What is MDM for IOS devices?
MDM for IOS refers to Mobile Device management specific for Apple devices running the iOS operating system, in other words, MDM for iPhone, running is supervised mode to have complete control over the device. This document focuses on enrolling an iPhone device in supervised mode in NinjaOne.
What Are The Pre-requisites to Enroll an iPhone in Supervised Mode in NinjaOne?
The enroll an iPhone in supervised mode in NinjaOne there are several pre-requisites, which are listed next:
- MDM for Apple devices should be enabled in NinjaOne. See this document for explanation on this enablement. (Put a link here to the iOS supervised mode document)
- A verified Apple Business Manager or Apple School Manager account. Here is a link to the Apple Business Manager User Guide. If you are obtaining such an account for the first time, consider that obtaining this account may take several days or even weeks.
- A Mac computer, iPad, or an iPhone different than the one being enrolled with the Apple Configuration app installed.
- A USB cable to connect the iPhone being enrolled to the Mac computer or iPad.
- A Wi-Fi network with Internet access.
How to Enroll a Brand-new iPhone in NinjaOne?
An Apple reseller can enroll a new iPhone device in NinjaOne; They have the means to register the device in Apple Business Manager (ABM) or Apple School Manager (ASM). You must provide the reseller with your organization information to enter device information. When the device is turned on for the first time and connected to the Internet, it will automatically enroll in your organization in ABM or ASM. You only need to synchronize ABM (or ASM) with NinjaOne, which will be explained later in this document.
How to Enroll an Existing (not brand-new) iPhone in NinjaOne?
For an existing device, you must enroll it using a Mac computer, iPad, or iPhone, different than the one you are enrolling, using the Apple Configurator app.
There are three steps to accomplish this enrollment. Follow the instructions below to enroll an existing iPhone device to NinjaOne using a Mac computer (if instead of a Mac computer you are using an iPad or an iPhone, the only difference is the way the two devices connect. A Mac computer uses a USB cable, while the mobile devices use NFC or the barcode reader).
Step 1: import the iPhone device into Apple Business Manager.
1. On the Mac computer, open the Apple Configurator app.
2. If this is the first time you are enrolling an iPhone device, you must create a new Wi-Fi profile. This profile is used by the iPhone to connect to the Internet and communicate with ABM (or ASM). If the Wi-Fi profile is already created, you can skip this step.
a. On Apple Configurator, select File and then New Profile.
b. Under General, give the profile a name.
c. Under Wi-Fi, configure Wi-Fi settings for the Wi-Fi used in the location you are working in.
(See below screenshot for reference)
d. Select File and then Save. Give a name for the profile file, choose a location, and click Save.
For this example, we named it ABM Wi-Fi initial config.
3. Connect the iPhone to the Mac computer using a USB cable. After Apple Configurator connects to the iPhone, the iPhone device appears on the screen. (See below screen for reference).
4. Click the iPhone device image to ensure it´s highlighted.
5. Click Prepare on the top menu. (See below image for reference).
6. The Prepare Devices dialog box appears. Under Prepare with, choose Manual configuration, and select Add to Apple School Manager or Apple Business manager, and
Allow devices to pair with other computers, as indicated in the screenshot below, then click Next.
7. Select New Server on the next screen as indicated in the screenshot below:
8. In the next screen, in the name, type NinjaOne. We are not directly enrolling to NinjaOne, but something needs to be entered, otherwise Apple Configurator will not allow us to continue.
Don’t change anything in the host name or URL and click Next.
9. An expected error will show in the screen, ignore it, and click Next.
10. You will be asked to add a trust anchor certificate for the MDM server, click Next. Even if some options are shown, just click Next.
11. Provide your administrator credentials for ABM or ASM and click next.
12. Upon a successful sign in, you will be asked if a new supervision identity will be generated or choose an existing one. Select Generate a new supervision identity.
13. You now will be asked to select the steps that will be presented to the user in Setup Assistant, here you can just click Next.
14. Choose the network Profile. In the step, choose the profile you created on step 2.
15. Click Prepare.
16. Now, Apple Configurator will prepare the iPhone device and import it into ABM (or ASM). This process may take some minutes.
Step 2: Move the iPhone device from Apple Configurator to your MDM server. In ABM (or ASM).
1. Sign in to your ABM account using your administrator credentials.
2. Click your organization name on the bottom left of the screen and select Preferences.
3. Under apple Configurator you can see that there is one device.
4. Click Apple Configurator and then Show Devices.
5. The iPhone device we added in the previous step appears under Your Devices. Click on it.
6. The device properties appear. Click the three dots on the right of the screen.
7. Select Edit MDM Server.
8. Choose Assign to the following MDM and make sure your MDM server is selected. Your MDM server name is the one you selected when you enabled Automated Device Enrollment (ADE). For this example, the MDM server name is NinjaOne MDM, then click continue.
9. A warning message appears, click confirm.
10. After some seconds, a confirmation message appears.
11. Click your organization name on the bottom left of the screen and select Preferences.
12. You can see that the device that was showing under Apple Configurator, has now moved under your MDM server.
Step 3: Synchronize NinjaOne with ABM (or ASM).
1. Sign in to your NinjaOne account and go to Administration, then Apps, then Installed.
2. Click NinjaOne MDM.
3. Click Actions in front of Automatic Device Enrollment (ADE).
4. Select Edit profile & devices. The Automatic Device Enrollment dialog box appears.
5. Click Devices on the left.
6. Click Sync with ABM (See below screenshot for reference)
7. The iPhone device now appears.
8. Click Close.
Now it’s time to go to the iPhone device and complete the initial setup. The initial setup steps will be those for the enrollment profile you edited earlier. Once the initial setup is complete and the device is connected to the Internet, it will appear on the device dashboard.