Skip to content

v2025.10

Latest
Latest

Choose a tag to compare

View all tags
@np5 np5 released this 02 Oct 08:53
· 29 commits to main since this release
v2025.10
5726dc2
This commit was signed with the committer’s verified signature.
np5 Éric Falconnier
SSH Key Fingerprint: caZLtfcZk5+yUY6p8/I/gvcBHQPFGI9xV3ySYnFYUuY
Verified
Learn about vigilant mode.

What's new?

Managed DDM asset for ACME & SCEP certificates

A new MDM artifact type is available: Certificate Asset. With this artifact, Zentral can manage the DDM declarations and credentials required to distribute a device or user certificate via DDM. It leverages the ACME and SCEP issuers, with their different integration backends (SCEP static challenge, Microsoft & Okta dynamic SCEP challenge, …). This can be used in every DDM configuration that references a com.apple.asset.credential.acme or com.apple.asset.credential.scep asset. You can for example combine this artifact with a Configuration artifact to put a com.apple.configuration.security.identity on the devices.

Our official Terraform provider has been updated to support this new artifact type. You can find in the docs a configuration example for an Okta device certificate, with dynamic SCEP challenges and device & user information variables.

Dynamic auto admin passwords

Before this release, Zentral could only set a global password for the automatically created admin accounts during ADE. With this release, a password is automatically generated for each device. It is encrypted and stored in the device record. An API endpoint is available to retrieve this password. An audit event is generated every time the password is decrypted in the GUI or the API, with the usual Zentral event metadata (user agent, service account or user, ip, time, …). A MDM command can also be automatically scheduled with a configurable delay to set a new password.

Other notable changes

Enrolled device & user records now keep track of the last IP used by the MDM daemon & agent. The last IP is included in the API responses. The MDM managed users have also been added to the enrolled device responses.

The ADE skip keys and DDM declaration definitions have been updated with the latest release of the apple/device-management repository.

Bug fixes, upgrade

Before you upgrade, do not forget to read the CHANGELOG and verify the backward incompatibilities. If you encounter any problem during the upgrade, contact us via email or in the #Zentral macadmins Slack channel.

Assets 2
Loading