TL;DR
Mention the code JONBROWN when you ask for a demo or start a 30-day trial and enjoy 5% additional off your first year of annual service.
What are you waiting for? Sign up for a trial or demo of Bravas.io today!
True Secure ZERO Touch Enrollment with Bravas.io
We all know that all MDM’s out there can handle ZERO Touch enrollment. At least any of them worth their salt. Bravas.io is great because it handles the concept of ZERO trust in a secure and somewhat different way than normally approached.
In most MDM’s they associate a device with a user via an assignment based manner. In short you logged into the MDM, and you find the user or device and you associate those devices to a user and in doing so when the user opens the computer, it reaches out to the MDM and configures the computer based on the user and device configurations.
All in all this is a classic and easy approach to the method used by most MDM providers. Bravas.io has this but adds a bit more security. Now you may be asking, why more security, isn’t a user associated to device method secure? An attacker wouldn’t know what user a computer is associated with, right? Partially right. If you associate a user to a device in the MDM only the administrator at that time may know that association, however when the device is shipped lets think about what happens if the device is intercepted in transit.
In that situation when its turned on, the device will enroll, create the user account and then prompt the attacker to login to the account thus exposing the name of the user to an attacker. Now there are compensating settings or controls to avoid this like only showing the username and password prompt etc.. but still it makes it easier for an attacker to attempt to reuse or deduce the user on the device.
What Bravas.io does here changes the game. Instead of a simple user and computer association it creates an enrollment code. The code is only known to the recipient and forces an attacker to enter this to proceed with the setup of the device. The code allows for a level of security thats required to validate and verify that the user getting the device is the one that was meant for them and them alone.
Very few MDM’s approach verification, validation and this additional security step during enrollment which is amazing for organizations that are looking for that level of protection.
Groups, Applications and more!
In addition, Bravas.io doesn’t necessarily provision information on a device using set device or user configurations. You may be scratching your head on this one. Doesn’t Bravas.io have the concept of a profile or configuration. Yes, they absolutely do but they are coupled with the concepts of groups. Whats amazing with Bravas.io is that you can have apps, user account provisioning, SSO provisioning, etc.. all associated with set groupings. These groupings allow for the ability to deploy a set of apps and configurations.
Whats amazing with Bravas.io is that you can associate multiple groupings of apps and configurations to a user and thereby to the associated device. Many MDM’s have concepts called “Smart Groups” and you can add devices or users to a group based on a set of critera. This is great for Static policies it allows some level of dynamic or a dynamic approach to deploying a set of policies.
Bravas.io takes this concept and turns it on its head by creating stackable groups that are closer to real world, in the real world you may have the Helpdesk group with access roles, apps and settings for that group of computers AND users. If a user moves from Helpdesk to be promoted to Systems Administrator you move that user to that group and access is revoked, new access is setup and old apps are removed and new apps are automatically deployed. Doing all that with a single smart group in most MDM’s would be near impossible or very complex. In Bravas.io its a snap.
On that note you can also stack multiple groups you can have a user in many groups which merge settings, user accounts and app deployment. Super slick!
User Provisioning with Hardware Token, or Key!!
One of the best parts of Bravas.io is that you can associate a token, a key or hardware key to a user for authentication at the user level. What this does is it allows for passwordless authentication on the users first day. For organizations looking to stop using or deploying sensitive passwords this is a game changer.
Upon provisioning, the key is loaded on the computer, and the user is walked through the process of setting up their token or key during their onboarding experience. I haven’t seen a single MDM that offers this feature in the way that Bravas.io has implemented it. The key, token or hardware token is associated with the user in the MDM. Because of this additional security is needed, you have to protect that key now we know why Bravas.io uses that code based enrollment, it has to protect the installation of that secret token.
This is an entirely different approach to MDM, because not only is it an MDM but here’s where the power of its IDP back-bone comes into play. Very few MDM’s can offer this level of security because a simple MDM alone is not sufficient enough to deploy a passwordless configuration for Google Apps they need to also act as an Identity Provider that can create, and issue those keys to the cloud system.
Takeaways
Setting up and configuring ZERO Touch in Bravas coupled with groups, its back-end IDP allows for a deployment that is so easy and logical. You assign the device to the user by creating a user enrollment code. You associate the groupings of apps and configurations to the user and finally you turn on the computer and allow the computer to pull down all the items associated with the user and now the device is setup.
This is not a device centric approach which is where most MDM’s fall down, this is a user based approach to setup and thats how non technical people think. All they know is they have an employee and they need stuff. Bravas.io really has done a great job getting into the mindset of the business owner. If your looking for an MDM that allows for easy use that anyone can master give Bravas.io a try!
AI Usage Transparency Report
AI Era · Written during widespread use of AI tools
AI Signal Composition
Score: 0.2 · Moderate AI Influence
Summary
Bravas.io is a unique MDM solution that offers a user-centric approach to device management, including zero-touch enrollment with an additional layer of security through code-based enrollment and hardware token authentication.
Related Posts
Reviewing Bravas.io - Roll your own Cloud MSP like Electric.ai
When inquiring about a demo or starting a 30-day trial, please mention the code JONBROWN to receive an additional 5% discount on your first year of annual service. This offer is exclusive to new customers and can be applied at the time of sign-up. The discount will be automatically reflected in your account upon activation of the annual plan.
Reviewing Bravas.io a breakthrough new MDM and IDP for Mac, Windows and iOS!
When inquiring about a demo or starting a 30-day trial, please mention the code JONBROWN to receive an additional 5% discount on your first year of annual service. This offer is exclusive to new customers and can be applied at the time of sign-up. The discount will be automatically reflected in your account upon activation of the annual plan.
Discovering Mole: A Command Line Utility for Mac Cleaning
Caches pile up, apps leave behind junk, and disk space slowly disappears. While there are plenty of GUI tools out there, most of them either lack transparency or feel overly bloated.
Introducing Pique - The Game-Changing Quick Look Plugin for Mac Admins
As a Mac admin, I'm always on the lookout for tools that make my life easier and more efficient. Recently, I stumbled upon Pique - a brilliant Quick Look plugin created by Henry Stamerjohann that allows you to view file contents in a syntax highlighted way.
ABM Warranty 0.4.1 Walkthrough: Wrap-Up and Beta
In this final ABM Warranty 0.4.1 walkthrough, I’m wrapping up the last features I had not covered directly in the earlier videos and then focusing on support, community, and the beta program. I also want to show where the support resources live inside the app so you know where to go if you need help, documentation, or a way to send useful feedback. Additionally, I'll be covering some of the key features that were updated since the previous version, including any bug fixes or improvements made to existing functionality.
ABM Warranty 0.4.1 Walkthrough: Managed Preferences
In this part of the ABM Warranty 0.4.1 walkthrough series, I'm focusing on managed preferences and the credential packaging workflow. In the last video, I covered multiple credentials inside the app itself. In this one, I'm showing how to package those credentials so they can be deployed securely through MDM. This process is a crucial step in ensuring that your credentials are properly configured and protected within your organization's mobile device management system.
Low Profile Walkthrough and Review
Today I’m walking through Low Profile, a utility from Nindi Gill that I use when I want to inspect profiles already installed on a Mac and figure out whether those profiles contain issues I need to clean up. The value is that Low Profile gives me a straightforward way to inspect profiles installed on any Mac. This simplicity makes it easy for me to identify and address potential problems, which is especially useful when working with multiple machines or troubleshooting complex profile configurations.
ABM Warranty 0.4.1 Walkthrough: Multiple Credentials
In this part of the ABM Warranty 0.4.1 walkthrough series, I’m focusing on multiple credentials. In the first video, I showed the basic setup and how to add a single credential. Now, I want to explore what happens when I remove a credential, what changes occur when I add more than one, and how the app behaves once there are multiple contexts in play. This will help clarify any potential issues or inconsistencies that may arise with multiple credentials.
QuickPKG Walkthrough and Review
I use QuickPKG when I need to turn an application, DMG, or ZIP file into a package quickly without wasting time in a heavier packaging workflow. This post follows the same path as my video: what QuickPKG is, where to get it, how I run it, what a simple packaging example looks like, and where I think admins need to be careful about potential pitfalls that can arise from using this tool.
