Adding Apple Devices

Overview

Use the Apple platform to enroll and manage your Apple devices running iOS (8.0 or later), macOS (10.12 or later), or tvOS (10.2 or later).

This section has the following topics and folders:

Important: When managing Apple devices, you must install the Apple Push Notification Service (APNS) certificate on SOTI MobiControl before creating an enrollment policy. The APNS certificate facilitates communication between SOTI MobiControl and Apple servers.

Apple devices do not require a SOTI MobiControl Device Agent for enrollment; however, you can install a SOTI MobiControl Device Agent on iOS devices after enrollment. To do so, create an app policy that has the SOTI MobiControl Device Agent and target the enrolled device.

You can use LDAP or IdP (backed by LDAP) to enroll your devices. After configuring your LDAP or IdP connection, enroll devices in specific device groups based on their LDAP or IdP groups. You can also use the LDAP or IdP groups for device authentication.

Automated Device Enrollment

Automated Device Enrollment (ADE) enables zero-touch, large-scale deployment of Apple devices. Use it for devices purchased directly from Apple, an Apple Authorized Reseller, or a carrier. After ordering the devices from a preferred channel, configure all the management settings in SOTI MobiControl. Settings should include preventing users from unenrolling their devices. Ship the devices directly to the user’s home. After unboxing and activating the device, it automatically enrolls in SOTI MobiControl. All the management settings and apps are ready for the user. You can further simplify the setup process for users by removing specific steps in Setup Assistant to get users up and running.

For more information about ADE, see Apple documentation on Automated Device Enrollment.

For more information on using ADE with SOTI MobiControl, refer to Using Apple Automated Device Enrollment.

Declarative Devices

Normally SOTI MobiControl manages all Apple devices using a reactive profile. However, compatible Apple devices have access to Declarative Device Management. See Declarative Profiles for details.

A Declarative profile enables your Apple Device to automatically apply and revoke profile configurations independently. (This feature is not available for Reactive profiles).