Adding Apple Devices

Introduction to Apple Device Enrollment and Configuration using SOTI MobiControl [VIDEO]
How-to: Gain Centralized Access of Your Apps with SOTI MobiControl.

Overview

Use the Apple platform to enroll and manage Apple devices running iOS (8.0 or later), macOS (10.12 or later), or tvOS (10.2 or later).

This section has the following topics:

Important: When managing Apple devices, you must install the Apple Push Notification Service (APNS) certificate on SOTI MobiControl before creating an Enrollment Policy (see Using the Apple Push Notification Service). The APNS certificate facilitates communication between SOTI MobiControl and Apple servers.
Important: After installing the SOTI MobiControl Agent, open the agent once within one hour of installation to establish a secure connection between the agent and server. Failure to do so may result in a prompt for device re-enrollment.
If device re-enrollment is not an option:
  1. Uninstall the agent.
  2. Install the agent again.
  3. Open the agent within one hour of installing.

Apple devices do not require a SOTI MobiControl device agent for enrollment. However, you can install a SOTI MobiControl device agent on iOS devices after enrollment. To do so, create an app policy (see Using App Policies) that has the SOTI MobiControl device agent and target the enrolled device.

Use Lightweight Directory Access Protocol (LDAP) or IdP (backed by LDAP) to enroll your devices. After configuring the LDAP (see Managing Directory Service Connections) or IdP connection (see Managing Identity Provider Connections), enroll devices in specific device groups based on their LDAP or IdP groups. You can also use the LDAP or IdP groups for device authentication.

Automated Device Enrollment

Automated Device Enrollment (ADE) enables zero-touch, large-scale deployment of Apple devices. Use it for devices purchased directly from Apple, an Apple Authorized Reseller, or a carrier. After ordering the devices from a preferred channel, configure all the management settings in SOTI MobiControl. Settings should include preventing users from unenrolling their devices. Ship the devices directly to the user’s home. After unboxing and activating the device, it automatically enrolls in SOTI MobiControl. All the management settings and apps are ready for the user. You can further simplify the setup process for users by removing specific steps in Setup Assistant to get users up and running.

See the Apple Business Manager User Guide for more information on ADE.

For more information on using ADE with SOTI MobiControl, see Using Apple Automated Device Enrollment.

Declarative Devices

Normally SOTI MobiControl manages all Apple devices using a Reactive profile. However, compatible Apple devices have access to Declarative Device Management (see Declarative versus Reactive Profiles).

Apple devices can use either Declarative or Reactive profiles. Declarative profiles enable Apple devices to automatically apply and revoke profile configurations independently. Reactive profiles do not support applying and revoking profile configurations independently.