Workspace Control

Multi-organization account, device, software, policy, and access management.

Authentik Native SSO Fleet Run automation
ADE devices
2
Assigned from Apple Business Manager
Enrollment
100%
MDM endpoint
Live
https://mdm.qyron.app/enroll.mobileconfig
Identity links
0
Recorded from enrollment login

MDM

Apple zero-touch enrollment, setup experience, device assignment, and post-enrollment software.

APNs configuration

Valid

Certificate UID

com.apple.mgmt.External.6ed00ed1...

Renewal state

Tracked by swarm-ops monthly automation

Automated enrollment

Active

Token state

QUANTIQ management service is assigned in ABM

Default profile

D04A3F004A2C5B04C2C17F6A605B9FB7

Enrollment policy

Draft

Workspace Control macOS Zero-Touch

User association enabled, 22 setup screens skipped

Device group

MacOS Automated Device Enrollment

Zero-Touch Experience

Mac ADE profile, default group, welcome content, setup screens, and user authentication.

Welcome screen

Preview

Setup Assistant settings

User association

Records the Authentik user against the Apple enrollment session.

Welcome to IMAGINETEC

In just a few steps, you will be working securely from your Apple device.

Policy Management

Enrollment policy, group assignment, and device targeting.

Mac - Workspace Control MDM Enrollment

macOS 11+

Policy behavior

Install the MDM enrollment profile on targeted company-owned macOS devices.

Activation

Requires MDM to be configured and the device serial to be assigned from ABM.

Security baseline

Next

Planned controls

FileVault, lock screen, firewall, VPN, software catalog, and compliance status.

Devices

ABM assignments and enrollment status for newly added hardware.

SerialSourceGroupAssociated userEnrollment profileStatus
GCHQCL4HFFApple Business ManagerMacOS Automated Device EnrollmentNot associated yetD04A3F004A2C5B04C2C17F6A605B9FB7Awaiting login
G6GWGVM6W7Apple Business ManagerMacOS Automated Device EnrollmentNot associated yetD04A3F004A2C5B04C2C17F6A605B9FB7Awaiting login

Enrollment Associations

Recent Authentik users captured from Apple enrollment web authentication.

TimeUserSerialProductSession
No enrollment login has been recorded yet.

Software Management

Post-enrollment installation and compliance targets.

Open Fleet
ApplicationOwnerTargetMethodStatusSecret
Fleet OrbitFleetDMmacOS ADE devicesPackage installNeeds package pathFleet enroll secret
NetBirdNetBirdmacOS ADE devicesFleet scriptScript readyFLEET_SECRET_NETBIRD_SETUP_KEY
UTMUTMApple SiliconFleet scriptScript readyNo secret
FileVaultApple MDMCompany MacsConfiguration profileProfile plannedRecovery key escrow

Command Center

Canonical operations generated from the current screen state.

ansible-playbook -i inventories/production.yml playbooks/sync_dep_devices.yml \ -e dep_define_profile=true \ -e dep_set_assigner=true \ -e dep_auto_assign_fetched=true \ -e dep_assign_serials=true \ -e dep_profile_name="Workspace Control macOS Zero-Touch" \ -e dep_mdm_url="https://mdm.qyron.app/mdm/enroll" \ -e dep_skip_setup_items="Accessibility,AppleID,Appearance,AppStore,Biometric,Diagnostics,FileVault,iCloudDiagnostics,iCloudStorage,Intelligence,Location,OSShowcase,Payment,Privacy,Restore,ScreenTime,Siri,TermsOfAddress,TOS,UnlockWithWatch,UpdateCompleted,Welcome" \ -e dep_configuration_web_url="https://workspace.qyron.app/enroll/apple"

Enrollment flow

Live model

ABM assignment

Two serials assigned to QUANTIQ management service

Complete

NanoDEP profile

Default assigner points at D04A3F004A2C5B04C2C17F6A605B9FB7

Active

Setup Assistant

Welcome, auth, and skip items controlled by the ADE profile

Ready

Post-enrollment software

Fleet runs NetBird and UTM installers after enrollment

Pending Fleet attach

Roadmap Scope

The product surface is intentionally broader than MDM.

Identity

Users, groups, orgs, credentials, app access, and audit flow.

Devices

ADE, inventory, compliance, MDM commands, recovery, and ownership.

Network and software

NetBird, packages, app catalogs, software state, and remote commands.