Device Enrollment iOS with ABM

The Apple Business Manager (ABM) is Apple's new method for enrolling corporate iOS devices. With ABM you can enroll the iOS devices without any direct contact with the device and also with minimal interaction from the user. The Apple ABM enrollment provides administrators the option to customize the complete device setup process. It also provides the option to prevent users from removing the MDM profile from the device. You can enroll your existing iOS devices (if they meet the iOS devices ABM requirements) and all iOS devices that you will buy in the future. For further information about Apple ABM see the Apple ABM Guide and Apple ABM Documentation.

Synchronize your ESET PROTECT MDM with Apple ABM server:  

1.Verify that all Apple ABM Requirements are met for both account requirements and device requirements.

ABM Account:

oThe program is only available in certain countries. Visit the Apple ABM webpage to see if ABM is available in your country.

oApple ABM Account requirements can be found on these websites: Apple deployment program requirements and Apple Device Enrollment Program requirements.

oDetailed ABM device requirements can be found here.

2.Log in to your Apple ABM Account (If you do not have an Apple ABM account you can create one here).

3.From the Device Management Settings section select Add MDM Server.

MDM_DEP_add

4.In the Untitled MDM Server screen enter your MDM Server Name, for example: "MDM_Server,".

MDM_DEP_add02

5.Upload your public key into the ABM portal. Click Choose File and select the public key file (this is the APNS certificate you downloaded from Apple Push Certificate Portal) and click Save.

MDM_DEP_addPK

6.Now click on Download Token to download your Apple ABM Token. This file will be uploaded into the ESET PROTECT MDC policy under Apple Business Manager (ABM) -> Upload authorization token.  

MDM_DEP_tokenD

Add iOS Device into Apple ABM:

The next step is to assign iOS devices to your virtual MDM Server inside Apple ABM portal. You can assign your iOS devices by serial number, order number or by uploading a list of Serial numbers for target devices in CSV format. Either way, you must Assign the iOS device to the virtual MDM Server (you created in the previous steps).

1.Navigate to the Devices section of the ABM portal and select the device you want to assign and click on Edit Device Management.

MDM_DEP_CSV

2.After selecting your MDM server form the list, conform your selection and the mobile device will be assigned to your MDM server.

warning

Warning

Once a device is removed from the ABM portal, it is removed permanently, you cannot add it back.

After that you can leave the Apple ABM portal and continue in ESET PROTECT Web Console.

warning

Warning

If you are enrolling iOS devices that are currently in use (and that meet the device requirements) new policy settings will be applied to them after a factory reset of target device.  

In order to complete the enrollment process you need to upload the APNS certificate into the MDC Policy that will be assigned to the MDM Server. (This MDC Policy will fulfill the role of MDM Server Settings).  

note

Note

If your iOS device displays the message that it is not able to download the profile from ESET during enrollment, verify that the MDM server inside ABM is correctly configured (has the correct certificates) and that you assigned the correct iOS device to your selected ESET PROTECT MDM Server inside Apple ABM.