Enroll Apple devices

Enrolling devices is the first stage in managing a mobile device and here you can know the various steps involved in enrolling Apple devices. Before enrolling any Apple device, it is mandatory you upload an APNs certificate in MDM as explained here

Pre-requisites

Enrolling devices

Follow the steps mentioned below to enroll both Mac and iOS devices.

In case you want to seamlessly enroll Apple devices in bulk, you can enroll using DEP and Apple Configurator.

  1. On the web console, navigate to Enrollment

  2. Click Enroll Device and select Apple. From here, you will have an option to choose between iOS and Mac.

  3. If you wish to complete the enrollment without any user intervention, select By Myself. This will display the OTP on the next screen

  4. If the enrollment is to be completed by the user, select Through User Invites.

  5. User Name- Enter the user name of the device that needs to be enrolled.

  6. Email address- It is mandatory to  enter the email address of the user who will receive the enrollment request.

  7. Owned By- Owner of the device either Corporate or Personal

  8. Assign to Group- Specify the group to which the device should be added. If you select an existing group from the drop down, then the newly added device will automatically get all the apps and profiles which were already distributed to the group. By doing so you can automate the process of imposing the minimum required restrictions and apps to all the newly added devices.

    If you add a new group name, then a new group will be created and the device will be added to it.

  9. Click Send Enrollment Invite or Next to continue with device enrollment

Ensure that you configure your Proxy settings, and the mail server settings, so that you the user can receive the email with the OTP. (This is not applicable for MDM Cloud)

After enrollment Users will receive an email with the  enrollment instructions and the link to enroll the devices. Based on the authentication policy defined for enrollment, users will be receiving the OTP.  Users need to manually install the MDM profile by clicking on the enrollment request. All enrolled devices will be listed in the Devices Tab in the Mobile Device Manager Plus console under Groups and Devices.

Enroll additional devices for same user

You can enroll multiple devices for the same user. In case a user has more than one mobile device that needs to be managed,  you can enroll those devices by following the steps mentioned below;

  1. On the web console, navigate to Enrollment

  2. Under Devices choose the User Name to whom you wanted to enroll the additional device

  3. Under Actions click Enroll Additional Device option.

  4. Specify the Platform as iOS or Android or Windows

  5. Specify the  Owned By type as Corporate or Personal and click Enroll

The mail to enroll additional device would be sent to the specified user.

Bulk Enrollment

This option facilitates you to enroll many devices at a same time. You can simply create a csv file with the User Name, Domain Name, Email, Platform and Owned by details and upload the same. Multiple entries should be in separate lines. Refer the below mentioned csv file for example,

Sample CSV Format

     USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,PLATFORM_TYPE,OWNED_BY,GROUP_NAME,UDID
     ANDREW,,andrew@mobiledevicemanagerplus.com,iOS,Personal,IOS_Group,00f0ba8f7a6c41cca9cc5fd6b7ee666b
     Note : 
     1. The CSV file should contain the following fields: User Name, Domain Name, Email Address, Platform Type, Owned By, Group Name and UDID.
     2. UDID is applicable only for iOS devices
     3. The fields User Name, Email Address and Platform Type are mandatory. All the other fields are optional. If not provided, default values will be taken.

     4. The default values for various non-mandatory fields are: 
               Domain Name -- MDM
               Owned By -- Corporate
               Group Name -- Default Group for given Owned By & Platform Type.
     5. The first line of the CSV is the column header and the columns can be in any order.
     6. Blank column values should be comma separated.
     7. If the column value contains comma, it should be specified within quotes.

Follow the steps mentioned below, to enroll devices through Bulk Enrollment.

  1. On the web console, navigate to

  2. Click  Bulk Enrollment . A window opens, click Browse to upload the created CSV file and Import the same.

    Enrollment mail will be sent to all the users listed in the csv file.

Enrollment process on Apple devices

The users, upon receiving the enrollment requests, can enroll their device as given below. The steps differ for devices running iOS 12 and above versions.

Follow the steps given below to enroll devices below iOS 12

  1. Users should note down the OTP. OTP is case sensitive.

  2. Clicking the link in the email will open a window and prompt for the OTP

  3. User should specify the OTP received in the email and click Continue. After validating the OTP, a confirmation screen will appear. Click Continue.

  4. Click Install to install the profile

  5. The profile will be installed.

  6. Click Done to view the enrollment status

    The device enrollment process has been successfully completed and the device will be listed in Mobile Device Manager Plus.

Follow the steps given below to enroll devices running iOS 12 and above

  1. Click on the invitation link in the e-mail and specify the OTP received.
  2. This will validate the invitation and ask to Continue the enrollment process.
  3. You will be notified that MDM is trying to download and install a profile on the device. Click on Agree to download the profile.
  4. You will then have to manually install the profile by navigating to Settings -> General -> Profiles and click Install Profile for the MDM Profile.
  5. This will complete the enrollment process on the device.
  6. Once the device enrollment is completed, the device will be scanned and the users will receive an App Catalog and MDM Profile . All the Apps that are distributed by Mobile Device Manager Plus will be listed in the App Catalog.  Users can choose the App and install them by clicking on it. Incase of App store App, by clicking on the App users will be prompted to enter their Apple ID and password and the App will be downloaded from the App store. MDM profile is the profile used by Mobile Device Manager Plus to manage the mobile device, if the user removes the MDM Profile, then all the Apps that has been installed  through Mobile Device Manager Plus and the policies applied will be reverted.

    Distributing ME MDM app to enrolled devices

    When ME MDM App is installed on the device, you get advanced control over the device. Using ME MDM App helps administrators to identify Jail broken devices and also helps in location tracking. You can view where the device is geographically located by using this App. This App can be distributed to all the managed devices by following the steps mentioned below:

    1. Click Enrollment

    2.  Under iOS select ME MDM App

    3. Enable the check box  to automate the distribution of ME MDM app to all the managed Apple devices.

    You have successfully distributed Apps to groups. The distributed Apps will be listed in the App Catalog of the user's mobile device. Users can click on it and install the App. If this App is installed on a device running iOS 7 or later versions, then the app will automatically fetch Server Name, Port number and Enrollment ID. On the devices running iOS versions lower than 7.0, users should provide the Server Name, Port number and Enrollment ID which was sent to them via email. After installing the ME MDM app, you can see that the App Catalog will be moved inside the app automatically.  You will able to track the geographic location of the device by configuring location tracking

    Removing an enrolled device

    1. On the web console, navigate to Enrollment

    2. Click on Enrollment tab

    3. Click Search button and search for the device by using its known properties( user name, device name etc)

    4. Click on Action button and select Remove Device

    5. In the confirm box that appears, click OK.

    Removing the device removes all profiles and apps associated with the device. ME MDM app is also removed if installed through MDM.

    Troubleshooting Tips

    1. Users are unable to access the URL sent via e-mail

    1. Mobile Device Manager Plus server is not running or not accessible by the users.

    2. Check if the firewall running in Mobile Device Manager Plus Server is blocking the communication (at port 9020/9383)

      If you are using Mobile Device Manager Plus as a plug in to Desktop Central, then you will have to open the ports 8020/8383 for the communication.

    3. If the users are outside LAN, they should be able to reach the Mobile Device Manager Plus Server via public IP. Check whether the NAT Settings is configured in Mobile Device Manager Plus (MDM --> NAT Settings)

    2. Users have installed the profile, but their devices are not listed in the Mobile Device Manager Plus

    1. The device is not able to reach APNs. Check whether your Wi-Fi allows communication at port 5223

    2. If WiFi is disabled on the device, it should have access to Cellular Data network

    3. A "not verified" message is shown when the profile is to be installed in the device.

    This message is displayed if a SSL certificate is not uploaded on the server. This will not have any effect on the enrollment or the device security, you can ignore the message and continue with the enrollment process.

    4. A "This connection is not private" warning is displayed when the enrollment URL is accessed using Safari .

    This message is displayed if a SSL certificate is not uploaded on the server. This will not have any effect on the enrollment or the device security. You must click on Show details and select visit this website to access the enrollment request.

     

    See Also: Device Authentication,Enroll iOS Devices, Enroll devices using Apple Configurator, Enroll Android Devices, Enroll KNOX Devices, Enroll Windows Devices, Self Enrollment,Customize ME MDM App
    Copyright © 2019, ZOHO Corp. All Rights Reserved.
    ManageEngine