NanoMDM for small Mac fleets

NanoMDM is implemented as a minimal Go HTTP MDM server with built‑in support for MySQL and PostgreSQL storage backends and official Docker images published to GHCR. github.com The recent case study frames NanoMDM as a practical choice for fleets under 50 Macs and highlights the zero per‑device licensing model—costs shift to the host VM, storage, and bandwidth instead of per‑seat fees. sesamedisk.com Operational setup requires an Apple MDM push (APNs) certificate, a SCEP server for device identity, and an external TLS terminator such as Nginx or Caddy because NanoMDM does not provide built‑in TLS termination. sesamedisk.com Automated enrollment is supported in the sense that ADE/DEP‑style enrollments can be accepted, but NanoMDM does not expose the DEP API for managing ADE programmatically and it accepts MDM commands as raw Plist payloads rather than a JSON command layer. github.com The project ships utilities to help: a Python command generator (cmdr.py) for creating Plist commands and a micro2nano migration toolset to translate MicroMDM JSON workflows into NanoMDM’s API for migration scenarios. github.com Certificate lifecycle and upkeep are explicit operational responsibilities—APNs push certificates require renewal (commonly annually) and recent NanoMDM releases added APNs expiration visibility when uploading certificates to help avoid unnoticed outages. learn.microsoft.com NanoMDM exposes HTTP APIs for queuing commands, webhooks, and a migration endpoint that enable scripting of enrollment and post‑enrollment tasks, but the review notes those integrations replace a graphical console with code‑driven automation. sesamedisk.com