MDM Cloud Wiki

Ermetix UEM Wiki

  • Docs
  • Languages iconEnglish
    • Italiano

›Apple

Introduzione

  • Overview
  • Definitions and Terms
  • Requirements
  • Management scenarios
  • Languages

Configurazione

  • Overview
  • Passport generation
  • ["mobile"]~Apple

    • Overview
    • ["mobile"]~Apple Push Notification Service configuration
    • ["mobile"]~Apple Deployment Program configuration
    • ["mobile"]~Apple Volume Purchase Program configuration
    • ["mobile"]~iOS, iPadOS and tvOS device setup
    • ["edu","mobile"]~Apple Classroom integration
    • ["mobile"]~Apple Autodiscovery setup for user-driven enrollment

    Google

    • Overview
    • Android Enterprise setup
    • ["mobile"]~Android mobile device setup
    • ["mobile"]~Configuration via Android Configurator
    • ["mobile"]~Samsung Knox Mobile Enrollment
    • Pre-installed Agent configuration
    • ["mobile"]~Android Zero-touch sync
    • ["noWhitelabel","mobile"]~Android Enterprise provisioning customizations

    Microsoft

    • Overview
    • Configure MDM in Azure Entra ID tenant
    • Configure Microsoft Autodiscovery
    • Windows Autopilot enrollment
    • Azure Entra ID login enrollment
    • Office enrollment
    • Windows Settings > Enroll only in device management
    • Windows Configuration Designer for imaging
    • Shortcut commands for Standard provisioning
    • Enrollment script for already-logged Azure Entra ID devices
  • General settings
  • ["edu"]~Classes

Utenti

  • Overview
  • Single User detail
  • Azioni degli utenti

    • Overview
    • Change Name
    • Change role
    • Change Email
    • ["edu"]~Manage classes
    • Change password
    • Enable user account
    • Disable user account
    • Change avatar
    • Reset Avatar
    • Bind Devices
    • Unbind devices
    • Tag
    • Remove tags
    • ["mobile"]~Enable Apple User Enrollment
    • Delete user
    • Verify account
  • CSV Users' import
  • Operator's role overview

Dispositivi

  • Overview
  • Device detail
  • Azioni dei dispositivi

    • Overview
    • Device Info
    • Refresh Info
    • Bind User
    • View Screen
    • Change Device Name
    • ["mobile"]~Install/Update App (Apple)
    • ["mobile"]~Remove App (Apple)
    • ["mobile"]~Install/Update App (Google Play)
    • ["mobile"]~Remove App (Google Play)
    • Install Apk
    • Remove Apk
    • ["mobile"]~Install eBook, PDF
    • ["mobile"]~Remove eBook, PDF
    • ["mobile"]~Assign DEP Profile
    • ["mobile"]~Enable Activation Lock
    • ["mobile"]~Disable Activation Lock
    • Shutdown
    • Upload File
    • Remove File
    • Install Certificate
    • Remove Certificate
    • Schedule Os Updates
    • ["mobile"]~Reconnect Google Play Managed Account
    • Keypress
    • Notification
    • Input Video Source
    • Audio Settings
    • Output Video
    • PC Module Power
    • Wake other devices over LAN
    • Standby LCD
    • Volume
    • ["mobile"]~Factory Reset Protection
    • Clean Usage Data
    • Play a Sound
    • Fetch location
    • Set passcode
    • Lock Screen
    • Clear passcode
    • ["mobile"]~Clear Local Restrictions
    • Enable Lost Mode
    • Disable Lost Mode
    • Wipe
    • Restart
    • Unenroll
    • Unenroll and Delete
    • Tag
    • Remove Tag
    • ["mobile"]~Check support coverage
    • ["mobile"]~Set time zone
    • ["mobile"]~Install VPP App
    • ["mobile"]~Unassign VPP License
    • ["mobile"]~Enable Bluetooth
    • ["mobile"]~Disable Bluetooth
    • ["mobile"]~Refresh eSIM Cellular Plans
    • ["mobile"]~Enable Hotspot
    • ["mobile"]~Disable Hotspot
    • ["mobile"]~Enable Data Roaming
    • ["mobile"]~Disable Data Roaming
    • ["mobile"]~Start OS Update
    • ["mobile"]~Add Space
    • ["mobile"]~Logout User / Space
    • ["mobile"]~Remove User / Space
    • ["edu","mobile"]~Detach Passport
    • ["mobile"]~Remove Service Accounts
    • Disable Emergency Mode
    • Install MS Store App
    • Install MSI package
    • Install .exe
    • Remove MS store apps
    • Custom Command
  • CSV Device's Placeholders import

Profili

  • Overview
  • Generale

    • Overview
    • Profile name
    • Profile description
    • Apply to all device's spaces
    • Automatically Remove Profile
    • Limit on dates
    • Limit on WiFi in range
    • Limit on Public IPs

    Codice

    • Overview
    • Minimum passcode length
    • Maximum passcode age
    • Passcode history
    • Maximum number of failed attempts
    • ["mobile"]~Allow simple value
    • ["mobile"]~Require Passcode on Device
    • ["mobile"]~Require alphanumeric value
    • ["mobile"]~Minimum number of complex characters
    • ["mobile"]~Maximum grace period for device lock
    • Device Passcode Policy
    • ["mobile"]~Profile Passcode Policy
    • ["mobile"]~Allow Unified Passcode
    • ["mobile"]~Allow Biometrics Unlock
    • ["mobile"]~Allow Google Smart Lock and other trust agents
    • Allow Notifications in Lock Screen
    • Allow Unredacted Notifications in Lock Screen
    • Allow Camera in Lock Screen
    • Lockscreen time-out
    • Strong Authentication time-out
    • Definition for "Complex" Passcode Policy

    Restrizioni

    • Overview
    • ["mobile"]~Allow device Sleep
    • Allow use of camera
    • Allow screenshots and screen recordings
    • ["mobile"]~Allow AirPlay and View Screen in Classroom
    • ["mobile","edu"]~Force Unprompted AirPlay and View Screen in Classrooms
    • ["mobile","edu"]~Automatically join Classroom classes without prompting
    • ["mobile","edu"]~Require teacher permission to leave Classroom unmanaged classes
    • ["mobile","edu"]~Allow Classroom to lock to an app and lock the device without prompting
    • Allow use of system browser
    • ["mobile"]~Accept Cookies
    • ["mobile"]~Allow Popups
    • ["mobile"]~Enable JavaScript
    • ["mobile"]~Force fraud warning
    • ["mobile"]~Enable Autofill
    • Allow messaging
    • ["mobile"]~Allow News
    • ["mobile"]~Allow use of "iTunes Music Store"
    • ["mobile"]~Allow iBooks Store
    • ["mobile"]~Allow explicit sexual content in iBooks Store
    • ["mobile"]~Allow Podcasts
    • ["mobile"]~Allow Music service
    • ["mobile"]~Allow Radio service
    • ["mobile"]~Allow modifying local restrictions
    • Allow Airplane Mode
    • Allow modifying wallpaper
    • ["mobile"]~Allow modifying device name
    • Allow adjusting Volume
    • Allow unmuting Microphone
    • App Home launcher
    • Allowed Accessibility Tools
    • Allow Erase All Content And Settings
    • Allow modifying account settings
    • Allow Google account modification
    • Allow asking Google Account screen after enroll
    • ["mobile"]~Allow Temporary Session on Shared iPad
    • ["mobile"]~Allow Auto Correction
    • ["mobile"]~Allow Auto Correction
    • ["mobile"]~Allow Spell Check
    • ["mobile"]~Allow keyboard shortcuts
    • Allow continuous path keyboard
    • Allow playback of explicit music, podcasts, and iTunes U content
    • ["mobile"]~Allow pairing with Apple TV Remote app
    • ["mobile"]~Software Updates Delay
    • Allow switch user
    • Force Temporary Session mode
    • Force Select User screen mode
    • Allow temporary login to guest
    • Allow temporary login via account or SSO
    • Allow login to existing User Spaces
    • Force adding Google Account on User Spaces
    • Force Date & Time Automatically
    • ["mobile"]~Allow installing configuration profiles
    • Location services level Precision
    • Force Location services
    • Allow Work profile provisioning
    • Allow Safe Boot
    • Allow use of Gaming platforms
    • ["mobile"]~Allow adding Game Center friends
    • ["mobile"]~Allow multiplayer gaming
    • ["mobile"]~Allow sending diagnostic and usage data to Apple
    • Allow Debug
    • Allow Status Bar
    • Pause limit on Work Profile
    • Allow Ambient Display feature
    • Allow modifying Brightness
    • Keep Screen On during charge
    • Lock the touchscreen
    • Lock the Remote
    • Lock the Key Pad
    • Lock the screen after booting up
    • Allow app installation
    • ["mobile"]~Allow app installs through App Store
    • ["mobile"]~Allow system app removal
    • ["mobile"]~Allow Samsung Galaxy Apps store
    • Allow removing apps
    • ["mobile"]~Allow automatic app downloads
    • Allow Auto Unlock
    • ["mobile"]~Allow In-App Purchase
    • Allow apps control
    • ["mobile"]~Whitelisted iOS Apps
    • ["mobile"]~Blacklisted App iOS
    • Whitelisted App Android
    • Blacklisted App Android
    • ["mobile"]~Autonomous Single App Mode
    • Rating apps
    • Allow Personal Android Apps
    • ["mobile"]~Rating movies
    • ["mobile"]~Rating tv shows
    • ["mobile"]~Allow managed apps to store data in iCloud
    • ["mobile"]~Allow backup of business books
    • ["mobile"]~Allow notes and highlights synchronization of business books
    • ["mobile"]~Allow trusting new enterprise app authors
    • ["mobile"]~Allow Enterprise App Trust Modification
    • ["mobile"]~Require iTunes password for all purchases
    • ["mobile"]~Allow pairing with non-Configurator hosts
    • ["mobile"]~Allow Siri
    • ["mobile"]~Allow Siri Server Logging
    • ["mobile"]~Show user-generated content in Siri
    • ["mobile"]~Enable Siri profanity filter
    • ["mobile"]~Allow Siri while device locked
    • ["mobile"]~Allow Dictation
    • Whitelisted Apps on Personal Google Play
    • Blacklisted Apps on Personal Google Play
    • Allow Unknown sources
    • Allow AutoFill Passwords
    • ["mobile"]~Require Face ID authentication before AutoFill
    • ["mobile"]~Allow setting up new nearby devices
    • ["mobile"]~Allow Password Proximity Requests
    • Allow Airdrop Passwords
    • ["mobile"]~Allow iCloud Keychain
    • ["mobile"]~Allow Handoff
    • ["mobile"]~Allow My Photo Stream
    • ["mobile"]~Allow iCloud Photo Sharing
    • ["mobile"]~Allow iCloud Photo Library
    • ["mobile"]~Allow iCloud documents and data
    • ["mobile"]~Allow AirPrint
    • ["mobile"]~Allow discovery of AirPrint printers using iBeacons
    • ["mobile"]~Require TLS for AirPrint printers
    • ["mobile"]~Allow storage of AirPrint credentials in Keychain
    • ["mobile"]~Force Airplay outgoing requests pairing password
    • ["mobile"]~Force Airplay incoming requests pairing password
    • ["mobile"]~Allow predictive keyboard
    • ["mobile"]~Allow voice dialing while device is locked
    • Allow printing
    • Allow VoIP Calls
    • Allow Cloud backups
    • ["mobile"]~Force encrypted backups
    • ["mobile"]~Allow users to accept untrusted TLS certificates
    • ["mobile"]~Limit AD tracking
    • ["mobile"]~Allow Touch ID / Face ID to unlock device
    • ["mobile"]~Allow modifying Touch ID fingerprints / Face ID face
    • ["mobile"]~Allow Passcode modification
    • ["mobile"]~Allow Siri Suggestions
    • ["mobile"]~Allow Wallet while locked
    • ["mobile"]~Show Control Center in Lock screen
    • ["mobile"]~Show Notification Center in Lock screen
    • ["mobile"]~Show Today view in Lock screen
    • ["mobile"]~Allow editing notification settings
    • ["mobile"]~Allow Apple personalized Advertising
    • ["mobile"]~Allow "Find My"
    • ["mobile"]~Allow "Find My Friends"
    • ["mobile"]~Allow modifying "Find My Friends" settings
    • ["mobile"]~Documents from managed sources appear in unmanaged destinations
    • ["mobile"]~Documents from unmanaged sources appear in managed destinations
    • ["mobile"]~Allow managed apps to edit unmanaged contacts
    • ["mobile"]~Allow unmanaged apps to read managed contacts
    • ["mobile"]~Allow background sync while roaming
    • ["mobile"]~Allow Personal Hotspost Modification
    • ["mobile"]~Allow modifying cellular plan settings
    • ["mobile"]~Allow modifying eSIM settings
    • ["mobile"]~Allow modifying cellular data app settings
    • ["mobile"]~Allow app clips
    • ["mobile"]~Allow OTA PKY updates
    • ["mobile"]~Allow WiFi state modification
    • Allow Passcode
    • Allow location sharing
    • Allow modifying certificates
    • Allow modifying cell broadcast settings
    • Allow data roaming
    • Allow network reset
    • Allow outgoing calls
    • Allow configuring mobile networks
    • Force WiFi power on
    • Allow Tethering
    • Allow USB Mass Storage Mode
    • Bluetooth State
    • Allow Bluetooth modification
    • WiFi Sleep Policy
    • WiFi Whitelisting
    • WiFi "RECOVERY3847"
    • Unlock WiFi Settings Password
    • Allow configure Private DNS
    • Allow VPN creation
    • ["mobile"]~Allow AirDrop
    • ["mobile"]~Treat AirDrop as unmanaged destination
    • Offline Emergency Mode
    • Allow external media
    • Allow USB drive access in "Files" app
    • ["mobile"]~Allow network drive access in "Files" app
    • ["mobile"]~Allow USB accessories while device is locked
    • ["mobile"]~Allow unpaired devices to boot in recovery
    • ["mobile"]~Allow pairing with Apple Watch
    • ["mobile"]~Allow auto unlock with Apple Watch
    • ["mobile"]~Force Apple Watch wrist detection
    • Allow NFC
    • ["kindermann"]~WOL Status
    • ["kindermann"]~Block "Network" system setting pane
    • ["kindermann"]~Block "Wifi" system setting pane
    • ["kindermann"]~Block "Ethernet" system setting pane
    • ["kindermann"]~Block "Hotspot" system setting pane
    • ["kindermann"]~Block "Language" system setting pane
    • ["kindermann"]~Block "Apps" system setting pane
    • ["kindermann"]~Block "Control" system setting pane
    • ["kindermann"]~Block "Source setting" video setting pane
    • ["kindermann"]~Block "Setting" video setting pane
    • ["kindermann"]~Block "Check update" button
    • ["kindermann"]~Block "Auto heck update" toggle
    • ["kindermann"]~Block "Change screen lock password" option
    • ["kindermann"]~Block "Boot lock screen" button
    • ["kindermann"]~Block "Restore factory settings" button
    • ["kindermann"]~Block "Power On time" button
    • ["kindermann"]~Block "Power Off time" button
    • ["kindermann"]~Block "Wake on Lan" button
    • ["kindermann"]~Block "Lock IR remote" button
    • ["kindermann"]~Block "Lock touch" button
    • ["kindermann"]~Block "Lock front panel keys" button
    • Allow offline unenroll
    • Set minimum Wifi security level
    • Cross Profile Packages
    • Set Grant Key Pair to App
    • Allow Cloud Private Relay
    • Allow end task in task manager
    • MSI Allow user control over install
    • MSI always install with elevated privileges
    • Allow modifying WiFi settings
    • Allow store purchases
    • Allow applications installation only in the system's volume

    Certificati

    • Overview
    • File
    • Password
  • ["mobile"]~CT (Certificate Transparency)
  • Network

    • Overview
    • Service Set Identifier (SSID)
    • Security Type
  • Global HTTP Proxy
  • Filtro Contenuti Web

    • Overview
    • Whitelist URL
    • Blacklisted URLs

    App Lock

    • Overview
    • App ID (Apple)
    • App IDs
    • Force opening of the first App
    • Additional Services or Apps ID to permit in background
    • Single App Unlock Password
    • Settings enforced when in App Lock
  • ["mobile"]~Conference Room View
  • Web Lock

    • Overview
    • Single App Unlock Password
    • Main Site URL (Homepage)
    • Settings enforced when in Web Lock
    • Inactivity Timeout to refresh main page
  • VPN Always-ON
  • Cellular
  • Wallpaper
  • Lock Screen Message
  • Permitted Google Accounts
  • ["mobile"]~Home Screen Layout
  • ["mobile"]~AirPlay Security
  • ["mobile"]~Airplay
  • ["mobile"]~Notifications
  • ["mobile"]~Airprint
  • ["mobile"]~Associated Domains
  • ["mobile"]~VPN
  • ["mobile"]~VPN per App
  • ["mobile"]~Calendar
  • ["mobile"]~Contacts
  • ["mobile"]~Subscribed Calendars
  • Monitoring
  • ["mobile"]~Geofence
  • Power management
  • Video sources management
  • Video Settings
  • DNS Settings
  • ["mobile"]~Mail
  • ["mobile"]~Account Google
  • ["mobile"]~Exchange ActiveSync
  • ["mobile"]~Single Sign-On
  • ["mobile"]~Extensible SSO
  • ["mobile"]~SCEP
  • ["mobile"]~Network Usage Rules
  • ["mobile"]~DNS Proxy
  • ["mobile"]~LDAP
  • ["mobile"]~TV Remote
  • ["mobile"]~Font
  • ["mobile"]~Custom profile
  • ["mobile"]~Certificate Revocation
  • ["mobile"]~Samsung Knox
  • Proxy
  • Bitlocker
  • Windows Config
  • Security
  • Custom CSP Policies
  • ADMX Policies

Gruppi

  • Overview
  • Groups
  • Profiles

Apps & Media

  • Overview
  • Regole Gestite

    • Overview
    • Assign and install apps automatically
    • Runtime permissions
    • Managed configurations
  • ["mobile"]~Apple VPP
  • ["mobile"]~Google Play

Smart Workflows

  • Overview
  • ["mobile"]~Deny use of devices with inserted SIM

Catalogo Privato

  • Overview
  • Organization's resources
  • ["edu"]~Teachers' resources
  • Categories
  • Apps lists

Directory Sync

  • Overview

SSO

  • Overview
  • ["mobile"]~SSO Microsoft 365 su iOS ed iPadOS

Altro

  • Overview
  • App search modal
  • Wildcard variables
  • Emergency mode
  • Log and monitoring compatibilities
  • Analytics
  • Security Logs
  • ["mobile"]~Geofence
  • Action Logs
  • Access logs
  • Firewall configurations
  • Platform security
  • ["mobile"]~Knox Platform for Enterprise
  • ["noWhitelabel"]~Release notes
  • ["mobile"]~Enable remote control for Zebra devices
  • ["mobile"]~Enable remote control for Motorola devices
  • ["mobile"]~Android Enterprise OEMConfig compatibility

Domande frequenti

  • Overview

Sicurezza

  • Central
  • Firewall rules
  • Hosts
  • IPs
  • Websites

iOS, iPadOS and tvOS device setup

Supervision let you to completely manage iOS device with high level permissions.
Enrollment is the procedure that connects your device to the MDM and allows the remote management (Over
The Air).
Supervision and enrollment follows Apple standards.

[edu]

Supervision and enrollment are necessary if students have to use Chimpa Learn.

[/edu]

Any in-depth information on the tools indicated can be found on Apple materials, available at these links:
• https://www.apple.com/en/support/business-education/apple-configurator/
• https://help.apple.com/configurator/mac/2.2/

iOS (9.3 or newer)

To supervise and enroll iOS devices you can:

  • Use an Apple Deployment Program (Apple Business Manager / Apple School Manager). In Apple School
    Manager you can also configure Shared iPads.
  • Use Apple Configurator 2.

[noWhitelabel]

  • Use Chimpa Apple Configurator Helper for the first configuration of iOS devices.

[/noWhitelabel]

To enroll a device in use (not supervised) follow:

  1. Enroll iOS device with an enrollment profile
  2. Enroll iOS device with iOS 13.1 User enrollment (ABM and Managed Apple ID needed).

[edu]

NOTE: Teacher’s iPad cannot be supervised. Enrollment is recommended to get better experience with Apple
Classroom or Apple Volume Purchase Program integration in Chimpa Bazaar.

[/edu]

Supervision and Enrollment over-the-air with an Apple Deployment Program

To supervise and enroll iOS devices you can:

  1. This procedure is reserved only for orders done through Apple resellers or devices added on DEP manually with Apple Configurator 2.
  2. Apple Push Certificate services and ABM or ASM must be configured.
  3. Check if license slots are available under Ermetix Admin > License.
  4. On Apple Deployment Program site (business.apple.com o school.apple.com), click on Device Assignments and specify serial numbers / order numbers to “Assign to server” Ermetix UEM.
  5. In Ermetix Admin in Global Settings > Apple > Deployment Program select options “Supervise” (needed only for iOS versions older than 13), “Do not allow user to skip enrollment step”, “Prevent unenrollment”. If you want to set and iPad as a “Shared iPad” you can select them from the list of compatible devices.
  6. Follow the Setup Assistant on the device and i twill be supervised and enrolled automatically. Ermetix UEM server will start to set policies and deploy apps. If device is already set you have to wipe and restart the Startup Assistant passing through Remote Management screen. App auto installation could need an Apple ID.

[noWhitelabel]

Supervision/Enrollment with Chimpa Apple Configurator Helper

  1. This operation need a MAC (Macbook, iMac, Mac Mini, Mac pro…) with OS X 10.11.5 or newer and configuration applies only on iPad devices.
    Alternatively you can use a Virtual Machine, in respect of Apple license agreeement: some virtualization software can have problems simulating USB interfaces.
  2. Apple Push Certificate services must be configured.
  3. Check if license slots are available under Chimpa Admin > License.
  4. Disable “Find my” on your iOS devices.
  5. Download and install Apple Configurator 2 from the Mac App Store: https://apps.apple.com/us/app/apple-configurator-2/id1037126344?mt=12
  6. Devices will be wiped (all data will be removed).
  7. Login into Chimpa Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “Chimpa Apple Configurator Helper” to start the download.
  8. [ADVANCED] You can import Organization in Apple Configurator 2 if you have set up previously iOS devices from an other Mac. (http://help.apple.com/configurator/mac/2.0/#/cadE65ABDCD).
  9. Connect devices via USB to the Mac (you can use USB hubs to make multiple configurations at the same time)
  10. Unzip file “ChimpaAppleConfiguratorHelper.zip”.
  11. Move “ChimpaAppleConfiguratorHelper.app” in Applications folder.
  12. Secondary click (or ctrl + click) on “ChimpaAppleConfiguratorHelper.app”, select “Open” and click on “Open” from the dialog. This operation is needed only the first time you run this app.
  13. Follow wizard steps, this utility will supervise and configure enrollment for iOS devices. If you get some error try with manual configuration via Apple Configurator 2.

[/noWhitelabel]

Supervision/Enrollment with Apple Configurator 2

  1. This operation need a MAC (Macbook, iMac, Mac Mini, Mac pro…) with OS X 10.11.5 or newer. Alternatively you can use a Virtual Machine, in respect of Apple license agreement: some virtualization software can have problems simulating USB interfaces.
  2. Apple Push Certificate services must be configured.
  3. Check if license slots are available under Ermetix Admin > License.
  4. Disable “Find my” on your iOS devices.
  5. Download and install Apple Configurator 2 from the Mac App Store: https://apps.apple.com/us/app/apple-configurator-2/id1037126344?mt=12
  6. Devices will be wiped (all data will be removed). You cannot restore from a backup so is recommended to sync iCloud data. If you have additional data save on cloud services like Google Drive or Dropbox.
  7. Connect devices via USB to the Mac (you can use USB hubs to make multiple configurations at the same time)
  8. Select devices you want to configure, right click > Advanced > “Erase all content and settings” to speed up the preparation, if you need to update iOS you can use right click > Restore (more time needed to download latest version of iOS).
  9. Now you can click “Prepare”
  10. On “Configuration” select “Manual”
  11. On “Enroll in MDM server” select “New server...”
  12. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “Enrollment URL” to copy the URL in the clipboard.
  13. Insert the Name “Ermetix UEM %SCHOOL_ID%”, and paste the clipboard into the “Hostname or URL” field.
  14. Select checkbox “Supervise” and, if needed, “Allow pairing with any Mac”
  15. If you haven’t one create a new “Organization” specifying organization information.
  16. In “Configure iOS Setup Assistant” customize settings or leave default option “Show all steps”.
  17. [ADVANCED] If you also have an Apple Deployment Program, you can export supervision identities from “Apple Configurator 2” > Preferences > Organizations, select the and click on “Export Supervision Identity” from the gear action menu. Save file to P12 format leaving empty password. Upload this file to the Ermetix Admin, in the section “Supervision Identities” of Global Settings > Apple > Deployment Program.

Enroll iOS device with an Enrollment profile

  1. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “Enrollment profile management” to create a profile to send to the device manually or via email (with QR Code)
  2. Apple Push Certificate services must be configured.
  3. Check if license slots are available under Ermetix Admin > License.
  4. Enrollment profile can be deployed:
    a. using Apple Configurator 2, when you Prepare devices;
    b. using Apple Configurator 2, selecting devices > secondary click > Advanced > Add > Profiles;
    c. sending an email attachment, using Airdrop or generating a link on a cloud provider;
  5. Open the enrollment profile onto the device. If you have any problem opening, copy it to Apple Files and open it directly from there. Now tap on the profile into Settings > Downloaded profiles.
  6. Procede with the requested steps: agree, authenticate, confirm.
  7. On iOS and iPadOS 15+, Chimpa Agent will be installed automatically; when done open it and allow requested pemissions.

Enroll iOS user with User enrollment profile (iOS 13.1 and newer)

  1. Apple Push Certificate services and ABM or ASM must be configured.
  2. Check if license slots are available under Ermetix Admin > License.
  3. Login into Ermetix Admin as an Admin, go in Management > Users and authorize the account related to the Managed Apple ID. Managed Apple ID can be created on ABM or ASM. If you don’t find the account on Ermetix Admin you can add them specifying the same username used for the Managed Apple ID.
  4. At this point, verify if user is already authorized from user info view or click “Enable Apple User Enrollment” from the action menu of the user.
  5. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “User Enrollment profile” > select the user to start the download.
  6. Enrollment profile can be deployed sending an email attachment, using Airdrop or generating a link on a cloud provider.
  7. Open the enrollment profile onto the device. If you have any problem opening, copy it to Apple Files and open it directly from there. Now tap on the profile into Settings > Downloaded profiles.
  8. Procede with the requested steps: agree, authenticate, confirm.
  9. On iOS and iPadOS 15+, Chimpa Agent will be installed automatically; when done open it and allow requested pemissions.

User-driven iOS enrollment via Settings (iOS 15 and newer)

  1. Apple Push Certificate services and ABM or ASM must be configured.
  2. Apple Autodiscovery must be configured on Managed Apple ID's domains. Apple Autodiscovery setup for user-driven enrollment
  3. Check if license slots are available under Ermetix Admin > License.
  4. Login into Ermetix Admin as an Admin, go in Management > Users and authorize the account related to the Managed Apple ID. Managed Apple ID can be created on ABM or ASM. If you don’t find the account on Ermetix Admin you can add them specifying the same username used for the Managed Apple ID.
  5. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “User Enrollment profile” > select the user to start the download.
  6. On device, go to Settings > General > VPN & Device Management and tap on Sign in to Work or School Account
  7. Procede with the requested steps: agree, authenticate, confirm.
  8. Chimpa Agent will be installed automatically, when done open it and allow requested pemissions.

NOTE: On Devices Enrollment in Ermetix UEM you can have access to all links an tools needed for device enrollment and configuration. If you want to block and increase the security of enrollment you can enable Global Settings > “Enable Guest Device Enroll” to restrict only placeholders or DEP authenticated devices.

← ["mobile"]~Apple Volume Purchase Program configuration["edu","mobile"]~Apple Classroom integration →
  • iOS (9.3 or newer)
    • Supervision and Enrollment over-the-air with an Apple Deployment Program
    • Supervision/Enrollment with Chimpa Apple Configurator Helper
    • Supervision/Enrollment with Apple Configurator 2
    • Enroll iOS device with an Enrollment profile
    • Enroll iOS user with User enrollment profile (iOS 13.1 and newer)
    • User-driven iOS enrollment via Settings (iOS 15 and newer)
MDM Cloud Wiki
%docs%
%getstarted%
%more%
https://www.ermetix.eu/
Copyright © 2024 XNOOVA S.r.l.