Create a Policy for MDC to activate APNS/DEP for iOS enrollment

validation-status-icon-warning IMPORTANT

When changing the https certificate used in your policy for MDC, follow the steps below to avoid disconnecting mobile devices from your MDM:

1. Create and apply the new policy that uses the new https certificate.

2. Allow devices to check in to the MDM server and receive the new policy.

3. Verify that devices are using the new https certificate (the https certificate exchange is completed).

4. Allow at least 72 hours for your devices to receive the new policy. After all devices have received the new policy (MDM Core alert "HTTPS certificate change still in progress. The old certificate is still being used " is no longer displayed in the Alerts tab), you can delete the old policy.

This is an example of how to create a new policy for ESET Mobile Device Connector to activate APNS (Apple Push Notification Services) and iOS device Enrollment feature. This is required for iOS device Enrollment. Before configuring this policy, create a new APN certificate and have it signed by Apple on the Apple Push Certificates Portal so that it becomes a signed certificate or APNS Certificate. For step-by-step instructions see the APN certificate section.

icon_section Basic

Enter a Name for this policy. The Description field is optional.

icon_section Settings

Select ESET Remote Administrator Mobile Device Connector from the drop-down list.

validation-status-icon-warning IMPORTANT

If you installed MDM Server with All-in-One Installer (Not as a standalone and not as a component) the HTTPS certificate will be generated automatically during the installation. This only applies for ERA 6.5 Installer and later. For all the other cases you need to apply a custom HTTPS certificate. You can find more information annotated following step one of Mobile Device Management topic.

You can use the ERA certificate (signed by ERA CA) or your custom certificate.  You can also specify the date for Force certificate change. Check the tooltip next to this setting for more information.

admin_pol_mdc_apn_cert_https

Under General, go to Apple Push Notification Service and upload the APNS Certificate and a APNS Private Key.

icon_details_hoverNOTE

Type your actual organization's name over the Organization string. This is used by the enrollment profile generator to include this information in the profile.

admin_pol_mdc_apn_cert

APNS Certificate (signed by Apple) - click the folder icon and browse for the APNS Certificate to upload it. (This is the file you downloaded from Apple Push Certificates Portal.)

APNS Private Key - click the folder icon and browse for the APNS Private Key to upload it. (This is the file you downloaded during APN/DEP Certificate creation.)

admin_pol_mdc_apn_cert_push

Diagnostics - Enable or disable the submission of anonymous crash report statistics to ESET for the improvement of customer experience.

Logging - Set the log verbosity to determine the level of information that will be collected and logged, from Trace (informational) to Fatal (most important critical information).

If you are creating this policy for iOS enrollment with Apple DEP, navigate to the Apple Device Enrollment Program (DEP).

Apple Device Enrollment Program (DEP) - these settings are DEP-only. icon_DEP

validation-status-icon-error WARNING

After the initial configuration, if any of these settings will be changed, in order to apply the changes, you will need to factory-reset and re-enroll all the affected iOS devices.

Upload authorization token - click the folder icon and browse for the DEP server token. (This is the file you downloaded when you created the virtual MDM server on the Apple DEP portal)

Supervised mode - supervised mode is mandatory for most of the device policy options.

Mandatory Installation - the user will not be able to use the device without the installation of MDM profile.

Allow user to remove MDM profile - device must be in supervised mode to disallow the user to remove the MDM profile.

Skip Setup Items -  this setting allows you to choose which of the initial setup steps during the initial iOS setup will be skipped. You can find more information about each of these steps in the Apple Knowledgebase Article.

icon_section Assign

Select the device that is hosting the MDM server the policy is targeted on.

admin_pol_assign

Click Assign to display all Static and Dynamic Groups and their members. Select the Mobile Device Connector instance that you want to apply the policy on and click OK.

icon_section Summary

Review the settings for this policy and click Finish.