Mac Management


Why are you managing our Macs now?

The goal of the Endpoint Management project is to ensure the safety and security of the University, our staff and students, and our data.
Managing Mac devices with a centralized management tool provides us with the technology to implement and maintain those safeguards.

What impacts will this have on my device and day-to-day use?

The Mac Management program is built around 5 keys:

·         A strong password is being used

·         Data is encrypted

·         Security tools are installed (SentinelOne and Qualys)

·         Operating System is kept up to date

·         Can be wiped remotely if device is lost or stolen

By focusing on these 5 keys, there should be little to no impact on your day-to-day use.
If you have any questions or concerns, please speak with your (IST) Faculty Account Representatives | Academic Support Computing Representatives.

Will you be monitoring my actions on my Mac?

While the device is being managed, logs and scan data will provide admins with information about your device in accordance with the official guidelines.
For more information, see Campus computing and network | Information Systems & Technology (

Am I still a local admin on my Mac?

Yes, we will not be making any changes to your access on the Mac.

Can I still use my old Mac device?

Apple ties their OS compatibility to specific hardware models. Older devices fall out of support and no longer receive security updates.
These devices pose a security risk to our environment and should be refreshed and/or disposed.
For more information, see macOS version history - Wikipedia or speak with your (IST) Faculty Account Representatives | Academic Support Computing Representatives.

The application I want isn’t available in the Company Portal. Can I still install it from the internet?

Common applications that are utilized by a large number of staff can be requested to be added to the Company Portal via a UWaterloo Help Portal - Jira Service Management ( ticket.
All other software should follow our existing software purchasing/installation guidelines. For more information, see Software - IST Knowledge Base - Confluence (

Should I join my Mac to the Nexus domain?

Currently, it is not recommended to join your Mac to the Nexus domain. In addition, existing domain joined devices should be unbound and their account be converted from a mobile to a local account on the Mac.
Shared or Kiosk style Mac devices may remain domain bound to simplify account access and creation.