Jump to:navigation, search
Wiki

Profile Based User Enrollment

From Securepoint Wiki



















































{{var | App der AppleID zuweisen--Menu |  Mobile Security iOS/iPadOSapp App öffnen / Reiter Lizenzzuordnung | Open  Mobile Security iOS/iPadOSapp





























De.png
En.png
Fr.png









Profilbasiertes Benutzer-Enrollment von iOS- / iPad-Geräten

Last adaptation to the version: 2.2(02.2025)

New:
  • Änderung zum Profilbasiertes Benutzer-Enrollment
  • Enrollmentverfahren überarbeitet und aktualisiert
notempty
This article refers to a Resellerpreview
Access: portal.securepoint.cloud  Mobile Security iOS/iPadOS Devices

Prerequisite

User enrolment for is only available for iOS devices up to iOS version 17.x

notempty
As of iOS version 18.x, logging in with managed Apple IDs is no longer available.


Private devices within an organization's environment

To install paid apps provided by an organization on private Apple devices, Managed Apple IDs are used.

notempty
    • Managed apps can be configured on private devices via MDM
    • Via a managed Apple ID paid VPP licenses are assigned
    • Separation of data (addresses, files) from managed and private apps is possible
  • It is not possible to install an app 2 times (private and managed)
 notempty
    • These devices require a private, personal Apple ID.
      Otherwise, these devices will not receive operating system updates, for example.
    • Both the password of the personal Apple ID and the password of the managed Apple ID must be known to the user in order to use e.g. two-factor authentication
    • Resetting the device to factory settings is only possible if you know the access data of your personal Apple ID
    • The final control over the device itself is thereby the user of the device
  • The model device belongs to the company, personal use enabled (COPE) is not available for Apple.

Create user with Managed Apple ID

Create a Managed Apple ID in ABM/ASM

Open the Apple Portal at https://business.apple.com respectively https://school.apple.com
  • Log in to ABM:
    The user account for the setup must have the permission Administrator or Personmanager
  • Click on your own name at the bottom of the sidebar: Menu Settings and / Accounts
  • Select button Add and fill in all mandatory fields
    or
    Connecting Apple Portal to an Azure AD
    Users in the Apple portal automatically have a managed Apple ID
  • Select Save button
  • Further instructions in the Apple document for creating managed Apple IDs

Create local user

 General User  Add user bzw. /  Edit

Link local user to Managed Apple ID

  • Activate Link to managed Apple ID   
  • Managed Apple-ID m.mueller@anyideas.de
    Enter the Apple ID you created earlier
  •   Save

Assign objects

Assign VPP licenses to the Managed Apple ID

 Mobile Security iOS/iPadOS VPP Licenses  Assign licenses
Caption Value Description Datei:MSP v1.18 VPP Lizenze AppleID zuordnen-en.png
Dialog Assign VPP licenses
Managed Apple ID m.mueller@anyideas.de Select user with a Managed Apple ID
VPP Licenses VPP-Lizenz VPP-Lizenz2 Select VPP License(s)
 Assign licenses

Assign VPP App to the Managed Apple ID

Caption Value Description Datei:MSP v1.18 VPP App AppleID zuordnen-en.png
Assign app to Apple VPP user
Apple VPP users m.mueller@anyideas.de Choose Managed Apple ID
  Save

Assign user enrollment profile to the Managed Apple ID

 Mobile Security iOS/iPadOS  Profiles  Add profile or /  Edit
  • Add or edit a profile with type User Registration Profile
  • Tab General, option User m.mueller add user with Managed Apple ID'
  •   Save

Enrollment

Neues Gerät anmelden

Über die Schaltfläche  Neues Gerät anmelden wird ein privates iOS-/iPad-Gerät ins MDM angebunden. Im Dialogfenster werden folgende Schritte vorgenommen:
Caption Value Description MS 2.2 iOS Geräte Neues-Gerät-Anmelden PbBE-en.png
Dialogfenster bei Neues Gerät anmelden
Anmeldung eines benutzereigenen Geräts    Bei Aktivierung    wird ein benutzereigenes (privates) Gerät mit Hilfe einer verwalteten Apple-ID in das MDM eingebunden.
Enrollment-Modus Profilbasiertes Benutzer-Enrollment Auswahl des Enrollment-Modus Profilbasiertes Benutzer-Enrollment
Managed Apple ID Alice<alice@tttpoint.de> Select managed Apple ID of a user
License TTT-Point AG | Mobile Security [3/500] The license used for newly registered devices.
URL https://portal.securepoint.cloud/sms-mgt-api/api/... URL kann über die Schaltfläche In Zwischenablage kopieren in die Zwischenablage kopieren werden
Mit der Schaltfläche Profil herunterladen wird das Profil als .mobileconfig-Datei heruntergeladen
Den angezeigten QR-Code scannen oder über die Schaltfläche  QR-Code drucken den QR-Code ausdrucken und scannen
On the Apple device:
  • Settings → General → VPN and Device Maintenance → Loaded Profile: Select Securepoint MDM
  • Button Register my device
  • Enter Apple ID and the corresponding password
    Here the password from the Apple Business Manager is required
  • Perform two-factor authentication if necessary
  • The display in the settings changes to Managed account

Einladung senden

Über die Schaltfläche  Einladung senden wird eine E-Mail an den Benutzer gesendet, worüber das private iOS- / iPad-Gerät ins MDM angebunden wird. Im Dialogfenster werden folgende Schritte vorgenommen:
Caption Value Description MS 2.2 iOS Geräte Einladung-senden PbBE-en.png
Dialogfenster bei Einladung senden
Anmeldungstyp Profilbasiertes Benutzer-Enrollment Auswahl des Anmeldungstyp Profilbasiertes Benutzer-Enrollment
License TTT-Point AG | Mobile Security [3/500] The license used for newly registered devices.
Managed Apple ID Alice<alice@tttpoint.de> Select managed Apple ID of a user
In der gesendeten Einladungs-E-Mail ist eine Anleitung vorhanden, wie der Empfänger sein Privatgerät ins MDM einbindet:
  • Entweder den angezeigten QR-Code scannen, oder den Link die Mobileconfig anklicken
  • Installation der Konfiguration bestätigen und den Vorgang fortführen
On the Apple device:
  • Settings → General → VPN and Device Maintenance → Loaded Profile: Select Securepoint MDM
  • Button Register my device
  • Enter Apple ID and the corresponding password
    Here the password from the Apple Business Manager is required
  • Perform two-factor authentication if necessary
  • The display in the settings changes to Managed account
Retrieved from "https://wiki.securepoint.de/index.php?title=MS/enrollment/User-Enrollment&oldid=95142"