Jump to:navigation, search
Wiki

Profile Based User Enrollment

From Securepoint Wiki




























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden























{{var | App der AppleID zuweisen--Menu |  Mobile Security iOS/iPadOSapp App öffnen / Reiter Lizenzzuordnung | Open  Mobile Security iOS/iPadOSapp





































Profile-based user enrollment of iOS/ iPad devices

Last adaptation to the version: 2.2

New:
  • Support from Apple only for devices up to and including iOS 17.x
notempty
This article refers to a Beta version
Access: portal.securepoint.cloud  Mobile Security iOS/iPadOS Devices

Prerequisite

User enrollment is only available for iOS devices up to iOS version 17.x

notempty
As of iOS version 18.x, logging in with managed Apple IDs is no longer available.


Private devices within an organization's environment

To install paid apps provided by an organization on private Apple devices, Managed Apple IDs are used.

notempty
    • Managed apps can be configured on private devices via MDM
    • Via a managed Apple ID paid VPP licenses are assigned
    • Separation of data (addresses, files) from managed and private apps is possible
  • It is not possible to install an app 2 times (private and managed)
 notempty
    • These devices require a private, personal Apple ID.
      Otherwise, these devices will not receive operating system updates, for example.
    • Both the password of the personal Apple ID and the password of the managed Apple ID must be known to the user in order to use e.g. two-factor authentication
    • Resetting the device to factory settings is only possible if you know the access data of your personal Apple ID
    • The final control over the device itself is thereby the user of the device
  • The model device belongs to the company, personal use enabled (COPE) is not available for Apple.

Create user with Managed Apple ID

Create a Managed Apple ID in ABM/ASM

Open the Apple Portal at https://business.apple.com respectively https://school.apple.com
  • Log in to ABM:
    The user account for the setup must have the permission Administrator or Personmanager
  • Click on your own name at the bottom of the sidebar: Menu Settings and / Accounts
  • Select button Add and fill in all mandatory fields
    or
    Connecting Apple Portal to an Azure AD
    Users in the Apple portal automatically have a managed Apple ID
  • Select Save button
  • Further instructions in the Apple document for creating managed Apple IDs

Create local user

 General User  Add user or /  Edit

Link local user to Managed Apple ID

  • Activate Link to managed Apple ID   
  • Managed Apple-ID m.mueller@anyideas.de
    Enter the Apple ID you created earlier
  •   Save

Assign objects

Assign VPP licenses to the Managed Apple ID

 Mobile Security iOS/iPadOS VPP Licenses  Assign licenses
Caption Value Description Datei:MSP v1.18 VPP Lizenze AppleID zuordnen-en.png
Dialog Assign VPP licenses
Managed Apple ID m.mueller@anyideas.de Select user with a Managed Apple ID
VPP Licenses VPP-Lizenz VPP-Lizenz2 Select VPP License(s)
 Assign licenses

Assign VPP App to the Managed Apple ID

Caption Value Description Datei:MSP v1.18 VPP App AppleID zuordnen-en.png
Assign app to Apple VPP user
Apple VPP users m.mueller@anyideas.de Choose Managed Apple ID
  Save

Assign user enrollment profile to the Managed Apple ID

 Mobile Security iOS/iPadOS  Profiles  Add profile or /  Edit
  • Add or edit a profile with type User Registration Profile
  • Tab General, option User m.mueller add user with Managed Apple ID'
  •   Save

Enrollment

Register new Device

By clicking the  Register New Device button, a personal iOS/ iPad device is enrolled into the MDM. The following steps are carried out in the dialog window:
Caption Value Description
Dialog window for Register New Device
Registration of a user-owned device    When    is activated, a user-owned (personal) device is enrolled into the MDM using the managed Apple ID
Enrollment mode Profile-based user enrollment Select the enrollment mode "Profile-based user enrollment"
Managed Apple ID Alice<alice@tttpoint.de> Select managed Apple ID of a user
License TTT-Point AG | Mobile Security [3/500] The license used for newly registered devices.
URL https://portal.securepoint.cloud/sms-mgt-api/api/... The URL can be copied to the clipboard using the Copy to clipboard button
With the Download profile button, the profile is downloaded as a .mobileconfig file
Scan the displayed QR code or use the  Print QR code button to print and scan the QR code
On the Apple device:
  • Settings → General → VPN and Device Maintenance → Loaded Profile: Select Securepoint MDM
  • Button Register my device
  • Enter Apple ID and the corresponding password
    Here the password from the Apple Business Manager is required
  • Perform two-factor authentication if necessary
  • The display in the settings changes to Managed account

Send invitation

By clicking the  Send Invitation button, an email is sent to the user, allowing their personal iOS/ iPad device to be enrolled into the MDM, The following steps are taken in the dialog window:
Caption Value Description
Dialog window for Send Invitation
Registration type Profile-based user enrollment Select the registration type Profile-based user enrollment
License TTT-Point AG | Mobile Security [3/500] The license used for newly registered devices.
Managed Apple ID Alice<alice@tttpoint.de> Select managed Apple ID of a user
The sent invitation email contains instructions on how the recipient can enroll their personal device into the MDM:
  • Either scan the displayed QR code or click the link the Mobileconfig
  • Confirm the istallation of the configuration and continue with the process
On the Apple device:
  • Settings → General → VPN and Device Maintenance → Loaded Profile: Select Securepoint MDM
  • Button Register my device
  • Enter Apple ID and the corresponding password
    Here the password from the Apple Business Manager is required
  • Perform two-factor authentication if necessary
  • The display in the settings changes to Managed account
Retrieved from "https://wiki.securepoint.de/index.php?title=MS/enrollment/User-Enrollment&oldid=96014"