Hexnode MDM — Device Management
Basic Information
| Field | Value |
|---|---|
| Category | Infrastructure |
| Owner | Artem Ryzhkov |
| Deputy | Tomáš Pohorelý |
| SLA | 8x5 |
| Deployment | Cloud (SaaS) |
| URL | https://etnetera.hexnodemdm.com |
Description
Hexnode MDM (Mobile Device Management) is the central platform for managing Mac and Windows devices for approximately 120 employees. It handles enrollment, security policy enforcement, app distribution, and remote management.
Managed devices:
- macOS (Intel + Apple Silicon) — enrollment via Apple Business Manager DEP
- Windows — enrollment via Windows Autopilot or Hexnode enrollment URL
- Total: ~120 active devices
Key features:
- Device enrollment and de-enrollment
- Configuration profile distribution (Wi-Fi, VPN, certificates, email)
- App installation and management (VPP, silent MSI/PKG installs)
- Security policies (FileVault, BitLocker, screen lock password)
- Remote Wipe and Remote Lock
- Device inventory (HW specs, OS version, free storage)
- Apple Business Manager integration (VPP token)
Access and Login
- URL: etnetera.hexnodemdm.com
- Login: admin account (stored in Passbolt) or SSO
- Access: Artem Ryzhkov, Tomáš Pohorelý (read/manage), L1 team (read only)
Procedure — macOS Device Enrollment (DEP/ADE)
For new Macs purchased through ABM (automatic enrollment):
- Employee starts the Mac → Setup Assistant
- Connect to Wi-Fi or Ethernet
- MDM enrollment happens automatically — Hexnode profile installs
- After Setup Assistant, assigned apps begin installing
Automatic steps after enrollment
After successful enrollment, Hexnode automatically:
- Installs required apps (ESET, FortiClient, Passbolt Browser Extension…)
- Applies security profile (FileVault, screensaver lock, firewall)
- Configures Wi-Fi profiles (corporate SSID with certificate)
Procedure — Remote Device Wipe
Warning
Remote Wipe is irreversible. All data on the device will be erased. Only perform after manager confirmation or in case of theft/loss.
- Hexnode → Devices → find the device (by name or user)
- Click device → Actions → Wipe Device
- For Mac: select wipe type (Erase All Content → activates Activation Lock bypass)
- Confirm — command is sent on the device's next internet connection
Troubleshooting
| Problem | Solution |
|---|---|
| Device not showing in Hexnode | Verify network connectivity; check ABM MDM server assignment (for DEP devices) |
| App not installing | Check group assignment; verify VPP license; force check-in: Actions → Sync |
| MDM profile cannot be removed | Profile is supervised — can only be removed via Hexnode or factory reset |
| FileVault recovery key missing | Hexnode stores escrow keys: Device detail → FileVault Recovery Key |
| Remote wipe not working | Device must be online; if offline — command queues and executes when connected |
Related Guides
- Apple Business Manager — DEP enrollment and VPP
- Onboarding — macOS MDM Enrollment — procedure for new employees
- ESET Protect — AV distributed via Hexnode
Contact
- Owner: Artem Ryzhkov — Slack
@artem/ artem.ryzhkov@etnetera.cz - Deputy: Tomáš Pohorelý — Slack
@tomas - Device issues: Slack
#it-help