We expect many Enterprise Edition users to upgrade from our previous flagship version, the Business Edition.

The Enterprise Edition differs in the deployment and management procedures, with a particular emphasis on the new Management Portal, which enables you to apply and quickly change policies to groups of Parallels Desktop users and control and monitor Parallels Desktop virtual machines in your environment.

You can convert your existing Parallels Desktop for Mac Business Edition to an Enterprise Edition one by contacting your Parallels sales representative for purchase and further instructions. Make sure to communicate to them whether your setup uses per-device or per-user licensing, as the upgrade procedure differs slightly between these two setup types.

It is important to know that converting your Business Edition license to an Enterprise Edition one will not require you to reactivate your existing installations, move users to new groups, or redeploy your existing setup.

Once you convert your license to Parallels Desktop for Mac Enterprise Edition, your local Parallels Desktop for Mac installations will retain their assigned security policies until you set up different policies using the Management Portal, following this section of the guide.

Parallels Desktop Enterprise Edition is a version of Parallels Desktop specifically designed for organizations with a large number of Parallels Desktop installations and virtual machines. Its main goal is to simplify the deployment, monitoring, and management of large, dynamic fleets of virtual machines in organizations with highly diverse needs.

The main feature of Parallels Desktop Enterprise Edition that enables granular management is the Parallels Management Portal. Read about it in this section of the guide.

To prepare the autodeploy package, you need to add the following required and optional components to it:

• Parallels Desktop installation image (optional).

• Parallels Desktop Business Edition license key (required, unless you are using "Activation using corporate account (SSO)").

• One or more virtual machines (optional). The user can later install or download a virtual machine via the link in a configuration profile.

• One or more Windows application stubs (optional). Stubs are special links to Windows applications installed in a virtual machine that can be added to the Dock in macOS during deployment.

• You can also configure deployment options according to your needs by modifying the configuration file included in the autodeploy package.

You will have to take the following steps:

1. Download the Autodeploy package, which comes in a ZIP format.

2. Unarchive it.

3. [OPTIONALLY] Populate the folders with specific installation images and virtual machines.

4. Set the deployment preferences to your liking by amending the deploy.cfg file.

5. Transform the resulting folder into an installable package ready for deployment.

The subsequent sections describe how to add the necessary components and how to configure autodeploy package options.

Parallels Desktop Enterprise Edition can also be deployed to Mac computers using Mac management tools, including, but not limited to:

• Jamf Pro

• Microsoft Intune

• Kandji

• Apple Remote Desktop (ARD)

• IBM Endpoint Manager

• Mosyle

• Addigy

• Munki

• VMware Workspace ONE

This chapter includes detailed instructions on how to deploy Parallels Desktop using Jamf Pro. For instructions on how to use other tools, please see their respective documentation.

There are three main ways to install Parallels Desktop: manually, via email invitations, and as part of a mass deployment procedure.

As an organization, you can choose what type of license you want to use: a per-device one where you activate each individual installation with a product key, or a per-user (available later in Fall 2024) one that requires signing in with SSO.

To learn more, we suggest that you read Parallels Desktop Licensing Guide

Manual Installation

1. Download the installation image from here;

2. Use your license key from your My Account dashboard to activate.

Installation via Email Invitations

You can invite users to install Parallels Desktop directly by sending out group emails. Do the following:

1. In your My Account dashboard, go to the Parallels Desktop Enterprise Edition card and click on Invite Users;

2. Choose one of the license keys/subkeys available for the product and click Next;

3. Fill out the fields in the invitation window:

   1. Choose the language of inviation;

   2. Set the expiration (between 3 days and 1 month);

   3. Add individual email addresses to the group using the Add button, or use the Select File button to add a CSV list instead;

   4. Click Send Invitations.

As a result of this procedure, your users will receive an email that looks like this:

Mass Deployment of Parallels Desktop

To learn about the mass deployment procedure using MDM solutions, refer to this section of the guide.

When you purchase a Parallels Desktop Enterprise Edition license, you must register it with a Parallels Business Account to activate Parallels Desktop installations with it.

To create a Parallels Business Account, go to this page and select the I am a new user option. Once you log into your customer dashboard, select the Register Key option in the top-right corner. Enter your purchased key, add a display name, and click Register.

The key will appear in your dashboard, and you can proceed with the deployment process.

Once your Parallels Desktop for Mac Enterprise License is registered in your Parallels Business Account, you can proceed to set up and configure your Parallels Management Portal where you can dynamically change user group policies and monitor virtual machines. Access it by clicking the following button:

Learn more about the Parallels Management Portal in this section of the guide.

This section explains everything you need to know to start using Parallels Desktop Enterprise Edition as quickly as possible.

You can read about each individual step in the respective chapters of this section, but the overall outline is:

1. Register your license using your Parallels Business Account.

   Your license must be registered to a Parallels Business Account before it may be used to activate Parallels Desktop. Registration is critical to:

   • Protect the ownership of your license.

   • Unlock features that make the lives of IT administrators easier.

   • Access Premium Support and get visibility into your open tickets;

2. Download the latest version of the Parallels Desktop installation image;
3. Install Parallels Desktop Enterprise Edition, following one of the ways outlined in this chapter;

4. Create and configure a virtual machine golden image, complete with all the required software and settings, and upload it to an accessible location that allows direct file links;

5. Deploy Parallels Desktop for Mac using one of the methods described in the respective chapter;

6. Make use of the main advantage of Parallels Desktop Enterprise Edition, the Parallels Management Portal, as outlined in this section of the guide.

Should you experience any unexpected difficulties setting up Parallels Desktop Enterprise Edition, contact our support team.

Regardless of how you choose to deploy Parallels Desktop to your end users, you will need to provide them with virtual machines to run. Parallels Desktop for Mac Enterprise Edition accepts virtual machine images in a packed .pvmp format. To create such an image:

1. Using your own Parallels Desktop setup, create a Parallels virtual machine, install the operating system in it, pre-install the software that your users may need, and otherwise configure the virtual machine according to your requirements. Note that if your organization has both Apple silicon and Intel Macs, you need to create a separate virtual machine for each processor architecture. For the list of supported operating systems, please visit https://www.parallels.com/requirements/. Note: Boot Camp-based virtual machines, archived virtual machines, and linked clones cannot be used for deployment.

2. If your virtual machine is running Windows, you may need to use Sysprep to strip it of installation-specific information such as the SID (Security Identifier), GUID (Globally Unique Identifier), and other identifiers before deploying it. Follow the directions from this KB article.

3. Make sure the virtual machine is shut down.

4. If your virtual machine has snapshots, it is recommended that you remove them. This will significantly reduce the virtual machine size. Moreover, these snapshots may be unusable on another computer because of hardware differences.

5. When the virtual machine is ready, it needs to be packed as a .pvmp file before you make it available for download to your users. To pack it:

   1. Open the Parallels Desktop Control Center;

   2. Right-click on the virtual machine that you want to transfer and select Prepare for Transfer. Parallels Desktop will start packing the virtual machine. This process may take some time, depending on the virtual machine size;
   3. Once the .pvmp package is created, you can right-click it and choose to show where it is stored in the Finder;

   4. An SHA-256 checksum for the virtual machine package is calculated automatically and saved as a .txt file in the same folder. You will need it later during the deployment process. You can also calculate the checksum by executing the shasum command.

Uploading the Image

Once you have a virtual machine saved as a .pvmp archive, upload it to the server from which Parallels Desktop users can download it to their Mac computers via HTTPS. The link must:

• Be available to all your end users without extra authentication;

• Lead directly to the virtual machine package file ending with .pvmp.

For example, a typical link to a file shared via Microsoft SharePoint has a structure that does not meet the requirements:

https://domain.sharepoint.com/:u:/g/personal/{user_name_company_name}/EX7k5IgeC53PsvTvVAvwqcLBH7cOc_q6kzLY-rtEZ8kNRA?e=biTI9C

Therefore, your task as a system administrator is to implement an alternative solution. We suggest that you make the virtual machine image files available only inside your corporate network and require off-site users to establish a VPN connection to it.

A Parallels Desktop for Mac license key is required to activate Parallels Desktop on target Macs. The key must be specified in the autodeploy package.

You can find the primary key in your Business Account customer area as described in . There, you can also issue secondary keys that we recommend to use for activation.

To specify the license key:

1. In the autodeploy package, expand the Parallels Desktop Autodeploy > Scripts > License Key and Configuration folder.
2. Open the deploy.cfg file in a text editor.

3. Find the License section (second from the top) and enter your Parallels Desktop Business Edition license key as a value of the license_key variable. The key must be supplied in the following format: "XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX" (including quotes and dashes).

4. Save the deploy.cfg file.

In large organizations with multiple Macs, there may be groups of Parallels Desktop users with very different needs in terms of capabilities and restrictions, from a software engineer who develops for multiple platforms and needs a dozen virtual machines to test every possible scenario to a back-office staff who would benefit the most from .

The best way to maintain flexible arrangements is by creating user groups, each of which would require a sublicense. To create a user group, follow these steps:

2. In your Parallels Desktop Enterprise Edition card, click on the Subscription Renewal line;

3. Scroll down to the License Keys card and click Create License Key in its top-right corner;

4. Click on the key name at the top and change it to reflect the name of the group;

5. Assign a maximum number of Parallels Desktop installations available with this license key, select the key type, and click Save.

To invite users to install Parallels Desktop via email:

1. Log in to your Parallels account at .

2. On the Dashboard page, locate the Parallels Desktop for Mac Business Edition product card and click the Invite Users button.
3. In the dialog that opens, select a license key that you want to use to activate Parallels Desktop on users' computers and click Next.

4. In the Invite Parallels Desktop Users dialog, specify the following options:

   • Language of Invitation: Select a language for the instructions in the invitation email.
   • Invitation Expires in: Use the drop-down list to select when the invitation should expire. After it expires, the temporary activation code included in it will no longer work.

   • Email address: Type a user's email address and click Add. Repeat for all intended users. You can also specify a CSV file containing email addresses of your users. The CSV file must contain a single column (a valid email address) with multiple rows (one email address on each row). Please note that if the number of users included in this list exceeds the number of available licenses for the specified key, the activation of Parallels Desktop will happen on a first-come, first-served basis.

   • The Download Invitations button allows you to save the invitation email information to a CSV file. The information includes email addresses that you specified, a temporary activation code (generated individually for each user), and the Parallels Desktop download URL (also generated individually for each user). You can use the information in the downloaded file to create your own invitation email or to answer helpdesk questions, should any arise.

5. Click Send Invitations to send the email to users.

The invitation email that the users receive contains the following information:

• Installation instructions and a link from which a user can download the Parallels Desktop installation file.

• A temporary activation code. The code will be used automatically when a user installs Parallels Desktop on their computer. If for any reason automatic activation fails, the user can use the code included in the mail to manually activate Parallels Desktop. Please note that this is not the actual license key that you selected when you created the invitation email. This is only a temporary activation code with a limited scope and duration. The real license key is never shown to your Parallels Desktop users.

Once the users have installed and activated Parallels Desktop on their computers, you will be able to see the list of active installations in your Parallels account.

Setting Up a Virtual Machine

Once Parallels Desktop is installed on a Mac computer, the user needs to set up a virtual machine to run Windows on their Mac. This can be accomplished using one of the following methods:

• A user can create and configure a virtual machine and install Windows in it manually.

• An administrator can prepare a virtual machine and put it on a corporate network storage from where users can download it to their computers.

By default, you can skip this step and allow the Autodeploy package to simply download the latest version of Parallels Desktop installation image from the Parallels Server.

However, if you wish to include a specific build in the package, open the Parallels Desktop DMG folder and copy the Parallels Desktop installation image file to it (the .dmg file). If you don't have the file, you can download it from .

The package should now look like this:

Please note that the Parallels Desktop installation image file name on the screenshot above is just an example. In your case, the file name will also include the current build number information.

If you haven't already, use the link below to download the Parallels Desktop Autodeploy Package directly to a Mac computer.

.

The autodeploy package archive contains a folder named "Parallels Desktop Business Edition mass deployment package vxxx", where "vxxx" is the autodeploy package version number.

The folder contains the following files:

• Changelog.txt — contains a record of changes that were made to the autodeploy package over time.

Read on to learn how to add the necessary components to the autodeploy package.

When you want to distribute pre-configured Windows virtual machines to your users, you may need to manage those machines granularly: enroll them into domains, activate Windows licenses, differentiate PC names, enforce specific policies, enable company-wide licensing tools, etc. All that and more can be achieved with the help of Microsoft's Sysprep utility. To learn more, refer to this article.

Parallels Tools is a collection of utilities and drivers that vastly improve the virtual machine performance and enable some features that are not available otherwise. Parallels Tools are included with every copy of Parallels Desktop and are highly recommended to be installed in every virtual machine right after an operating system is installed in it. Your source virtual machine should have Parallels Tools installed. For instructions on how to install Parallels Tools, please see https://kb.parallels.com/en/115835.

When preparing a source virtual machine for mass deployment, you may change any of its configuration settings to fit your needs. The following list describes a few common options:

• CPU & Memory. Beginning with Parallels Desktop 17, you can configure a virtual machine to select CPU and memory settings automatically depending on the available hardware resources. This option is preselected for all new virtual machines. To ensure it is selected, open the virtual machine configuration, and select Hardware > CPU & Memory. In the right pane, check that the Automatic option is selected.

• Shared Folders and Profiles. Parallels Desktop offers great flexibility in bridging the capabilities of macOS and your guest operating system by configuring shared folders and profiles. Think over which files and folders you wish to share between the two operating systems and set them up beforehand.

• Enforce USB Device Policies. Specify what types of USB devices can be connected to the virtual machine. See Enforcing USB device policies for complete details.

• Installing Applications. You can install all the necessary applications in the virtual machine before deploying it.

For the complete information about Parallels virtual machine configuration, please refer to the Parallels Desktop User's Guide.

This section describes how to mass deploy Parallels Desktop Business Edition using Mac management tools.

Parallels Desktop Installation Image

To mass deploy Parallels Desktop Business Edition, you will need the Parallels Desktop for Mac installation image file (.dmg) and a Parallels Desktop for Mac Business Edition license key.

You can download the installation image from https://www.parallels.com/products/business/download/.

Parallels Desktop Autodeploy Package

The Parallel Desktop autodeploy package is used to configure the deployment of Parallels Desktop. Download the deployment package here.

Please note that if you already have a configured autodeploy package from an earlier version (or build) of Parallels Desktop, don't use it because it may not be compatible with your build of Parallels Desktop. Always download the latest version of the package from the Parallels website using the link above.

Supported Guest OS Versions

If you are deploying one or more virtual machines together with Parallels Desktop, please keep in mind the differences in supported guest operating systems between Mac computers with Apple Silicon and Mac computers powered by Intel processors. For the latest information, see system requirements at https://www.parallels.com/requirements/.

Kernel Extensions

If your organization's Macs run macOS Mojave or macOS Catalina, their users may need to approve kernel extensions before they can launch Parallels Desktop. For more information, please read the following KB article: https://kb.parallels.com/en/128435.

Choosing the Deployment Method

Adding a virtual machine to the autodeploy package is optional. You can mass deploy Parallels Desktop only and install virtual machines on individual Mac computers later. Consider the following possible scenarios:

• If you are deploying Parallels Desktop on either Apple Silicon or Intel-based Mac computers (but not both at the same time), you can include a virtual machine in the autodeploy package, so it will be installed on a Mac as part of the deployment process.

• The recommended approach is to deploy without any virtual machines in the autodeploy package and instead provision a corporate VM image using a Configuration Profile in Parallels My Account. This method is especially useful when you plan to deploy Parallels Desktop on both Apple Silicon` and Intel-based Mac computers at the same time. For more information, please see Using Configuration Profiles and Corporate VM Image Provisioning.

There are two ways to include a virtual machine in the autodeploy package: as a downloadable link or as a local file manually added to the package. Regardless of which one you choose, take the following steps first:

1. Configure the virtual machine as described in the subsections of this chapter;

2. FULLY STOP the virtual machine by opening Actions in the macOS menu bar and choosing Shut Down. Suspending or pausing it will not suffice;

3. Reduce the size of the selected virtual machine by doing one of the following:

   • Open the Parallels Desktop Control Center, right-click on the virtual machine, and select Prepare for Transfer;

   • Alternatively, open the Parallels Desktop Control Center, right-click on the virtual machine, and select Show in Finder. Right-click on the virtual machine .pvm file and select Compress {vm_name}.

[RECOMMENDED] Including a Virtual Machine as a Downloadable Link

Several popular MDM solutions have been known to experience issues with deploying large packages. As a way to mitigate this, you can amend the deploy.cfg file to include a link to a file share location with the virtual machine file instead of including it in the package. Take the following steps:

1. Upload the compressed file to a permitted cloud storage that would be accessible to all target Macs (e.g., OneDrive or Google Share). Make sure the resulting link is direct and open to all the users affected by the deployment. The best way is to choose Share with anyone.

2. Open the deploy.cfg file in a text editor, same as when specifying a license key, scroll to the Virtual Machines section and add the download link there exactly as described, following the instructions carefully.

[ALTERNATIVE] Adding a Virtual Machine File to the Autodeploy Package

To add a virtual machine to the autodeploy package directly, simply copy the virtual machine file to the Virtual Machine(s) sub-folder that can be found under Bundle > Virtual machine(s) . More than one virtual machine can be added to the autodeploy package if needed.

Read on to learn about modifications that you can make to the virtual machine configuration before adding it to the autodeploy package.

Once you have the Parallels Desktop autodeploy package configured, you can test it on a single Mac before you mass deploy it to other Mac computers in your organization.

To test the package:

1. Copy it to a Mac on which you want to test it. The Mac should have a configuration similar to other Mac computers on which you'll be deploying Parallels Desktop. Specifically, if your target Mac computers don't have Parallels Desktop and virtual machines installed, the test Mac shouldn't have them installed either. If target Macs have an older version of Parallels Desktop, the test Mac should have it installed too, so you can see what the results will be.

2. To speed up the execution of the package during testing, consider running it from the command line using /System/Library/CoreServices/Installer.app. When executed this way, the package will not be tested by macOS for digital signature, and the usual package verification procedure will be skipped. Please note that if you run the package by double-clicking on it, macOS will warn you that the package is not signed and will not install it. If you run the package by right-clicking and choosing Open, the signature check will be skipped but the verification of the package will take a long time if you have one or more virtual machines in it (because of the large size of a typical virtual machine). When you use the Installer.app to run the package, the installation will commence installing immediately, without any checks or verifications. All of the above only applies when you run the package manually. When you mass deploy it on Mac computers, verification is not performed, and the installation is completely silent.

3. When the installation is complete, verify that Parallels Desktop is installed, activated, and is functioning properly. If your package is configured to deploy Parallels Desktop in Single Application Mode, try running the application and see that it starts and runs as it should.

4. Please note that when the package is executed, it writes logs into /var/log/install.log. If you experience issues, examine the logs. If that doesn't help, you can contact for business customers which is available 24/7.

Read on to learn how to mass deploy the package using one of the Mac management tools.

This section contains instruction on how to deploy the Parallels Desktop autodeploy package using the following solutions:

Once you have added all the files to the package and in the deploy.cfg file, it's time to turn the resulting folder into a flat package suitable for deployment via your MDM solution of choice.

Do the following:

1. Inside the Autodeploy Package folder, locate the Scripts folder, right-click on it, and choose Services > New Terminal at Folder. This will open a Terminal window right in the Scripts directory where the build script is located.
2. Launch the package building script by typing the following command and pressing Enter:

E.g.,

This action creates a .pkg file in the destination folder that is ready for distribution.

The autodeploy package contains a special script, which is automatically executed on a target Mac after the package is transferred to it. When executed, the script reads the configuration parameter values from the deploy.cfg file, which you can modify according to your needs.

To modify the parameters, expand the License Key and Configuration folder in the autodeploy package and open the deploy.cfg file in a text editor. The configuration parameters are organized in sections, which are described below.

License

The License section is used to specify the Parallels Desktop Business Edition license key.

Software Updates

The Software Updates section is used to configure automatic updates for Parallels Desktop.

Please note that a configuration profile can be used to control upgrades over major versions of Parallels Desktop. But if the updates_url variable is used (see the table below), then the configuration profile option is ignored. The recommended approach is not to use the updates_url variable and instead, use a configuration profile to enable upgrades when the IT feels confident about the new version.

Help & Support

The Help and Support section is used to specify the action for the Help > Support Center menu item in the Parallels Desktop graphical user interface.

Technical Data Reports

The Technical Data Reports section is used to specify whether Parallels Desktop issue reports should contain screenshots of the macOS and virtual machine desktops. You can exclude screenshots for security reasons.

Customer Experience

The Customer Experience section allows you to specify whether the Macs should participate in the Parallels Customer Experience Program (CEP). The Parallels Customer Experience Program is a feedback solution that allows Parallels Desktop to automatically collect usage statistics and system information that will help Parallels develop new features and updates for future releases. For more information, please see https://www.parallels.com/pcep/.

Security

The Security section allows you to enable or disable the password requirement for a number of Parallels Desktop operations.

User Experience

The User Experience section allows you specify options related to user experience.

When you need to change configuration settings of all virtual machines that are already registered on a Mac computer, you can use the Parallels desktop command-line interface. To do so, you first need to create a script to perform a desired configuration modification. You can then execute the script on a Mac computer using one of the remote Mac management tools described earlier in this chapter.

The following is a script example that disables the auto pausing option for all virtual machines registered on a Mac computer:

for i in $( prlctl list -a --info | grep "ID" | sed 's/.....//;s/.$//' ); do 
  prlctl set $i --pause-idle off 
done

The script above uses the prlctl list command to first obtains a list of registered virtual machines and then (inside the loop) sets the --pause-idle option for every VM to "off", which disables pausing of an idle virtual machine.

The complete command-line reference is documented in the .

Enrolling Parallels virtual machines in Azure Active Directory with Microsoft Intune enables managing and securing your virtual machine environment. To achieve that goal, you will have to create a provisioning package and deliver it to your end users. To learn more about provisioning packages for Windows, follow this link.

Follow these steps:

1. Install Windows Configuration Designer from Microsoft Store or download it directly from the Microsoft website.

2. Once installed, launch it and create a new project following the Provision desktop devices template.

3. Once the project is created, you will see the following page:

At this point, you need to choose a name convention. Once done, click Next and switch to the Set up network tab. There, you need to switch off the setup network toggle and click Next, proceeding to the Account Management page.

4. The following step is important: You need to select the Enroll in Azure AD option and obtain a bulk token.

Here, you need to sign in with your Microsoft Azure credentials. Once you’ve successfully signed in, you’ll see the message confirming the successful receipt of the token.

5. Click Next. Feel free to skip the remaining steps by clicking Next on each one of them.

6. Finally, you need to double-check your configuration summary and ensure everything is correct.

Click Create and memorize the path to the package file.

From this point, you have three possible ways to proceed:

1. Share the package with users who will need to launch it to enroll their virtual machines in Azure;

2. Install the package manually on every machine;

3. Add the package to the installation process as part of the SetupComplete.cmd script, as described in section 5 of this KB article.

Jamf Pro includes the Software Distribution functionality that you can use to deploy the Parallels Desktop package to Mac computers in your organization. To deploy the package, you need:

• Jamf Pro server installed and configured.

• Target Mac computers enrolled in Jamf Pro.

• A distribution point (cloud or file share) configured and be accessible from the target Mac computers.

Adding a Distribution Point

A distribution point is a server that hosts files for distribution to computers. If your Jamf Pro installation doesn't have a distribution point, you need to add one to host the Parallels Desktop autodeploy package.

To add a distribution point:

1. Open the Jamf Pro console and log in to your Jamf server.

2. Click the gear icon in the upper right and then click Server Infrastructure in the left pane.
3. Jamf Pro supports cloud-based (content delivery networks) and file share distribution points. Depending on what is available to you, click the Cloud Distribution Point or the File Share Distribution Points icon. The instructions below are for setting up a file share distribution point. If you would like to set up a cloud distribution point, please consult Jamf Pro documentation for details.

4. After you click the File Share Distribution Point icon, click New.

5. On the General tab page:

   • Type a name for the distribution point.

   • Specify the IP address or the host name of the distribution point server.

   • Select the Use as master distribution point option.

6. Click the File Sharing tab and specify the following:

   • Protocol: Select AFP or SMB depending on which protocol is used on your server for file sharing.

   • Share name: Specify the share name. For example, if your server name is MYSERVER and your full share name is \\MYSERVER\JAMF-SHARE, specify JAMF-SHARE in this field.

   • Port: In most cases the default value is what a given protocol normally uses. If you know that your server uses a different port number, specify it here.

   • Read/Write Account: Specify credentials of an account that has read/write access to the share.

   • Read-Only Account: Specify credentials of an account that has read-only access to the share.

7. If your server supports HTTP downloads, select the HTTP/HTTPS tab and then select the Use HTTP downloads option. Based on our own and other users' experience, HTTP/HTTPS-enabled distribution points are more reliable than AFP/SMB shares, but you can try both options and see which one works better for you.

8. Click Save to save the settings and add the distribution point to your Jamf Pro installation.

Adding the Autodeploy Package to the Distribution Point

To add the autodeploy package to the distribution point:

1. Open the Jamf Admin app on a Mac and log in to your Jamf Pro server.

2. Drag the package to the main repository area (the middle area in the right pane).

3. The package will be uploaded to the master distribution point and will appear in Jamf Admin.
4. You can set other options if needed, such as add a package to a category or change the package priority. Indexing the package is not necessary for the purpose of deploying it on Macs.

5. Close the Jamf Admin when done.

To verify that the package has been added to the distribution point:

1. Open the Jamf Pro console and login to Jamf Pro server.

2. Click the gear icon in the upper right and select Computer Management in the left pane.

3. Click Packages in the right pane. You should see the Parallels Desktop Autodeploy.pkg.zip package in the list.
4. If needed, you can modify the package display name and other settings. To do so, click the package and then click the Edit button in the lower right. Modify any of the settings as you require (except the file name). All settings are optional. If not sure, simply leave them unchanged.

Installing the Package

You can install the package on Mac computers using a policy or you can use the Jamf Remote app that works similar to Apple Remote Desktop. This section contains instructions on how to install a package using a policy. For Jamf Remote instructions, please refer to the Jamf Pro documentation.

Creating a Policy

To create a policy:

1. In the Jamf Pro console, click the Computers tab in the left pane and then click Policies.
2. In the right pane, click New. The New Policy pane loads where you can define the policy.

3. In the General payload, specify the following:

   • Type a name for the policy.

   • Select the Enabled option.

   • Specify a category (optional).

   • In the Trigger section, select one or more events that should trigger the policy retrieval on target Mac computers.

   • In the Execution Frequency drop-down list, select a frequency at which to run the policy. Since Parallels Desktop has to be installed just once, you may select Once per computer or Once per user (to install Parallels Desktop for each user if a Mac has more than one).

   • The Target Drive option allows you to specify the drive on which to run the policy. You would normally use the default option, which will run the policy on the boot drive.

   • Other options in the General payload allow you to configure limitations on when the policy can and cannot run. This includes server-side and client-side limitations. You can specify them according to your needs or you can leave them blank.

4. To specify a package for the policy, click the Packages payload and then click the Configure button in the right pane. The pane will be populated with the list of available packages.

5. Locate the Parallels Desktop Autodeploy.pkg.zip package and click Add.
6. Select a distribution point that contains the Parallels Desktop package. If you select the Specific file share distribution point option, choose the distribution point. If the distribution point is both an AFP/SMB and HTTP share, Jamf will try to use the HTTP option to download the package to target Macs. If needed, you can force it to use the AFP/SMB share by selecting the Force file sharing over AFP/SMB option. Based on our observations, HTTP shares work more reliably in Jamf, but you can try different options if you are experiencing issues with mounting shares on Mac computers during the policy execution.

7. In the Action drop-down list, select how the package should be downloaded and installed on Mac computers:

   • Install — when the policy runs, the package is downloaded and installed on a Mac computer as a single operation. Note that if you have a large number of Macs and the policy runs on all of them simultaneously, all of them will try to download the policy at the same time. For this reason, you may consider the options below to avoid overloading your network.

   • Cache — when the policy runs, the package is downloaded to a Mac computer but is not installed at that time.

   • Install Cached — a policy with this action installs the package that has been downloaded previously using the Cache option. You can use this and the "Cache" options if you are deploying Parallels Desktop on a large number of Macs. First, you "cache" the autodeploy package on each Mac at a convenient time. Once that's done, you run the "Install Cached" policy to install the package, which will be a completely local operation for each Mac. This way, you can ensure that Parallels Desktop is deployed on each Mac at roughly the same time (e.g. on the weekend) without delays.

8. The rest of the payloads are not required for Parallels Desktop package deployment.

9. To specify target Mac computers, click the Scope tab at the top of the pane. You can specify targets by computer name or username (or both). You can also set limitations and exclusions to further narrow down the target list. Note: If you are deploying Parallels Desktop on both Intel-based and Apple Silicon Macs, and your autodeploy package contains a virtual machine for one of the processor types, you need to select computers of a corresponding type. This can be done using Smart Groups. For more information, please see the following article on the Jamf website: https://learn.jamf.com/en-US/bundle/technical-paper-deploying-macos-upgrades-current/page/Creating_a_Smart_Computer_Group_to_Identify_Eligible_Computers.html. If you are deploying just Parallels Desktop (without any virtual machines), then this step is unnecessary.

10. If you would like the package to appear in the Self Service app on a Mac, click the Self Service tab, select the Make the policy available in Self Service option, and specify additional options if needed. The Self Service app allows the user to initiate the policy retrieval manually without waiting for it to trigger.

11. The User Interaction tab page allows you to specify messages that will be displayed to a Mac user when the policy runs on their Macs. If you want the installation to be completely silent, you can skip this page.

12. When done, click Save to save the policy.

Deploying the Package

Once the policy is retrieved by a Mac, it will install and activate Parallels Desktop on that Mac. Once completed, the user can begin working with Parallels Desktop.

If you are testing your policy, you can wait for it to trigger, or you can run it manually using the Self Service app. The app is installed when a Mac is enrolled in Jamf Pro and can be opened from the Applications folder in macOS. If there are errors executing the policy, you can review them in the app. Please also note that when testing a policy, don't try to run it on the same Mac that you use as a distribution point because an attempt to mount a share on the same Mac that hosts it will fail.

When you deploy Parallels Desktop to Macs, their operating system normally prompts users to authorize access to various sensitive folders (Documents, Downloads, etc.), devices (such as camera or microphone), and functions (screen and audio recording). For a smoother, more streamlined deployment, accepting some of those requests can be automated using Jamf’s PPPC utility, available .

The utility generates a configuration profile that can be added to the deployment package to pre-authorize privacy requests.

Single Application Mode is a special Parallels Desktop deployment option that allows you to largely obscure Parallels Desktop and Windows on a Mac, making Windows applications appear native to macOS. This mode is designed for system administrators who want Mac users in their organization to run one or more Windows applications while minimizing their interaction with Windows or Parallels Desktop.

When Parallels Desktop is deployed using Single Application Mode:

• A Mac user will not see the Parallels Desktop icon, user interface, or the virtual machine window while interacting with Windows applications.

• A Windows application icon is added to the Dock and registered in macOS for opening the associated file types. When the user clicks on the icon, the application will run on a Mac desktop like a native macOS application.

• A user's macOS workflows will remain largely unaffected by the background presence of Parallels Desktop and Windows.

Configuring Deployment Options

To deploy Parallels Desktop using Single Application Mode, do the following:

1. Add a virtual machine to the autodeploy package. For instructions, see . Please take note of the following:

   • You can add only ONE virtual machine when using Single Application Mode.

   • The virtual machine must be completely shut down before adding it to the autodeploy package. DO NOT simply close it, as this will be detected as a crash by Windows, and a Mac user will have to deal with it at startup.

2. Add a Windows application stub to the autodeploy package that will be used to run a desired Windows application on a Mac. If you want to deploy more than one Windows application, add a corresponding stub for each one. For details, please see .

3. To enable Single Application Mode, set the enable_single_application_mode="yes" parameter in the deploy.cfg file, as described in . The parameter is included in the User Experience section of the deploy.cfg file.

4. Deploy Parallels Desktop to Mac computers as described in .

Configuring Windows

For Windows to be completely hidden on a Mac, you need to make some changes manually because they cannot be automated. The following list describes these changes:

• Enable auto logon in Windows. Make sure that Windows in the virtual machine doesn't ask the user to log on. If this is not done, a Mac user will see the Windows logon screen when Windows starts or reboots.

• Configure file associations in Windows. This is necessary so that Windows doesn't open another Windows application when the user tries to open a file from the primary application. For example, let's say you deployed Outlook for Windows. A Mac user may try to open a text file attachment in Outlook. Normally, the file will open in Notepad in Windows, which may confuse the user. To prevent this, you can associate text files with TextEdit (a macOS application) in a virtual machine. The ability to associate file extensions with macOS applications is a standard Parallels Desktop feature available in Windows in a virtual machine. In addition, we recommend that you have as few applications installed in Windows as possible in order not to create additional file associations.

• Use the Productivity profile. When creating a virtual machine for Single Application Mode, choose the Productivity profile in the virtual machine Installation Assistant. If you are using an existing virtual machine, change its profile by going to Configuration > General > Configure for, clicking Change, and then selecting Productivity.

• Remove Sound & Camera devices from the VM configuration. This will eliminate the chance of macOS prompting the user to provide Windows with access to the respective hardware. To do that, go to Configure > Hardware > Sound & Camera and click the "-" button in the bottom left corner.

Configuring macOS

On this page, you can assign policies for pre-existing user groups that you can set up in Parallels My Account. Each user group is a sublicense of your main Parallels Desktop Enterprise Edition license with a unique key.

To create user groups and populate them with users, please refer to .

To create a new policy, click on the Add button in the top left corner of the page.

Presently, policies only define what users from your organization can do with their Parallels Desktop setups and not their virtual machines. The four available settings are:

• Do not allow removing corporate virtual machines;

• Do not allow upgrading to the next major Parallels Desktop version. This setting will still allow users to update their Parallels Desktop installations to a minor version (e.g., 20.0 to 20.1) but will prevent them from upgrading to a major version (e.g., from 20.x to 21.x) when it becomes available. Enabling this setting will allow you to first ensure that a major new version suits your needs before proceeding with a fleet-wide upgrade. Note: This setting will have no effect if your organization is running a local update server, or your update policies are managed via an MDM solution.

When adding a new policy, provide the following information:

1. Name. Use a unique descriptive name in case the number of policies increases in the future;

2. Description;

3. User group. This setting allows you to add and remove the groups that the policy applies to. To add a group, select one from the drop-down list and click Add. To remove one already added, click on the Trash Can symbol next to the one already listed;

4. Set the restrictions as described above;

5. Click Add.

The default view of the main Policies screen shows you the list of all the policies under your management, citing their names as provided during the setup process, their descriptions, and the list of groups they apply to. Right-clicking on a policy from the list allows you to edit or delete it.

This section of the Management Portal is where you go to designate the virtual machines that will be deployed across your organization.

At the moment, it contains sections for two virtual machine files available to all Parallels Desktop users in an organization, one for all your Apple silicon Macs and one for Intel Macs.

When adding a virtual machine for deployment, the following three fields are mandatory:

1. Name. Give the virtual machine a descriptive, easy-to-read name, e.g., {company_name} Windows 11 Pro for Arm;

3. Checksum (SHA-256). When packaging a virtual machine (right-click on it in the Control Center and choose Prepare for Transfer), the resulting .pvmp file is accompanied by a .txt file containing a SHA-256 checksum for it. Copy and paste the contents of that file in this field.

This chapter describes features that are specific to Parallels Desktop for Mac Enterprise Edition.

In Parallels Desktop for Mac Business and Enterprise Editions, configuration profiles are sets of parameters that can be applied remotely to a Parallels Desktop installation. Configuration profiles can be used to enable and configure the following functionality in Parallels Desktop for Mac Business Edition:

• Provisioning a corporate virtual machine image

• Enabling major version upgrades

Configuration profiles are created in an organization's Parallels business account. You must be the administrator of the account to create and manage configuration profiles. License administrators (admins who are allowed to manage specific licenses) cannot manage configuration profiles.

Configuration Profile Payloads

Payloads in a configuration profile contain settings specific to a particular functionality. For example, the VM for Apple Silicon Mac and the VM for Intel Mac payloads allow you to configure virtual machine image provisioning, while the Product Updates payload allows you to manage Parallels Desktop updates. The configuration profile itself is created and configured the same way, regardless of which of its payloads are configured and enabled.

A configuration profile can have one or more payloads configured and enabled. For example, you can configure and enable a particular payload in one profile and a different payload in another profile. This allows you to enable one functionality for one group of users and another functionality for a different group (see below how configuration profiles are applied to Mac computers). You can create as many profiles as necessary.

Applying Configuration Profiles to Mac Computers

Configuration profiles are applied to registered Mac computers based on a license or sublicense key that computers are using to run Parallels Desktop. After you create a configuration profile, you need to apply it to one or more license or sublicense keys in your subscription. By doing so, you are essentially applying the profile to Mac computers on which Parallels Desktop was activated using that license key.

The rest of this part of the guide describes how to:

• Create a configuration profile

• Apply the configuration profile to a license or sublicense key

• Configure individual payloads

Beginning with Parallels Desktop 16 for Mac Business Edition, IT administrators have an option to provision a corporate Parallels Desktop virtual machine image from a link that they specify in Parallels My Account.

Here's a quick overview of how this functionality works:

1. An administrator first creates a Parallels virtual machine image with the operating system installed. The virtual machine will serve as a corporate VM image to be deployed on users' computers to run Windows applications used in the organization.

2. The virtual machine is then saved as an archive (ZIP or PVMP, we'll talk about archive formats later) and is placed on a server from which Parallels Desktop users can download it to their computers via HTTP or HTTPS.

3. The administrator creates a configuration profile in Parallels My Account and specifies the download URL of the virtual machine image (together with other required parameters).

4. When a Parallels Desktop user initiates the process of creating a new virtual machine, Parallels Desktop checks if a configuration profile with the VM image link exists and is applicable to the Parallels Desktop license key used by this Mac computer. If the profile exists, a dialog is shown to the user, inviting them to download and install the corporate virtual machine image. If the user accepts, the virtual machine is downloaded to the user's computer and is registered in Parallels Desktop.

The subsequent sections describe how to perform the steps above.

The corporate VM image policy is checked every time a new VM creation process is started by the user in Parallels Desktop on a Mac computer. If the corporate VM image policy is set (a configuration profile with the VM for Intel Mac or VM for M-series Mac payload exists and has been applied to the license key used by this Parallels Desktop installation), the Parallels Desktop Control Center displays a message inviting the user to download the corporate VM image. If the user accepts the invitation, the VM image download begins and the progress indicator is displayed (note that because of the large size of a VM, the download may take some time). If the user declines, he/she is taken to the Installation Assistant where they can create a virtual machine from scratch.

After the VM image download completes, the image is unpacked, and the virtual machine is registered in Parallels Desktop.

This section allows you to monitor all the Parallels virtual machines in use with your organization and delete them in case of need. The list shows not only the corporate machines installed from the Golden Images, but also other virtual machines running on your users' Parallels Desktop installations.

You can use the drop-down menu in the top-left corner to select which of the following parameters you want to monitor:

• User name. This parameter is derived from the user account name on that Mac;

• Computer name;

• VM name. As designated during the virtual machine’s image preparation process;

• VM state. This parameter has the following possible values: Running, Stopped, Suspended, Unknown;

• VM status. This parameter will help you sort between active virtual machines, the ones whose Parallels Desktop setup had been deactivated, and the ones that have failed to delete;

• VM OS, VM Edition, VM OS build. This sorts your organization’s virtual machines by the operating systems, including editions and build numbers;

• VM Source. This parameter helps you indentify which virtual machines were set up using your company's Golden Images;

• Last used date (UTC). This shows when the particular virtual machine was last launched. This parameter may help you quickly find unused virtual machines;

• Last reported date (UTC). This parameter shows the date and time a specific virtual machine’s presence was reported to the server;

• Parallels Desktop version. This shows the major version number of the Parallels Desktop installation used to run a particular virtual machine. This may help you identify installations that have failed to upgrade to a newer, better version of Parallels Desktop;

• Parallels Tools Version. Using this parameter, you can, for example, identify the machines in your organization that either do not have Parallels Tools installed or use an outdated version;

• Mac serial number;

• CPU. In this column, you can sort your virtual machines by their operating systems’ target architecture: Intel or Arm (Apple silicon);

Uncheck the parameters you won’t need for your monitoring requirements.

Use the drop-down menu in the bottom-right corner to adjust the number of virtual machines shown per page from 10 to 40.

Use the search bar in the top right corner to find virtual machines by their known parameters, or use the individual filters in each column to search by that column’s parameter. Clicking on the funnel symbol in the header of each column will help you filter virtual machines by a specific parameter.

This may, for example, help you quickly identify the machines that require your immediate attention when an urgent upgrade is required to plug a known severe vulnerability.

Deleting a specific virtual machine

Once you have located a specific virtual machine, you can delete it by right-clicking on it and selecting Delete Virtual Machine. Read the dialog carefully and confirm by clicking Delete.

If you delete the only virtual machine that was running on a particular Parallels Desktop installation, its user will be offered to download a new virtual machine from the Golden Image supplied by your organization.

Windows application stubs are special links to Windows applications installed in a virtual machine that can be added to the Dock in macOS during deployment.

About Application Stubs

Application stubs are created in macOS when you create a virtual machine and install Parallels Tools in it. To see application stubs for a virtual machine:

1. In macOS, navigate to /Users/<user-name>/Applications (Parallels)

2. Expand a desired virtual machine folder. For example, Windows 11 Applications, as shown in the screenshot below:

The icons in the folder are Windows application stubs. If you double-click an icon, the corresponding Windows application will be started in the virtual machine.

You can add one or more application stubs to the autodeploy package to be added to the Dock on a target Mac computer. For example, if your Mac users use a particular application most of the time, it would make sense to add it to the Dock so they can quickly launch it without dealing with the user interfaces of Windows or Parallels Desktop.

Windows application stubs are mandatory when you deploy Parallels Desktop using Single Application Mode. For more information, please see the Single application mode section.

Adding Application Stubs to the Autodeploy Package

To add one or more application stubs to the autodeploy package, simply copy it to the Windows Application(s) stubs to add to Dock folder of the package.

To create a configuration profile:

1. Log in to your Parallels business account.

2. In the Parallels Desktop for Mac Enterprise Edition product card, click Registered Computers.

3. Click the More item in the main menu (top right) and choose Configuration Profiles, as shown in the screenshot below.
4. The page listing configuration profiles opens. If you haven't created any profiles yet, the list will be empty.

5. Click the Create Profile button. A dialog opens where you can configure the profile.
6. To replace the default profile name (top left), simply erase the default name (New Configuration Profile) and type a new one.

7. The payloads are listed in the left pane. To configure a payload, select it and then specify the necessary settings in the right pane. Each payload has the "Enable..." option at the top of the right pane. This option enables or disables a payload but doesn't change or discard the payload settings. When a payload is enabled, it is included in the configuration profile when the profile is applied to Mac computers. When a payload is disabled, it is not included, so Mac computers don't receive it. For creating the payload (i.e, a virtual machine image), refer to this page of the guide.

8. When done, click Save to save the configuration profile.

At this point we will not configure any of the payloads yet and will go straight to applying the configuration profile to a license or sublicense keys (it is allowed to create a profile with all payloads disabled). Once you learn how to create and apply a configuration profile, we'll talk about how to configure and use each individual payload.

Prior to Parallels Desktop 16, users were not automatically upgraded to the next major Parallels Desktop version. Starting with version 16, this option became available.

In the past, to upgrade Parallels Desktop for Mac Business Edition to a newer version, an IT administrator would need to set up a local update server or use a remote management tool or install the new version manually on a Mac computer. With this new option, administrators have the ability to automate major version upgrades if the organization policy allows it.

Here's a quick overview of how this feature works:

1. You create a configuration profile in Parallels My Account and configure the Product Updates payload where you enable or disable the "Allow upgrade..." option.

2. You then apply the configuration profile to a license or sublicense key.

3. Parallels Desktop periodically checks if a new major version is available. If it is, depending on how updates are configured in Parallels Desktop, the user will see a notification (with an option to upgrade or postpone), or the upgrade will be performed silently. When the upgrade is initiated, the new major version of Parallels Desktop is downloaded to the Mac computer and installed on it. After that, Parallels Desktop restarts, completing the upgrade.

The subsequent topics describe in detail how to configure and use the major version upgrade functionality.

Once your organization’s Parallels Desktop setup grows beyond a couple of dozen machines, the need often arises to manage them more granularly while relying less on manual procedures for things like setup, updates, and maintenance.

Thankfully, one of the main features of Parallels Desktop Enterprise Edition is the Parallels Management Portal — your one-stop shop for setting up and controlling your entire fleet of Parallels Desktop installations and virtual machines.

This section of the guide deals with all the tasks that can be completed from the Management Portal, such as deployment, management, policy provisioning, and removal of virtual machines.

You can reach the Management Portal by clicking the respective button in your business profile or directly following this .

Configuration profiles are applied to registered Mac computers based on a license or sublicense key that they are using to run Parallels Desktop. By applying a configuration profile to a license or sublicense key, you are essentially applying it to Mac computers that use (or will use in the future) that key.

To apply a configuration profile to a license or sublicense key:

1. In Parallels My Account, click Dashboard in the top menu and then click Active subscriptions inside the Parallels Desktop for Mac Business Edition product card.

2. Click a subscription to open a page containing the subscription information.

3. In the License Keys list, choose a license or sublicense key and click the "gear" icon at the end of the row. This opens a dialog containing the license key information and settings. In the dialog, select the Configuration Profile tab.
4. Initially, the tab page will say that "Configuration profile is not set" and the drop-down menu next to it will contain the "Default" profile. This is because you haven't applied a custom configuration profile to this license key yet.

5. Expand the drop-down menu and select the configuration profile that you created earlier.

6. Click Save.

Once a configuration profile is applied to a license key, the following will happen on Mac computers that use this key:

• The next time Parallels Desktop communicates with Parallels cloud, it will receive the configuration profile and will save the data that it contains locally.

• When an action is performed (by the user or by a scheduled event) that has to do with one of the configuration profile payloads, the data is read from the local storage and is used accordingly depending on the payload and its settings. This is described in more detail in topics that describe individual payloads.

This concludes the description of how to create a configuration profile and how to apply it to a license or sublicense key. The subsequent sections describe how to configure individual payloads and how to use the corresponding functionality when managing Parallels Desktop installations in your organization.

Asset tags help identify, control, and track computer assets in an organization. Parallels Desktop for Mac Business Edition provides the ability to set an asset tag in the virtual machine BIOS, which can then be read using the standard tools of the guest operating system. You can set an asset tag using the Parallels Desktop graphical user interface or the prlctl command line utility that comes with Parallels Desktop.

To set an asset tag using the Parallels Desktop GUI:

1. On the Parallels Desktop menu bar, select Actions > Configure to open the virtual machine configuration dialog.

2. Select Business.

3. Use the Asset tag field to specify the desired tag.

To set an asset tag using the prlctl command line utility, use the following syntax:

prlctl set ID|name --asset-id tag

where ID|name is the virtual machine ID or name, and tag is the asset tag to set.

To obtain the asset tag in Windows, use the WMIC.exe command:

WMIC SystemEnclosure get SMBIOSAssetTag

For the complete syntax of the WMIC utility please see the Microsoft documentation.

Once set, the asset tag never changes. Even if you perform such virtual machine operations as cloning, template manipulation, registering, or any other, the asset tag always stays the same. If you do want to change an existing asset tag for any reason, you can do it manually using of the methods described above.

To create a configuration profile for enabling major version upgrades, do the following:

1. Begin creating a new configuration profile as described in the Creating a configuration profile section.

2. When you have the new configuration profile dialog open, select the Product Updates payload in the left pane.
3. In the right pane, select the Enable managing product updates option. This will enable the payload, so when the configuration profile is sent to Mac computers, they will receive it.

4. To enable major version upgrades, select the Allow upgrade to the major Parallels Desktop version option.

5. Click Save to save the configuration profile.

The configuration profile now needs to be applied to a license or sublicense key. If you haven't done so already, use the instructions in the Applying a configuration profile to a license key section and apply the profile.

The Parallels Customer Experience Program is a feedback solution that allows Parallels Desktop to automatically collect usage statistics and system information that will help Parallels to improve the product's quality and support for popular configurations.

To avoid possible security and privacy issues, a suspended Windows virtual machine can be completely locked from user interaction and viewing. When this option is enabled and a virtual machine is suspended, the Windows desktop in the virtual machine window (and in the Parallels Desktop Control Center) is replaced with a black background and the Windows session is interrupted. When the virtual machine is resumed, the Windows session is remained locked and the user will have to enter their credentials or authenticate (depending on how Windows is set up) to unlock it and see the Windows desktop.

To enable or disable this option:

1. Open Parallels Desktop and select the desired virtual machine (e.g. the source virtual machine when preparing it for mass deployment).

2. On the Parallels Desktop menu bar, select Actions > Configure to open the virtual machine configuration dialog.

3. Click the Security tab.

4. Depending on your needs select or clear the Always lock Windows on suspend option.

5. Close the dialog.

Parallels Desktop Enterprise, Business, and Pro editions include developer tools which are aimed at software developers using Parallels Desktop as part of their development and testing setup. The tools are accessed by clicking the Develop menu on the virtual machine menu bar and then choosing one of the available options (e.g. Start SSH Session, Start Debugging Session, and others). If users in your organization are not using these tools, you can hide the Develop menu altogether. The reason you would want to do this, some of these features (if used accidentally) may start a debugging session or engage in some other development-specific activities that may temporarily disrupt normal Parallels Desktop operation.

This option is a part of a virtual machine configuration and can be set using the Parallels graphical user interface as follows:

1. Open the virtual machine configuration dialog (click the gear icon or choose Actions > Configure).

2. In the dialog, click Options (at the top) and then click More Options in the left pane.

3. In the right pane, select or clear the Show developer tools option. This will show or hide the Develop menu on the virtual machine menu bar (you don't have to restart a virtual machine if it's running).

To modify this setting from the command line, execute the following command in Terminal:

prlctl set ID|Name --show-dev-tools on|off

where ID/Name is the GUID or name of a target virtual machine.

When mass deploying Parallels Desktop on Mac computers in your organization, you can configure the autodeploy package to apply these settings to all included virtual machines automatically. For details, see Configuring deployment options.

A Parallels virtual machine can be encrypted from the Parallels Desktop graphical user interface. This is done from the Security tab of the virtual machine configuration dialog.

You can also use the prlctl command line utility (included with Parallels Desktop) to perform a full set of encryption operations on a virtual machine.

The following command line options are available:

• Encrypt a virtual machine

  prlctl encrypt <ID | NAME>

• Decrypt a virtual machine

  prlctl decrypt <ID | NAME>

• Change the encryption password

  prlctl change-passwd <ID | NAME>

The <ID | NAME> parameter can be either the virtual machine ID or the virtual machine name. When encrypting a virtual machine, you'll be asked to enter a password phrase, which will be used to encrypt the machine. When decrypting a virtual machine, you will be asked to enter the current password. When changing the password, you'll be asked to enter the old password and then the new password.

The encryption password will also be required to perform any other command line operation on an encrypted virtual machine, including starting, stopping, restarting, pausing, suspending, cloning, deleting a virtual machine, etc. For example, to start an encrypted virtual machine, you'll use the following command:

$ prlctl start my_virtual_machine

After executing the command above, you'll be asked to enter the password:

Virtual machine "my_virtual_machine" is encrypted - password required to continue operation
Please enter password:

After typing in the correct password, you'll see the following output:

Starting the VM...
The VM has been successfully started.

If you need to execute a command remotely without having to enter the password on every Mac, you can send the password via standard input (stdin) as shown in the following example:

$ echo mypass | prlctl start my_virtual_machine
Virtual machine 'my_virtual_machine' is encrypted - password required to continue operation
Please enter password:
Starting the VM...
The VM has been successfully started.

If you need to provide two passwords (as with the change-passwd command that changes the password), you can save the passwords to a text file and then use the following syntax:

$ cat /tmp/pass | prlctl change-passwd my_virtual_machine
Virtual machine 'my_virtual_machine' is encrypted - password required to continue operation
Please enter password: 
Please enter new password:
The password has been successfully changed.

The /tmp/pass file in the example above should contain the old password on the first line and the new password on the second line:

$ cat /tmp/pass
mypass
newpass

If you would like us to improve or add a specific feature to the Parallels Management Portal, you can use our feedback form by clicking on the user icon in the top-right corner and selecting the Provide Feedback option. Just type in your request and hit Send, and our Product Management team will receive your idea via email.

As administrator of a large Parallels Desktop for Mac deployment, you may need to restrict your users' ability to perform certain common actions, such as creating a completely new virtual machine that would be outside of your control and not configured to your company's standards, or remove your standard-issue corporate virtual machine.

One of the advantages of Parallels Desktop for Mac Enterprise Edition is the ability to set up, monitor, or change all such policies on all of your organization's workstations in a centralized manner via the Parallels Management Portal. Refer to the Policies section for more information.

Your users won't be able to access the Settings -> Security panel on their managed machines where that panel looks like this:

When configuring USB device settings for a virtual machine, you can enforce what types of USB devices are allowed to be connected. For example, if storage devices (in general) are not allowed, the Mac user will not be able to connect an external hard disk or thumb drive to the virtual machine. This functionality is available in Parallels Desktop Business edition only and is absent in other editions.

To enforce USB device policies, open the virtual machine configuration window and select Hardware > USB & Bluetooth.

In the Allow external devices list:

• Clear the types of devices that you don't want Mac users to connect to the virtual machine.

• Select the types of devices that should be allowed.

Single Application Mode is a special Parallels Desktop deployment option that allows you to largely obscure Parallels Desktop and Windows on a Mac, making Windows applications appear native to macOS. This mode is designed for system administrators who want Mac users in their organization to run one or more Windows applications while minimizing their interaction with Windows or Parallels Desktop.

To make Parallels Desktop run in Single Application Mode, you need to deploy it on Mac computers via the autodeploy package. This includes preparing the autodeploy package in a special way and then either deploying it on Mac computers using Mac management tools or running it manually on a Mac.

For more information about how to use the autodeploy package and how to deploy Parallels Desktop in Single Application Mode, please see the following sections of this guide:

• Mass deployment using Mac management tools

• Single application mode

You can set an expiration date for a virtual machine. This can be a useful option if you are preparing a virtual machine for a contractor (or a third party user) and want to make sure that it works only for the duration of the contract.

To set an expiration date for a virtual machine:

1. Open Parallels Desktop and select the desired virtual machine.

2. On the Parallels Desktop menu bar, select Actions > Configure to open the virtual machine configuration dialog.

3. Select the Security tab.

4. An expiration date can only be set on an encrypted virtual machine. If your machine is not yet encrypted, click Encryption: Turn On, specify an encryption password, and click OK. Make sure to record the password or you will not be able to start the virtual machine. Wait until the encryption process finishes.

5. To set an expiration date for the virtual machine, click Expiration Date: Set Date, specify a password and click OK. Make sure to record the password to be able to change the expiration settings later. You should keep this password secret to prevent the prospective user of the virtual machine from changing the expiration date.

6. On the next screen, specify the following options:

   • Do not allow this VM start after: specifies the virtual machine expiration date.

   • Contact info: specifies the system administrator email, phone number, or other contact information. This information will be included in the message that will be displayed to the user when the virtual machine is about to expire. You can include each piece of information on a separate line.

   • Time Server: specifies the time server URL. The virtual machine expiration time will be checked against this server. The default time server is https://parallels.com.

   • Date Check Frequency: specifies how often the date and time should be verified against the time server. You can specify it in minutes, hours, or days.

   • If unable to check date, use VM for: specifies for how long the virtual machine should be kept working if the time server cannot be reached. For the duration of this period, the virtual machine will continue to check the date. If it succeeds before this period is over, the counter is reset, and the virtual machine will continue to work normally.

7. Click OK when done entering the expiration info.

8. To modify the current expiration date or password, click Expiration Date: Change Date or Expiration Date: Change Password and enter the new values.

When the expiration date approaches, the virtual machine user will be notified as follows: a message will begin to be displayed seven days before the expiration date. The message will be shown to the user every 24 hours and additionally on every virtual machine startup. Once the date is reached, the virtual machine will be locked, so the user will not be able to start or resume it anymore.

Starting from Parallels Desktop 18, the Activation using corporate account (sometimes referred as SSO-activation) option became available.

This option works best for Medium and Enterprise size organizations that have an identity provider (e.g., Entra ID) and rely on it to automate applications license management routines. With SCIM integration (optional) licenses from contractors and people who left the company and removed from the identity provider directory will be automatically revoked. There is also an option to automatically revoke licenses from people who are not using the product for a long time.

The license key is also not used in this scenario, so there are less chances for it to be misused.

There are three major steps to enable this option:

1. This option works only if you purchased a special license type. Please check your license certificate for details and contact your sales representative if you have questions. Note that the minimum purchase for this license type is 50 licenses and it is not available as an online purchase from parallels.com.

2. IT team has to setup integration between your identity provider (Entra, Okta, Ping Identity, or others that support SAML 2.0 and SCIM 2.0) and Parallels My Account by using the "Configure SSO-based activation" guide that is available in this KB article. If there is no guide for your identity provider, it is recommended to follow the one for Entra ID.

3. To provide your employees with the best user experience use the deployment capabilities described in this guide or simply share this link with users: https://parallels.com/directdownload/pd?experience=sso.

To set up a Parallels Desktop update server, you'll need a local Web server. Install a Web server on a computer connected to your network (or use an existing one).

With Parallels Desktop Enterprise Edition, you can set up a local update server on your network from which Mac users can get Parallels Desktop updates. Updates are released periodically to improve the performance and reliability of Parallels Desktop. To reduce Internet traffic when downloading updates, you can set up a local update server, download the available updates to it, and then set up individual Macs on your network to take the updates from it instead of the Internet. Read on to learn about setting a local update server.

Parallels Desktop for Mac Enterprise Edition allows you to protect the configuration of a virtual machine with a custom password. When a password is set, even a local Mac administrator will be required to enter it in order to modify virtual machine settings.

Setting the Password via GUI

To set a password in the Parallels Desktop graphical user interface:

1. Open Parallels Desktop and select a virtual machine.

2. On the Parallels Desktop menu bar, select Actions > Configure to open the virtual machine configuration dialog.

3. Select Security.

4. Click the Custom password: Turn On... button.

5. Enter a password, then enter it again to verify and click OK.

To change or remove the password:

• To change the password, click the Change Password button and follow the instructions on the screen.

• To remove the password, click Custom password: Turn Off and follow the instructions on the screen.

If the password is set and the user tries to view or modify the virtual machine configuration, they will be required to enter this custom password.

Setting the Password via CLI

In addition to the graphical user interface, you can use the prlctl command-line utility to set a custom password for editing the virtual machine configuration.

To set the password, type the following command in Terminal:

prlctl set "vm_name" --custom-pwd

where vm_name is the virtual machine name in quotes. You'll be asked to enter a password and then confirm it.

To change or remove the password, type the same command as above:

prlctl set "vm_name" --custom-pwd

You'll be asked to enter the current password and then a new password.

To view the current protection status for a virtual machine, type the following command:

prlctl list "vm_name" -i

In the output, search for the Security section and look at the Custom password protection property. It will be either set to "on" or "off".

Setting the Password Using the Mass Deployment Process

If you are mass deploying Parallels Desktop and one or more virtual machines, you can simply set the custom password in the source virtual machine. When a virtual machine is deployed on Mac computers, the password will be retained.

By default, Parallels Desktop Business and Enterprise Edition downloads updates from a special location on the Parallels website dedicated to hosting Parallels Desktop Business and Enterprise Edition updates. Parallels Desktop Standard and Pro editions download their updates from a different location. As an administrator, you have an option to choose the location from which Parallels Desktop Business or Enterprise Edition downloads updates. The reason why you would want to do this is explained below.

When Parallels Desktop updates are released by Parallels, they become immediately available for Parallels Desktop Standard and Pro Editions. Updates for Parallels Desktop Business and Enterprise Edition are released at a slightly later date (from a few days to 1-2 weeks from the initial release). The delay is necessary for additional testing of business features of Parallels Desktop to ensure they meet the highest quality standards. During this period, we even give an updated version of Parallels Desktop to some of our corporate customers,who test and evaluate it in their real-world environments.

We recommend that you use the default configuration and download Parallels Desktop Business/Enterprise Edition updates when they are finalized and available for download. However, if for any reason you don't want to wait, you can configure Parallels Desktop Business or Enterprise Edition to download updates from the Parallels Desktop Pro location. The updates are the same regardless of where you download them from. The only difference is, the updates downloaded from the Parallels Desktop Pro location will have not been fully tested in a business environment.

When you mass-deploy Parallels Desktop, you can set the desired Software Update options in the deployment configuration file. Mass Deployment of Parallels Desktop is described later in this guide. For more information, please read the entire and specifically the section. Look for the Software Updates section in the parameter table.

If you need to modify Parallels Desktop software update options on a specific Mac without using the Mass Deployment procedure, you can do this as described below.

To configure Parallels Desktop to download updates from the Parallels Desktop Pro location, execute the following command on a Mac:

The command above writes the specified URL (the parameter in the second part of the command) into the Parallels Desktop plist file. Please note that the "v20" part of the URL indicates the current Parallels Desktop version number. If you are using a later version, substitute this part with the correct number.

To switch back to the default Parallels Desktop Business/Enterprise download location, execute the following command:

Create a file named parallels_updates.xml on the Web server where it can be accessed via HTTP. The file is an XML document that should contain specifications for a particular Parallels Desktop update available on your local updated server.

To create your own document, use the following sample XML document and the XML document specification that follows it as a reference.

A Sample parallels_updates.xml File

XML Document Specification

The next step is to configure individual Macs to take their updates from the local update server. This can be done automatically during the mass deployment of Parallels Desktop by modifying the appropriate deployment configuration option. Please see Configuring Deployment Options for the complete info (see the description of the Software Updates section of the configuration file).

If you have an existing Parallels Desktop installation that was not configured for automatic updates during deployment, then read on to learn how to do it manually.

To configure Parallels Desktop automatic updates, you need to modify the Parallels Desktop property list file on a Mac as follows:

1. Find the com.parallels.Parallels Desktop.plist file located in the Library/Preferences subfolder in the user's home folder. This is the Parallels Desktop property list file that contains the user-specific information.

2. Open the file using the Property List Editor application (included with Xcode).

3. Set the update policy by modifying the Application preferences.VolumeLicenseUpdatePolicy property. If the property doesn't exist, add it to the file specifying its data type as String. Set the property value using one of the following options (see also the Notes subsection below):

   • "Parallels" — when this value is set, the updates will be downloaded from the Parallels update server via the Internet. The value is case-sensitive.

   • Complete URL of the parallels_updates.xml file residing on your local update server. For example, "https://10.0.0.1/pdfm/v8/en_us/parallels/parallels_updates.xml". When the URL is specified, the updates will be obtained from the local update server.

   • "None" — automatic updates are disabled. The value is case-sensitive.

4. Specify how often Parallels Desktop should check for updates. This is done by modifying the Application preferences.Check for updates property. If the property doesn't exist, add it to the file specifying its data type as Number. Specify the property value using one of the following options:

   • 0 — Never

   • 1 — Once a day

   • 2 — Once a week

   • 3 — Once a month

5. Set the automatic download option. Find the Application preferences.Download updates automatically property. If it doesn't exist, add it to the file specifying its data type as Boolean. Set the property value using one of the following options:

   • True — Download updates automatically. Specify this value when using a local update server.

   • False — Notify the user about the updates but don't download them automatically. This option is useful only when updates are downloaded from the Parallels update server, and the user has full control over the update functionality.

6. Save the file and close the Property List Editor application.

Notes

On initial Parallels Desktop activation using a Business Edition key, the Parallels Desktop update properties will be absent from the com.parallels.Parallels Desktop.plist file. In such a case, a Mac user will be able to configure Parallels Desktop automatic updates using the Parallels Desktop graphical user interface.

When the update-related properties are added to the com.parallels.Parallels Desktop.plist file, the automatic updates will be performed according to the specified values. In addition, the value of the Application preferences.VolumeLicenseUpdatePolicy property will affect the Parallels Desktop update-related elements in the Parallels Desktop graphical user interface as follows:

• If the property contains a URL of the local update server or "None", the Parallels Desktop update-related controls will be disabled (grayed out) in the Parallels Desktop graphical user interface. The displayed settings will have no effect on how the Parallels Desktop updates are carried out. Therefore, the user will not be able to configure automatic updates or check for updates manually.

• If the property doesn't exist, has no value, or contains "Parallels" as a value, the Parallels Desktop update controls will be enabled in the user interface giving the user the ability to configure automatic updates and check for updates manually.

Parallels Desktop Control Center is a part of the Parallels Desktop graphical user interface. It's a window from which a Mac user launches virtual machines. By default, the Control Center displays the list of the available virtual machines, as in the following example:

You can customize the Control Center by specifying a URL to your own HTML document, which will be embedded at the top of the Control Center window. The HTML page can contain text, graphics, and links such as your company logo, custom text, a link to a support page, etc. The HTML document format doesn't have any specific requirements.

The URL must be specified during the preparation stage of the . Specifically, you need to specify the URL and the HTML page size using the following variables in the mass deployment configuration file (deploy.cfg):

• control_center_banner_url

• control_center_banner_height

• control_center_banner_min_width

The following is an example of Parallels Desktop Control Center displaying a custom banner at the top.

You can download a sample HTML document defining the banner using the following URL:

When users run Parallels Desktop Enterprise Edition, they can get support at any time by clicking the Help > Support Center menu. By default, this will open one of the following:

• If you are a large organization with your own Help Desk, the menu will open a message box saying the user should contact the system administrator for assistance.

• If you are a small organization without a Help Desk or if you are using a trial version of Parallels Desktop, the menu will open the Parallels Desktop support web page.

You can change the default behavior described above and make the Help > Support Center menu open a custom URL, such as your corporate Help Desk page or any other web page you desire.

The customization can be done during mass deployment of Parallels Desktop by modifying the corresponding deployment configuration parameter. Please see for the complete info (see the description of the Help and Support section of the configuration file).

You can also make the customization manually on an individual Mac as follows:

1. Log in to the Mac.

2. In the Finder, navigate to the /Users/<User_Name>/Library/Preferences directory and locate the com.parallels.Parallels Desktop.plist file.

3. Open the file using the Property List Editor application, which is included with Xcode.

4. Find the SupportRequestUrl property in the file. If the property doesn't exist, add it to the file specifying its data type as String.

5. To specify the action that should be performed by the Help > Support Center menu, set the value of the SupportRequestUrl property:

   • To display the default text message, clear the property value.

   • To open a URL, specify the full URL of the desired web page or resource.

If a virtual machine user forgets the password of their guest OS account (e.g. a Windows user password), it can be reset outside the virtual machine using the command line interface.

To use this functionality the following conditions must be met:

• Parallels Tools must be installed in the guest OS.

• The virtual machine must be running. If it's stopped, start it and wait until you see the guest OS login prompt.

• Depending on your requirements, the following option can be selected or cleared in the virtual machine configuration dialog: Security > Require Password to: [ ] Change guest OS password via CLI. If this option is selected, you will be asked to provide the macOS administrator password to change the guest OS password from the command line. If the option is cleared, the administrator password will not be required. By default, the option is cleared.

To reset the password, open Terminal and enter the following command:

prlctl set vm_name --userpasswd username:new_password

where:

• vm_name is the virtual machine name. To obtain the list of virtual machines installed on this Mac, type prlctl list.

• username is the guest OS user name.

• new_password is the new password.

Example:

prlctl set My_Win8_VM --userpasswd JohnDoe:A12345

If the Require Password to: Change guest OS password via CLI option is selected in the virtual machine configuration dialog (see above), the command will display the following text and prompt:

Only host administrator can change user password in the guest OS.
Confirm your administrator credentials.
Username:

Enter the name of the macOS user with administrative privileges and press the Enter key. Type the user password and press Enter again.

Once the new password is set, you can use it to log in to the guest OS.

To create a configuration profile for VM image provisioning:

1. Begin creating a new configuration profile as described in the Creating a Configuration Profile section.

2. When you have the new configuration profile dialog open, select VM for Intel Mac or VM for M-series Mac payload, depending on the image type that you want to provision.
3. In the right pane, select the Enable VM image provisioning option and specify the following properties:

   • Name: Type a name for the VM image as you want it to be named in this profile. This is the name your users will see in Parallels Desktop when they receive an invitation to download it. This field is mandatory.

   • Description: An optional description. The end user will see this description in Parallels Desktop. For example, if a VPN connection is required to download the image, you may include this information here.

   • Download URL: The VM Image download URL. Mac users must be able to download the image via HTTP or HTTPS using this URL. This field is mandatory. For additional info, please see Creating and Uploading Virtual Machine Images.

   • Checksum (SHA-256): The VM image checksum. This field is mandatory. If you used the PVMP format to archive the virtual machine, the checksum was calculated automatically and saved as a VmName.sha256.txt file. If you archived the virtual machine using the ZIP or other supported format, you'll need to calculate the checksum. For the info about the PVMP format and how to calculate the checksum, please see Creating and Uploading Virtual Machine Images.

4. Click Save to save the configuration profile.

The configuration profile now needs to be applied to a license or sublicense key. If you haven't done so already, use the instructions in the Applying a configuration profile to a license key section and apply the profile.