Creating a tvOS Device Policy

Before you begin

Important: If enrolling a tvOS device using a third-party certificate, bind a trusted third-party certificate to the Deployment Server Extensions and Web Console and tvOS Profile Signing in the SOTI MobiControl Administration Utility. Turn off the Require Trust Profile During Enrollment setting.

About this task

Use this procedure to create a tvOS Enrollment Policy.

Procedure

  1. From the main menu, select Policies > Enrollment—the Enrollment Policies view opens.
  2. Select New Enrollment Policy—the Enrollment Policy wizard launches.
  3. From the Apple device family, select the tvOS platform. The General view opens.
  4. From the General view, enter a brief Name and a MDM Profile Description of the policy.
  5. Select Next.
  6. From the Groups view, choose whether you need authentication for enrollment. No authentication means that devices enroll without user verification. If you need authentication:
    1. From User Authentication for Enrollment, select Yes.
      Note: Authentication Type defaults to Directory, and password authentication is not supported.
    2. To add a user group, select —the Add Groups popup opens.
    3. From the list, select a directory service.
    4. Optional: Add a new directory service connection by selecting Manage Services. From the list, select Directory. For more information, see Adding an On-Premises LDAP Connection.
      Restriction: Although you can use the Directory window to configure both LDAP and Azure directories, only LDAP directories apply to tvOS devices.
    5. Use the Search Groups field to find a group.
  7. Select a Device Group Destination.
    Important: You can add many directory groups to the enrollment policy, and the authenticated device is assigned to the first listed directory group of which the user is a member. Use the up/down arrow buttons to arrange the list in the desired order.
  8. Select Next. The Auto Enroll view opens.
    Remember: tvOS only supports automated enrollment. You cannot disable the Enable Automated Device Enrollment toggle.
    Enrollment policy Auto Enroll view
  9. From Select an Automated Device Enrollment account, select the account to perform Automated Device Enrollment.
    Tip: To add a new Automated Device Enrollment account, select Manage Accounts and follow the steps in Creating ADE Accounts.
  10. Scroll to select from the available settings for Auto Enroll.
    Enrollment policy Auto Enroll settings
  11. Select Next. The Settings view opens.
    Enrollment policy Settings view
    Attention: Apple tvOS devices may become unresponsive at a specific screen during the Automatic Device Enrollment (ADE) process. This issue can occur in certain situations, such as when enrollment attempts surpass the policy’s maximum enrollment capacity. If this happens, review the documentation for Resetting your Apple TV.
  12. Select from the available settings for this view.
  13. Select Finish.
  14. The Enrollment Policy Info page shows the device type and the account used for automated device enrollment.
    Note: Because tvOS policies use automated device enrollment, tvOS does not provide an agent enrollment ID or URL.
    Enrollment Policy Info details
  15. Select OK to save the policy.

Results

You have created a tvOS enrollment policy.

What to do next

If you do not have a default policy for auto-enrolled devices, review the documentation on Setting a Default Policy in Automated Device Enrollment.