iOS, iPadOS and tvOS device setup

Supervision let you to completely manage iOS device with high level permissions.
Enrollment is the procedure that connects your device to the MDM and allows the remote management (Over
The Air).
Supervision and enrollment follows Apple standards.

[edu]

Supervision and enrollment are necessary if students have to use Chimpa Learn.

[/edu]

Any in-depth information on the tools indicated can be found on Apple materials, available at these links:
• https://www.apple.com/en/support/business-education/apple-configurator/
• https://help.apple.com/configurator/mac/2.2/

iOS (9.3 or newer)

To supervise and enroll iOS devices you can:

• Use an Apple Deployment Program (Apple Business Manager / Apple School Manager). In Apple School
  Manager you can also configure Shared iPads.
• Use Apple Configurator 2.

[noWhitelabel]

• Use Chimpa Apple Configurator Helper for the first configuration of iOS devices.

[/noWhitelabel]

To enroll a device in use (not supervised) follow:

1. Enroll iOS device with an enrollment profile
2. Enroll iOS device with iOS 13.1 User enrollment (ABM and Managed Apple ID needed).

[edu]

NOTE: Teacher’s iPad cannot be supervised. Enrollment is recommended to get better experience with Apple
Classroom or Apple Volume Purchase Program integration in Chimpa Bazaar.

[/edu]

Supervision and Enrollment over-the-air with an Apple Deployment Program

To supervise and enroll iOS devices you can:

1. This procedure is reserved only for orders done through Apple resellers or devices added on DEP manually with Apple Configurator 2.
2. Apple Push Certificate services and ABM or ASM must be configured.
3. Check if license slots are available under Ermetix Admin > License.
4. On Apple Deployment Program site (business.apple.com o school.apple.com), click on Device Assignments and specify serial numbers / order numbers to “Assign to server” Ermetix UEM.
5. In Ermetix Admin in Global Settings > Apple > Deployment Program select options “Supervise” (needed only for iOS versions older than 13), “Do not allow user to skip enrollment step”, “Prevent unenrollment”. If you want to set and iPad as a “Shared iPad” you can select them from the list of compatible devices.
6. Follow the Setup Assistant on the device and i twill be supervised and enrolled automatically. Ermetix UEM server will start to set policies and deploy apps. If device is already set you have to wipe and restart the Startup Assistant passing through Remote Management screen. App auto installation could need an Apple ID.

[noWhitelabel]

Supervision/Enrollment with Chimpa Apple Configurator Helper

1. This operation need a MAC (Macbook, iMac, Mac Mini, Mac pro…) with OS X 10.11.5 or newer and configuration applies only on iPad devices.
   Alternatively you can use a Virtual Machine, in respect of Apple license agreeement: some virtualization software can have problems simulating USB interfaces.
2. Apple Push Certificate services must be configured.
3. Check if license slots are available under Chimpa Admin > License.
4. Disable “Find my” on your iOS devices.
5. Download and install Apple Configurator 2 from the Mac App Store: https://apps.apple.com/us/app/apple-configurator-2/id1037126344?mt=12
6. Devices will be wiped (all data will be removed).
7. Login into Chimpa Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “Chimpa Apple Configurator Helper” to start the download.
8. [ADVANCED] You can import Organization in Apple Configurator 2 if you have set up previously iOS devices from an other Mac. (http://help.apple.com/configurator/mac/2.0/#/cadE65ABDCD).
9. Connect devices via USB to the Mac (you can use USB hubs to make multiple configurations at the same time)
10. Unzip file “ChimpaAppleConfiguratorHelper.zip”.
11. Move “ChimpaAppleConfiguratorHelper.app” in Applications folder.
12. Secondary click (or ctrl + click) on “ChimpaAppleConfiguratorHelper.app”, select “Open” and click on “Open” from the dialog. This operation is needed only the first time you run this app.
13. Follow wizard steps, this utility will supervise and configure enrollment for iOS devices. If you get some error try with manual configuration via Apple Configurator 2.

[/noWhitelabel]

Supervision/Enrollment with Apple Configurator 2

1. This operation need a MAC (Macbook, iMac, Mac Mini, Mac pro…) with OS X 10.11.5 or newer. Alternatively you can use a Virtual Machine, in respect of Apple license agreement: some virtualization software can have problems simulating USB interfaces.
2. Apple Push Certificate services must be configured.
3. Check if license slots are available under Ermetix Admin > License.
4. Disable “Find my” on your iOS devices.
5. Download and install Apple Configurator 2 from the Mac App Store: https://apps.apple.com/us/app/apple-configurator-2/id1037126344?mt=12
6. Devices will be wiped (all data will be removed). You cannot restore from a backup so is recommended to sync iCloud data. If you have additional data save on cloud services like Google Drive or Dropbox.
7. Connect devices via USB to the Mac (you can use USB hubs to make multiple configurations at the same time)
8. Select devices you want to configure, right click > Advanced > “Erase all content and settings” to speed up the preparation, if you need to update iOS you can use right click > Restore (more time needed to download latest version of iOS).
9. Now you can click “Prepare”
10. On “Configuration” select “Manual”
11. On “Enroll in MDM server” select “New server...”
12. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “Enrollment URL” to copy the URL in the clipboard.
13. Insert the Name “Ermetix UEM %SCHOOL_ID%”, and paste the clipboard into the “Hostname or URL” field.
14. Select checkbox “Supervise” and, if needed, “Allow pairing with any Mac”
15. If you haven’t one create a new “Organization” specifying organization information.
16. In “Configure iOS Setup Assistant” customize settings or leave default option “Show all steps”.
17. [ADVANCED] If you also have an Apple Deployment Program, you can export supervision identities from “Apple Configurator 2” > Preferences > Organizations, select the and click on “Export Supervision Identity” from the gear action menu. Save file to P12 format leaving empty password. Upload this file to the Ermetix Admin, in the section “Supervision Identities” of Global Settings > Apple > Deployment Program.

Enroll iOS device with an Enrollment profile

1. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “Enrollment profile management” to create a profile to send to the device manually or via email (with QR Code)
2. Apple Push Certificate services must be configured.
3. Check if license slots are available under Ermetix Admin > License.
4. Enrollment profile can be deployed:
   a. using Apple Configurator 2, when you Prepare devices;
   b. using Apple Configurator 2, selecting devices > secondary click > Advanced > Add > Profiles;
   c. sending an email attachment, using Airdrop or generating a link on a cloud provider;
5. Open the enrollment profile onto the device. If you have any problem opening, copy it to Apple Files and open it directly from there. Now tap on the profile into Settings > Downloaded profiles.
6. Procede with the requested steps: agree, authenticate, confirm.
7. On iOS and iPadOS 15+, Chimpa Agent will be installed automatically; when done open it and allow requested pemissions.

Enroll iOS user with User enrollment profile (iOS 13.1 and newer)

1. Apple Push Certificate services and ABM or ASM must be configured.
2. Check if license slots are available under Ermetix Admin > License.
3. Login into Ermetix Admin as an Admin, go in Management > Users and authorize the account related to the Managed Apple ID. Managed Apple ID can be created on ABM or ASM. If you don’t find the account on Ermetix Admin you can add them specifying the same username used for the Managed Apple ID.
4. At this point, verify if user is already authorized from user info view or click “Enable Apple User Enrollment” from the action menu of the user.
5. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “User Enrollment profile” > select the user to start the download.
6. Enrollment profile can be deployed sending an email attachment, using Airdrop or generating a link on a cloud provider.
7. Open the enrollment profile onto the device. If you have any problem opening, copy it to Apple Files and open it directly from there. Now tap on the profile into Settings > Downloaded profiles.
8. Procede with the requested steps: agree, authenticate, confirm.
9. On iOS and iPadOS 15+, Chimpa Agent will be installed automatically; when done open it and allow requested pemissions.

User-driven iOS enrollment via Settings (iOS 15 and newer)

1. Apple Push Certificate services and ABM or ASM must be configured.
2. Apple Autodiscovery must be configured on Managed Apple ID's domains. Apple Autodiscovery setup for user-driven enrollment
3. Check if license slots are available under Ermetix Admin > License.
4. Login into Ermetix Admin as an Admin, go in Management > Users and authorize the account related to the Managed Apple ID. Managed Apple ID can be created on ABM or ASM. If you don’t find the account on Ermetix Admin you can add them specifying the same username used for the Managed Apple ID.
5. Login into Ermetix Admin as an Admin, go in “Devices Enrollment”, under “Apple” click on “User Enrollment profile” > select the user to start the download.
6. On device, go to Settings > General > VPN & Device Management and tap on Sign in to Work or School Account
7. Procede with the requested steps: agree, authenticate, confirm.
8. Chimpa Agent will be installed automatically, when done open it and allow requested pemissions.

NOTE: On Devices Enrollment in Ermetix UEM you can have access to all links an tools needed for device enrollment and configuration. If you want to block and increase the security of enrollment you can enable Global Settings > “Enable Guest Device Enroll” to restrict only placeholders or DEP authenticated devices.