This hasn’t been asked in a while, and I really loved reading the last discussion so I’m hoping to kick it off again and see what has changed!
What I’d like to know is:
- What specific products do you wish you could host on your own infrastructure, but the product does not offer such a deployment method
- Do you or would you use the product without being able to self-host? I.E. In its current state
- Do you think your employer, if any, holds the same opinions?
Any MDM solution. All self-hosted options that were available (onemdm, flyve) are dead. I’m my own employer, so we definitely agree everything should be self-hosted :)
Sadly, there will never be a truly self-hosted solution given how the devices in question rely on Google, Samsung, Microsoft or Apple servers to be active and available on initial enrollment. The control plane can be on-prem, but the actual enforcement is done through built-in management APIs that depend on external services.
That said, I created my own zero-cost MDM solution by leveraging Android Enterprise APIs along with Samsung Knox. There’s no pretty UI though - everything is done through API calls using Postman. Enrollment is achieved by scanning a QR code on the device’s first boot. I’m managing ~450 Samsung tablets and a dozen mobile phones using this approach.
hmm, for Apple a MDM Push certificate is the link between the two, for Google the managed play store, neither of these have a “requirement” for a SaaS solution.
both of these are just to connect the device to the MDM platform via a “managment profile” (waves hands), the settings and enforcement is all on the MDM platform.
A very long time ago (the days of the 3G) I had an internal web server that hosted iPhone configuration profiles, it was very (very) “basic”
Granted this is only for Apple (and with a last commit in 2022 might be dead) but is useful for showing what part connects where to do what.
I own a small business, 20-30 devices only. But they’re a mix of all possible platforms (Windows, MacOS, Android, iOS). Would like to force disk encryption, strong password policy, automatically install/update/configure corporate VPN/mail/etc., prevent use of blacklisted programs, remote wipe of lost/stolen/otherwise compromised devices. I know it’s not feasible with any selfhosted solution, sadly.