MDM Setup and Settings

In order to take advantage of the Mobile Device Management component in ESET Security Management Center, perform the following steps after the installation of MDM to be able to enroll and manage mobile devices.

1.Install Mobile Device Connector (MDC) using the All-In-one installer or perform a component installation for Windows or Linux. Make sure that you have met the prerequisites prior to the installation.

details_hoverNOTE

If you are installing MDC using the All-in-one installer,  HTTPS certificates signed by ESMC CA are created during the installation process. (this certificate is not visible in More > Peer Certificates)

To install ESMC with the All-in-one installer and use a 3rd party HTTPS certificate, install ESET Security Management Center first, then change your HTTPS certificate using Policy (in the ESET Mobile Device Connector Policy > General > Change certificate > Custom certificate).

If you are installing the MDC component by itself, you can use :

a) certificate signed by ESMC CA (Basic > Product: Mobile Device Connector; Host: Hostname/IP Adress of MDC; Sign > Sign Method: Certification Authority; Certification Authority: ESMC Certification Authority)
b) 3rd party HTTPS certificate chain signed by a CA trusted by Apple (list of CA trusted by Apple).

2.Activate ESMC MDC using a Product Activation Client Task. The procedure is the same as when activating any ESET security product on a client computer (a license unit will not be used).

3.Run a User Synchronization Server Task (Recommend). This lets you automatically synchronize users with Active Directory or LDAP for the purpose of Computer Users.

details_hoverNOTE

If you are planning to manage Android based devices only (no iOS devices will be managed), skip to step 7.

4.Create an APN/DEP certificate. This certificate is used by ESMC MDM for iOS device Enrollment. Certificates that will be added to your enrollment profile must be also added to your DEP profile.

5.Create a new policy for ESET Mobile Device Connector in order to activate APNS.

details_hoverNOTE

If you are performing iOS Device enrollment with the Apple Device Enrollment Program (DEP) continue here.

6.Enroll mobile devices using a Device Enrollment task. Configure the task to enroll devices for Android and/or iOS. This can also be done from Computers or Group tab by clicking Add new > Mobile devices while having selected a Static Group (Add new cannot be used in Dynamic Groups).

7.If you have not provided license during Device Enrollment, activate Mobile devices using a Product Activation Client Task - choose an ESET Endpoint Security license. A license unit will be used for each mobile device.

validation-status-icon-warning IMPORTANT

The Product Activation task can be run on mobile devices (ESET Endpoint For Android) using an offline license.

8.You can edit Users in order to configure Custom attributes and Assign Mobile devices if you've not assigned users during Device Enrollment.

9.Now you can start applying policies and managing mobile devices. For example, Create a Policy for iOS MDM - Exchange ActiveSync Account which will automatically configure your Mail account, Contacts and Calendar on iOS devices. You can also apply restrictions on an iOS device and/or add a Wi-Fi connection.

10. You can use Re-enroll on a mobile device which was corrupted or wiped. Re-enroll link will be sent via email.

11. Stop Managing (Uninstall ESET Management Agent) task will cancel MDM enrollment of a mobile device and remove it from ESMC.