Enrollment iOS

• iPhone / iPad (min. iOS 11)
• Access to the Securepoint Mobile Security Portal
• For security reasons, Apple provides the full functionality for iOS devices only in supported mode.
  Requirements for this:
  • Apple Mac (min. macOS 10.14 or later)
  • Apple Configurator 2 (at no charge in the App Store)
    
    
  • It is possible to have notifications sent automatically as soon as a device is enrolled or unenrolled.
    Further information in our Wiki article.

The onboarding of iOS can be performed in supervised or unsupervised mode. The differences are listed in a Functional Comparison Overview.

Unsupervised device

User without access to Securepoint Mobile Security Portal

Invitation mail

Preliminary work of the administrator in the Securepoint Mobile Security Portal:
Devices /   Send invite
Selection of a user or Select an e-mail address   Send invite	Send invitation
The E-mail to the user includes: a link to the 'Securepoint Mobile Security App in the Play-Store: the enrollment code alternatively a QR code instructions on how to proceed.

Administrator with access to the Securepoint Mobile Security Portal

Preliminary work of the administrator in the Securepoint Mobile Security Portal:	Register iOS device
Mobile Security iOS/iPadOS Devices /   Register new device
The QR code can be scanned with the camera app.
The following steps must be executed:
Website QR Code. open securepopint.cloud in Safari This website is trying t odownload a configuration profile. Do you want to allow this? Install configuration profile Securepoint MDM via menu Settings → Profile loaded Install Securepoint Mobile Security certificate and add it to the list of trusted certificates. Trust Remote management

Fig.1

Open link in Safari

Datei:MSI Konfigurationsprofil-zulassen-iOS-en.png

Fig.2

This website is trying t odownload a configuration profile. Do you want to allow this?

Allow

Fig.3

Profile is downloaded

Close

Continue in the "Settings" menu

Fig.4

The loaded profile is selected (highlighted here) and installed.

Datei:MSI Profil SP-MDM-en.png

Fig.5

Profile Securepoint MDM

Install

Fig.6

Root-Certificate

Install

Fig.7

Remote Management

Trust

Fig.8

iOS profile is installed. Finish this step with

Done

Continue in the portal with the section Login to the portal

Supervised device

notempty

All data, configurations and individually installed apps are deleted during this process!

The device is reset to the factory settings. Operating system updates are kept. This process is required in iOS to ensure complete control over the device and to prevent unwanted apps from being allowed or uninstalled.

Preparation

notempty

If the device has already been connected to an Apple user account, this connection must be disconnected:

• Log on to https://appleid.apple.com with the login data, used on the device.
• In the Devices section, remove the device in question.

Configuring the device

Preparation in Apple Configurator2:

• Connect your iPhone / iPad to your Mac
• Ignore the message "A new network connection was found" with Cancel .

Fig.1

Apple Configurator 2 open and select the device
button Prepare

Fig.2

Manual configuration
activation of:

Supervise devices
Allow devices to pair with other computers

Next

Fig.3

Register at MDM server:
Server: New Server…
If another device has already been enrolled, the server can be selected here. Otherwise the configuration is done in the next step.

Next

Fig.4

If no MDM server has been specified yet:
 Mobile Security iOS/iPadOS Devices /   Enroll new device
copy URL

Fig.5

If no MDM server has been specified yet:
A meaningful name can be assigned here.
This configuration can be selected directly for other devices that are to be registered for the same customer (or tenant).
Name: Unique name (customizable)
Hostname or URL: Insert the URL from the dialog Enroll new device in the Securepoint Mobile Security Portal (see previous step)

Next

Fig.6

If no MDM server has been specified yet:
Unable to verify the server's enrollment URL
Since macOS does not know the certificate of the individual customer access to the Securepoint Mobile Security Portal, the certificate cannot be checked, but is still correct!

Next

Fig.7

If no MDM server has been specified yet:
Add trust anchor for the MDM server:
The certificate *.securepoint.cloud is already installed.

Next

Fig.8

Sign in to the device enrollment program.
Has to be skipped.

Skip

Fig.9

If no MDM server has been specified yet:
Create an organization, if necessary:
If this is the first device for this organization to be registered in the portal, information about the organization should be entered.

Next

Fig.10

Details of the organization

Next

Fig.11

Generate a new supervision identity

Next

Fig.12

Configure iOS Setup Assistant: Select the steps that the user must perform in the System Wizard.

Prepare

Fig.13

This step must be confirmed by entering the username and password of the MacOS user account.

Update Settings

Fig.14

notempty

Configurator could not perform the requested action because "iPhone" was already prepared.

If this message appears, this device has already been configured once and the System Assistant settings cannot be transferred directly.
With erase all contents and settings are deleted and the device is prepared for an (initial) configuration with connection to the Securepoint Mobile Security Portal.

• Configuration of the smartphone with the steps previously configured for the iOS installation wizard.
• Allow remote management

The device is now displayed in the portal and the enrollment must be completed by clicking on the device tile.

Device Alias

Ownership Selection

Login

Ownership	Selection between COPE (Corperate owned, Personal enabled) BYOD (Bring‑Your‑Own‑Device)	Terms of License and Ownership
With BYOD additionally:
User	Device user from the user administration notempty The user cannot be changed afterwards for BYOD devices.
	Accept the terms of the license and privacy policy
agree	Accepting and saving the settings
	Displays the updated properties