Device Enrollment iOS with ABM

The Apple Business Manager (ABM) is Apple's new method for enrolling corporate iOS devices. With ABM you can enroll the iOS devices without any direct contact with the device and also with minimal interaction from the user. The Apple ABM enrollment provides administrators the option to customize the complete device setup process. It also provides the option to prevent users from removing the MDM profile from the device. You can enroll your existing iOS devices (if they meet the iOS devices ABM requirements) and all iOS devices that you will buy in the future. For further information about Apple ABM see the Apple ABM Guide and Apple ABM Documentation.

Connect your ESMC MDM Server with Apple ABM server:  

1.Verify that all Apple ABM Requirements are met for both account requirements and device requirements.

ABM Account:

oThe program is only available in certain countries. Visit the Apple ABM webpage to see if ABM is available in your country.

oApple ABM Account requirements can be found on these websites: Apple deployment program requirements and Apple Device Enrollment Program requirements.

oDetailed ABM device requirements can be found here.

2.Log in to your Apple ABM Account (If you do not have an Apple ABM account you can create one here).

3.From the Device Enrollment Program section on the left side select Manage Servers.

MDM_DEP_add

4.Click Add MDM Server to open the Add MDM Server window.

5.Enter your MDM Server Name, for example: "MDM_Server," and then click Next.

MDM_DEP_add02

6.Upload your public key into the ABM portal. Click Choose File and select the public key file (this is the APNS certificate you downloaded from Apple Push Certificate Portal) and click Next.

MDM_DEP_addPK

7.Now you can download your Apple ABM Token. This file will be uploaded into the ESMC MDC policy under Apple Business Manager (ABM) -> Upload authorization token.

MDM_DEP_tokenD

Add iOS Device into Apple ABM:

The next step is to assign iOS devices to your virtual MDM Server inside Apple ABM portal. You can assign your iOS devices by serial number, order number or by uploading a list of Serial numbers for target devices in CSV format. Either way, you must Assign the iOS device to the virtual MDM Server (you created in the previous steps).

MDM_DEP_CSV

warning

Warning

Once a device is removed from the ABM portal, it is removed permanently, you cannot add it back.

After that you can leave the Apple ABM portal and continue in ESMC Web Console.

warning

Warning

If you are enrolling iOS devices that are currently in use (and that meet the device requirements) new policy settings will be applied to them after a factory reset of target device.  

In order to complete the enrollment process you need to upload the APNS certificate into the MDC Policy that will be assigned to the MDM Server. (This MDC Policy will fulfill the role of MDM Server Settings).

note

Note

If your iOS device displays the message that it is not able to download the profile from ESET during enrollment, verify that the MDM server inside ABM is correctly configured (has the correct certificates) and that you assigned the correct iOS device to your selected ESMC MDM Server inside Apple ABM.