>> macos enterprise dashboard
Compliance posture on a managed Mac is invisible by default. You can't see it from a dashboard. You can't feel it. The machine either meets the controls or it doesn't, and finding out requires running fifteen separate terminal commands, reading their output, and knowing what each result means. Most people don't do this. So most machines drift.
The macOS Enterprise Dashboard is a two-part tool that makes that posture visible. A lightweight Python agent — no dependencies beyond the standard library — runs locally and collects the data. A single HTML file reads from it and renders the result as a live compliance report in a browser tab. No build step. No cloud. No account.
The agent runs on port 38764, strictly localhost. It collects once on startup, then refreshes every five minutes in the background. Without sudo it gives a useful partial picture. With sudo it unlocks the full view: MDM enrollment, SSH status, installed configuration profiles, user account details. The split is deliberate — partial data is still better than none.
The fourteen checks
Eight security controls: FileVault, SIP, Gatekeeper, Application Firewall, firewall stealth mode, automatic security updates, critical update auto-install, and automatic update checks. Four identity and access controls: SSH disabled, auto-login disabled, screen lock with password, and screen lock delay under five minutes. Two MDM controls: enrolled and supervised.
Each check carries a CIS Benchmark reference — Level 1, macOS. Each failure surfaces an exact remediation command inline. Not a link to documentation. The command itself.
The compliance score is straightforward: passed checks divided by total checks excluding unknowns. Above 80 is green. Above 55 is amber. Below that is red. Unknown checks — SIP inside a VM, MDM without sudo — are excluded from the denominator rather than counted as failures. The score reflects what is actually verifiable.
Graceful degradation
If the agent is not running, the dashboard falls back silently to embedded sample data representing a fully managed Mac. A pulsing dot in the header tells you which mode you are in — green for live, amber for sample. The dashboard always works. There is no error screen.
The sample data is not a placeholder. It is a realistic model of a managed MacBook Pro M3 Pro, enrolled in MDM, connected to a corporate Wi-Fi network, with six configuration profiles, three local users, and one pending update. You can use it to understand the tool before running the agent.
What it actually shows
The right sidebar covers device management, network state, and system certificates. MDM enrollment status and installed profiles. Each network interface with IP and SSID. Every certificate in the system keychain with days remaining until expiry — green above 60 days, amber below, red if already expired.
Certificates are the thing that fails silently until it is too late. The dashboard shows you before that point. That is the same logic behind all fourteen checks: the machine is either in a known state or it isn't. The cost of not knowing is always higher than the cost of looking.
One HTML file. One Python file. Fourteen checks. The entire compliance picture of a managed Mac, without MDM console access, without a vendor, without waiting.