New Security Device Facts

John Sutcliffe
November 20, 2019

Coming in the next Addigy update are 18 new security device facts. These new facts will give you even more power to monitor the current state of your fleet of devices and further leverage remediations when devices are not properly secured. These new facts include being able to quickly determine the status of firmware security on Mac devices, Passcode states on iOS devices, the type of enrollment methods for each devices, and more. 

The security Device Facts can be added to the Devices view table and appear in the GoLive Device Fact list on the Device Overview tab. The new Facts will also appear on the GoLive Device Security tab. Security Facts that do not apply to the device type being viewed on GoLive will not appear. Facts that do not apply to the current device will appear in the Devices view with a value of “n/a”. 

The New Facts

(note that these device facts are collected via MDM and require devices to be enrolled with Addigy MDM)

Fact Supported OS, Hardware Values
External Boot Level  macOS 15+ with T2 Allowed, Disallowed, or Not supported
Secure Boot Level macOS 15+ with T2 Off, Medium, Full, Not Supported
Hardware Encryption Capability iOS Block-level encryption, File-level encryption, or Both. 
Enrolled via DEP (Automated Device Enrollment) iOS, iPadOS, macOS True or False
User Enrollment  iOS and iPadOS 13+, macOS 15+ True or False
Has MDM Profile Approved iOS, iPadOS, macOS True or False
Passcode Present True of False 
Passcode Compliant with Profiles iOS and iPadOS Set to true if the userʼs passcode is compliant with requirements from profiles
Passcode Compliant iOS and iPadOS Set to true if the userʼs passcode is compliant with all requirements on the device, including Exchange and other accounts.
Passcode Lock Grace Period Enforced ** iOS and iPadOS The current enforced value for the amount of time in seconds the device must be locked before unlock will require the device passcode.
Passcode Lock Grace Period ** iOS and iPadOS The user preference for the amount of time in seconds the device must be locked before unlock will require the device passcode. The minimum value is 0 and the maximum value is 14400 seconds.
Firewall Allowed Applications macOS List of apps allowed through enabled firewall
Firewall Block All Incoming Connections macOS True of False
Firewall Enabled macOS True or False
Firewall Stealth Mode Enabled macOS True or False
Firmware Password Exists macOS True or False
Firmware Password Change Pending macOS True or False
Firmware Passwords Allow Orams macOS True or False

** For Passcode Lock Grace Period values to report anything other than 0 (Immediate), Settings→ Touch ID & Passcode → iPhone Unlock must be disabled.

Additional Resources

The new security Device Facts are available to create Custom Monitoring and Alerting. See this KB article for details.

To add remediation to the alerts you have created, see this KB for details.

For additional details on these facts please see Apple’s MDM Protocol Reference.