alex123

My main problem with many MDM tools is that they often aren't architected securely.

Ask yourself the question, if my MDM provider gets hacked (just like Solarwinds did), what's the worst that could happen?

For many MDM providers, the answer is:
- They can execute arbitrary code on any machines,
- impersonate your CEO,
- install crypto ransom and
- exfiltrate all your data

I wish more MDM providers would offer something along these lines:
- MDM providers should ideally avoid running agents on end-machines, and instead rely on the macOS framework to deliver configuration.
- If you are running an agent, that agent should be bootstrapped with a certificate signed by the organisation, and the private keys shouldn't be available to the MDM provider. Every payload/config push should be signed, and any agent software update should be cross-signed by the organisation and the MDM provider.
- That way, if the MDM provider is hacked, they cannot run arbitrary code and they cannot ship malicious updates.
- Code for any agent should be open-source.