MDM Commands

The MDM Commands page provides access to several important functions to help you manage your Addigy instance.

Bootstrap Token
Activation Lock
Rotate FileVault Key
Unlock User Account
Delete User
List Users
Change Wallpaper
Clear Passcode
Clear Restrictions
Enable Remote Desktop
Disable Remote Desktop
Enable Bluetooth
Disable Bluetooth
Retrieve Provisioning Profiles
Deploy Provsioning Profiles
Start AirPlay Mirroring
Stop AirPlay Mirroring
Refresh Cellular Plans
System Updates
Enable Lost Mode
Lost Mode Location
Play Lost Mode Sound
Disable Lost Mode
Lock Device
Wipe Device
Restart Device
Shutdown Device
List Certificates
Enable Data Roaming
Disable Data Roaming
Disable Voice Roaming
Disable Voice Roaming
Enable Personal Hotspot
Disable Personal Hostpot
Rename Device

Bootstrap Token

Gets the bootstrap token. This command returns the bootstrap token data if it was previously set and the feature is enabled by the server.

Requires a Device Enrollment Program enrolled client
Requires macOS 10.15+.
The device must be enrolled via Business Manager or School Manager through the Setup Assistant.

Command example:

sudo profiles status -type bootstraptoken

Return example:

profiles: Bootstrap Token supported on server: Yes
profiles: Bootstrap Token esrowed to server: Yes

Apple Developer Documentation

Activation Lock

Find My iPhone Activation Lock is a feature of iCloud that makes it harder for anyone to use or resell a lost or stolen iOS device that has been enrolled under DEP.

The Activation Lock request is available in X-Server-Protocol-Version 2 and later to organizations that have enrolled through the Apple School Manager portal or Apple Business Manager portal.
Requires T2 Chip on macOS Devices.
Must be enrolled into Business Manager or School Manager
Available in GoLive > Security

Apple Developer Documentation

Rotate FileVault Key

This command resets the FileVault password when executed and uploads it to the Addigy Platform. Change the FileVault password periodically to mitigate the security risk of deployed devices.

Requires Addigy MDM
Supported on macOS 10.9+ and requires FileVault enabled on device.
Available in GoLive > Security
You may be able to rotate a key escrowed outside of Addigy MDM if Addigy has the key.

Apple Developer Documentation

Unlock User Account

Unlock a user account that has been locked because of too many failed password attempts.

Requires Addigy MDM
Support on macOS 10.13+
Available in GoLive > Users

Apple Developer Documentation

Delete User

Delete a user’s account on the device. In iOS, this command is only available in education mode. In macOS, this command requires DEP enrollment.

Requires Automated Device Enrollment (DEP).
Requires Addigy MDM
Requires iOS 9.3+ and macOS 10.13+
Command is available on macOS and Shared iPad using Device Channel
Requires Supervision (macOS)
Available in GoLive > Users

Apple Developer Documentation

List Users

Get a list of users with active accounts on the device.

Requires Addigy MDM
Requires iOS 9.3+ or macOS 10.13+
Requires Supervision
Available in GoLive > Users

Apple Developer Documentation

Change Wallpaper

Changes the wallpaper of an MDM device

Requires Addigy MDM
Requires iOS 5.0+, macOS 10.9+, tvOS 9.0+
Requires Supervision
Available in GoLive > Wallpaper Settings

Apple Developer Documentation

Clear Passcode

Remove the passcode from the device.

Requires Addigy MDM
Requires iOS 4.0+
Available in GoLive > Security

Apple Developer Documentation

Clear Restrictions

Clear the restrictions password and the restrictions set on the device. In iOS 11 and earlier, this command clears the restrictions password and all restrictions that the password protects.

In iOS 12.2 and later, if Screen Time uses iCloud to share its settings (Share Across Devices), this command disables Screen Time entirely and clears its restrictions. If the user is a child in an iCloud family, the command fails. Otherwise, if Screen Time isn’t using iCloud, this command clears the passcode, but not the restrictions, and it leaves Screen Time enabled.

Requires Addigy MDM
Requires iOS 8.0+
Available in GoLive > Security

Apple Developer Documentation

Enable Remote Desktop

Enable Remote Desktop on the computer. This command enables Remote Desktop on the device with the “All Users” access and enables the ability to receive remote events. It enables the “Observe”, “Control”, and “Show when being Observed” options. All other options will remain unchanged.

Requires Addigy MDM
Requires macOS 10.14.4+
Requires Supervision
Available in GoLive > Networking

Apple Developer Documentation

Disable Remote Desktop

Disable Remote Desktop on the computer.

This command prevents any further event processing. It removes any PostEvent TCC ability unless the device already has an installed TCC configuration profile with that ability enabled.

Requires Addigy MDM
Requires macOS 10.14.4+
Requires Supervision
Available in GoLive > Networking

Apple Developer Documentation

Enable Bluetooth

Sets the state of bluetooth on a device.

Requires Addigy MDM
This setting requires the Network Information right.
This setting takes effect even when you set the allowBluetoothModification restriction.
Requires iOS 5.0+, macOS 10.9+, tvOS 9.0+
Available in GoLive > Networking

Apple Developer Documentation

Disable Bluetooth

Sets the state of bluetooth on a device. This setting requires the Network Information access right, and is available in iOS 11.3 and later, and macOS 10.13.4 and later.

Requires Addigy MDM
This setting requires the Network Information right.
This setting takes effect even when you set the allowBluetoothModification restriction.
Requires iOS 5.0+, macOS 10.9+, tvOS 9.0+
Available in GoLive > Networking

Apple Developer Documentation

Retrieve Provisioning Profiles

Get a list of installed provisioning profiles on the device.

Requires Addigy MDM
Requires iOS 4.0+, tvOS 10.2+
Available in GoLive > Deployments > Provisioning Profiles

Apple Developer Documentation

Deploy Provsioning Profiles

Install a provisioning profile on the device.

Requires Addigy MDM
Requires iOS 4.0+, tvOS 10.2+
Available in GoLive > Deployments > Provisioning Profiles

Apple Developer Documentation

Start AirPlay Mirroring

Configure the device to mirror its display on another device.

Requires Addigy MDM
Requires iOS 7.0+, macOS 10.10+
Available in GoLive > Networking

Apple Developer Documentation

Stop AirPlay Mirroring

Stop mirroring of the display on another device.

Requires Addigy MDM
Requires iOS 7.0+, macOS 10.10+
Available in GoLive > Networking

Apple Developer Documentation

Refresh Cellular Plans

Query a carrier URL for active eSIM cellular-plan profiles.

Requires Addigy MDM
Requires iOS 13.0+
Available in GoLive > Networking

Apple Developer Documentation

System Updates

Schedule a background scan for OS updates on the device.

Requires Addigy MDM
Requires macOS 10.11+
Available via Addigy API

Apple Developer Documentation

Get a list of available OS updates for the device. This command is also available to execute on managed devices that aren’t enrolled in the Device Enrollment Program (DEP). A device must have a total of DownloadSize + InstallSize bytes available to successfully install a software update. In macOS, execute the ScheduleOSUpdateScan command to update the results that this command returns. In iOS and tvOS, the list only contains the latest available updates.

Requires Addigy MDM
Requires iOS 9.0+, macOS 10.11+, tvOS 12.0+
Available via GoLive for iOS > Updates or Addigy API

Apple Developer Documentation

Get a list of available OS updates for the device.

Requires Addigy MDM
Requires iOS 9.0+, macOS 10.11+, tvOS 12.0+
Available via GoLive for iOS > Updates or Addigy API

Apple Developer Documentation

Schedule an update of the OS on the device.

Requires Addigy MDM
Requires iOS 9.0+, macOS 10.11+, tvOS 12.0+
Available via GoLive for iOS > Updates or Addigy API

Apple Developer Documentation

Get the status of OS updates on the device.

Requires Addigy MDM
Requires iOS 9.0+, macOS 10.11+, tvOS 12.0+
Available via GoLive for iOS > Updates or Addigy API

Apple Developer Documentation

Enable Lost Mode

This command allows the server to put the device in MDM lost mode, with a message, phone number, and footnote text. A message or phone number must be provided.

Requires Addigy MDM
Requires iOS 9.3+
Requires Supervision
Available via GoLive > Device Status

Apple Developer Documentation

Lost Mode Location

Request the location of the device when in lost mode.

Requires Addigy MDM
Requires iOS 9.3+
Requires Supervision
Available via GoLive > Device Status

Apple Developer Documentation

Play Lost Mode Sound

Request the location of the device when in lost mode.

Requires Addigy MDM
Requires iOS 9.3+
Requires Supervision
Available via GoLive > Device Status

Apple Developer Documentation

Disable Lost Mode

Take the device out of lost mode. Erasing a device also disables Lost Mode. To reenable Lost Mode, the MDM server stores the device’s Lost Mode state before erasing it, and restores that state if the device enrolls again.

Requires Addigy MDM
Requires iOS 9.3+
Requires Supervision
Available via GoLive > Device Status

Apple Developer Documentation

Lock Device

Remotely and immediately lock a lost device. You can display a message and phone number on the Lock screen if the user has set a passcode for the device, it isn’t a shared iPad device, and it isn’t in Lost Mode. In macOS, this command uses the Find My framework to lock a device, and fails if there’s no recovery partition on the device.

Requires Addigy MDM
Requires iOS 4.0+, macOS 10.7+
Allowed in User Enrollment: iOS Only
Available via GoLive > Device Status, Devices Page, and Addigy API

Apple Developer Documentation

Wipe Device

Remotely and immediately erase a device. This command allows the server to immediately erase a device, even a locked device, without warning the user. The device sends a response to the server, but it doesn’t retry if it isn’t successful the first time.