Apple for work: How to secure Apple devices in your enterprise with Hexnode MDM

6 min readMay 14, 2020
Need to remotely manage employee iPhones, Macs and iPads? Hexnode offers the tools you need.

Does your organization use Apple devices? If so, you’ve nailed the first step. It’s a well-known fact that the Cupertino folks deal a better hand than Android when it comes to enterprise security. You’ve started off strong by equipping your employees with the best in class Apple devices. But to win the round, you need to know how to make the best out of your cards. And that’s exactly what Hexnode is here for.

Keep your workplace secure from threats with an easy-to-use centralized MDM platform.

Hexnode is a Unified Endpoint Management solution that provides cutting edge technology to monitor and control your corporate Apple devices. Hexnode provides you with a secure and easy to use platform that you can use to leverage the market-leading security and endpoint management features exposed by Apple. So let’s get right into it.

Make the most out of managing your MacBooks

Managing your organization’s deployed MacBooks is easier than ever.

Hexnode offers many tools for managing MacBooks within your organization. They include:

  • Want more security? Encrypt with FileVault.

What better way to protect your data than to encrypt it? With Hexnode, you can mandate full disk encryption on macOS devices using Apple’s built-in FileVault for added security.

  • Set up strict work hours.

For a more accurate productivity analysis, you can set up time limits on MacBooks to restrict users from logging in outside of office hours.

  • Smart login with smart cards.

Do you prefer to retain more control over who gets access to your organization’s devices? Enable smart card authentication for login, authorization and screensaver unlock. Use this feature to set up certificate validation for authentication.

  • Preapprove kernel extensions.

Some applications might require access to modify the core operating system of MacBooks. However, your employees might not all be tech-savvy enough to crack the process of adding kernel extensions. With Hexnode, you can preapprove the required kernel extensions and allow user overrides as well.

  • Use a firewall.

Unpatched security holes are basically welcome notes to hackers, keyloggers and trojans. Shield your MacBooks by enabling a firewall. Then you can monitor all incoming and outgoing traffic on the network.

  • Automate tasks with scripts.

Create powerful workflow solutions with macOS scripting. Hexnode lets you deliver and execute scripts over the air to automate complex, repetitive and time-consuming tasks.

  • Enable content caching.

Use this feature to cut down on internet usage and accelerate software installation on your employees’ devices. Content caching lets you download software updates to a single server, and then distribute them to other devices offline.

  • Waste no time with setup assistant.

Get right into the action. Use Hexnode to configure the MacBook setup assistant so the user can skip the initial setup options while activating the Mac for the first time.

Clever tricks to control corporate iPhones and iPads

Take control of iPhones and iPads you’ve issued with powerful MDM tools.

Hexnode also offers powerful options to manage employee iPads and iPhones.

  • Easy user enrollment for BYOD.

Get on board with BYOD. Apple’s user enrollment method creates separately managed APFS volumes for personal and work information. This deployment mode limits your IT department’s control of employee-owned personal devices.

  • Managed domains and business containerization.
Easily allow employees to separate their personal stuff from your critical business data.

With BYOD on the rise, strict partitioning between work data and personal data becomes a necessity. Hexnode lets you use managed domains to specify enterprise domains and ensure secure access to documents originating from these domains. Set up a business container to control the flow of personal and corporate data between apps.

  • Safeguard your data.

What better precaution to take than making sure the valuable information stored on your device is not erased by mistake? Using Hexnode ,you can disable the “Erase content and settings” option in iOS to protect the data.

  • Bypass Activation Lock

If a previous employee returns a device with Activation Lock on, Hexnode lets you bypass this iOS security feature. (With Activation Lock enabled, you are required to provide the former associate’s email account and its password in order to set up your device after wiping it.) Then you can set it up as a new device for another employee. You also can make use of Hexnode’s Clear Activation Lock action for the same.

  • Control telecom expenses.

Moving on to wise monitoring, it comes as no surprise that telecom costs are rising by the day. With Hexnode’s Network Usage Rules policy, you can set up app wise restrictions on cellular data and roaming usage. Keep track of your devices’ data usage to control your telecom expenses.

  • A secure but fun Messenger

Important messages being missed as they are being drowned in a sea of other messages? Worried about the security aspect of using third-party messenger apps? The secure but fun Hexnode Messenger is the answer to all your worries. It’s a strictly corporate messenger that lets you broadcast and prioritize messages to your employees’ devices, right from the Hexnode console, without any delay.

  • Add a custom Home screen layout, wallpaper and more.

Hexnode also lets you add a personal touch. You can customize how your employees’ devices look with a custom wallpaper featuring your company’s logo. And you can arrange the app icons on their Home screens to maximize productivity.

Bonus features for exceptional productivity

Powerful tools make it easy to manage employee devices.
  • Lock them up with passcodes.

You can set up strict passcode policies with Hexnode to guard your corporate treasures. Define the password length, complexity, expiry details and even the duration after which the device is to be auto-locked.

  • Enforce app usage by making them mandatory.

Does your company use a number of productivity apps to monitor employees’ work? If so, why don’t you push them onto your employees’ devices over the air through the Hexnode portal? Just set them as mandatory apps. Then, their absence will mark devices as noncompliant on the admin console.

  • Deploy OS updates remotely

You can schedule and deploy OS updates over the air to make sure that your organization’s devices remain up to date. You can choose to notify the user, download the update or enforce the update as well.

  • Filter out unsafe websites.

Worried about your employees visiting unsafe websites prone to phishing attacks? Hexnode offers tools that let you filter out unsafe websites. You can use the Web Content Filtering option to create a whitelist of allowed websites. Alternatively, create a blacklist to block malicious websites.

  • Add a custom message for your lock screens.

Lost or stolen devices always prove to be a pain. Use this feature to leave a helpful message on the lock screen with details about how to return a lost device.

  • Deploy certificates.

Certificate installation is often frowned upon for its complexity. But you can distribute credentials and identity certificates remotely to all your devices from a single console with Hexnode.

  • Connect to your office printer right away.

Losing valuable office hours setting up devices? You can preconfigure the AirPrint credentials on iPhones and MacBooks so your employees can connect to the office printer right away.

Even more Hexnode MDM tools

On top of these, Hexnode also provides advanced management capabilities for iOS, iPadOS macOS and tvOS devices by integrating with Apple Business/School Manager. Starting from a simple screensaver to business containerization and managed domains, Hexnode has it all covered.

With the security landscape changing every year, businesses are required to adapt rapidly to overcome the rising threats. Hexnode provides a modern solution that can help you conquer these security hazards.




Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.