Creating a macOS Device Policy

Before you begin

Important: To enroll a macOS device using a third-party certificate, you must first do the following:
  1. Bind a trusted third-party certificate to the Deployment Server Extensions and Web Console and macOS Profile Signing certificate sections in the SOTI MobiControl Administration Utility.
  2. In the SOTI MobiControl Administration Utility, disable Require Trust Profile During Enrollment.

About this task

To create a macOS Enrollment Policy:

Procedure

  1. From the main menu, select Policies > Enrollment. The Enrollment Policies displays.
  2. Select New Enrollment Policy. The Enrollment Policy wizard launches.
  3. Below the Apple icon, select the macOS platform. The General view displays.
  4. On the General view, enter a name and description for the policy. Make the name brief but descriptive, especially if you plan to create more than one enrollment policies. Select Next.
  5. On the Groups view, choose if you require authentication for enrollment. No authentication means that SOTI MobiControl enrolls devices without user verification. If you require authentication, select one of the following options:
    Password Type a single password for use across all devices that enroll with this policy. Once you set the password, select a device group destination.
    Directory Select Add button to add directory groups. Choose a directory service from the dropdown and use the Search Groups field to find a group. You can add a new directory service connection by selecting Manage Services. From the dropdown menu, choose Directory, Identity Provider, or SOTI Identity. See Identity Management for more information. Once you add the directory group, select a device group destination and applicable terms and conditions.

    Important: You can add more than one directory groups to the enrollment policy. However, SOTI MobiControl assigns the authenticated device to the first listed directory group of which the user is a member. Use the up/down arrow buttons to arrange the list in an appropriate order.
  6. Select Next. The Auto Enroll view displays.
  7. Optional: Select Enable Automated Device Enrollment to configure device settings for future device enrollments. Set the following:
    1. Under Select an Automated Device Enrollment account, select the account to perform Automated Device Enrollment.
      Note: To add a new Automated Device Enrollment account, select Manage Accounts and follow the steps in Creating ADE Accounts.
      Selecting Manage Accounts for Auto Device Enrollment
    2. Scroll down to select from the Auto Enroll Settings.
      Option list of available enrollment settings
  8. Select Next. The Settings view displays.
  9. Select from the available set of Settings and then select Finish.
  10. SOTI MobiControl creates the new enrollment policy, and the Enrollment Policy Info page displays. This page lists policy details and device enrollment options:
    Attention: Starting SOTI MobiControl 2025.1.0, SOTI has removed the macOS Agent Enrollment ID enrollment option.
    • Select Email button. Select Manage Emails to email the enrollment URL to a recipient.
    • Select Enrollment URL to view or copy the enrollment URL directly.
  11. Select OK to complete the process.