MDM Setup and Settings

To take advantage of the Mobile Device Management component in ESET PROTECT, perform the following steps after the installation of MDM to be able to enroll and manage mobile devices.

1.Install Mobile Device Connector (MDC) using the All-In-one installer or perform a component installation for Windows or Linux. You can also deploy MDM as a Virtual Appliance. Make sure that you have met the prerequisites before the installation.


note

If you are installing MDC using the All-in-one installer,  the HTTPS certificate signed by ESET PROTECT CA is generated automatically during the installation process. The certificate is password-protected (with a randomly generated password) and the certificate is not visible in More > Peer Certificates.

To install ESET PROTECT with the All-in-one installer and use a third-party HTTPS certificate, install ESET PROTECT first, then change your HTTPS certificate using Policy (in the ESET Mobile Device Connector Policy > General > Change certificate > Custom certificate).

If you are installing the MDC component by itself, you can use :

a) certificate signed by ESET PROTECT CA (Basic > Product: Mobile Device Connector; Host: Hostname/IP Adress of MDC; Sign > Sign Method: Certification Authority; Certification Authority: ESET PROTECT Certification Authority)
b) third-party HTTPS certificate chain signed by a CA trusted by Apple (list of CA trusted by Apple).

2.Activate ESET PROTECT MDC using a Product Activation Client Task. The procedure is the same as when activating any ESET security product on a client computer (a license unit will not be used).

3.Run a User Synchronization Server Task (Recommend). This lets you automatically synchronize users with Active Directory or LDAP for the purpose of Computer Users.


note

If you are planning to manage Android based devices only (no iOS devices will be managed), skip to step 7.

4.Create an APN/ABM certificate. This certificate is used by ESET PROTECT MDM for iOS device Enrollment. Certificates that will be added to your enrollment profile must be also added to your ABM profile.

5.Create a new policy for ESET Mobile Device Connector to activate APNS.


note

Follow these instructions to perform iOS Device enrollment with the Apple Business Manager (ABM).

6.Enroll mobile devices using a Device Enrollment task. Configure the task to enroll devices for Android and/or iOS. This can also be done from Computers or Group tab by clicking Add New > Mobile devices while having selected a Static Group (Add New cannot be used in Dynamic Groups).

7.If you have not provided license during Device Enrollment, activate Mobile devices using a Product Activation Client Task - choose an ESET Endpoint Security license. A license unit will be used for each mobile device.


important

The Product Activation task can activate a mobile product, ESET Endpoint For Android, also using an offline license.

The activation task cannot activate ESET products of version 4 and 5 with the offline license. You need to activate the product manually or use a supported product version (we recommend using the latest version).

8.You can edit Users to configure Custom attributes and Assign Mobile devices if you've not assigned users during Device Enrollment.

9.Now you can start applying policies and managing mobile devices. For example, Create a Policy for iOS MDM - Exchange ActiveSync Account which will automatically configure your Mail account, Contacts and Calendar on iOS devices. You can also apply restrictions on an iOS device and/or add a Wi-Fi connection.

Troubleshooting

You can use Re-enroll on a mobile device which was corrupted or wiped. Re-enroll link will be sent via email.

Stop Managing (Uninstall ESET Management Agent) task will cancel MDM enrollment of a mobile device and remove it from ESET PROTECT.

To upgrade MDC, use the ESET PROTECT Components Upgrade task.

See also MDM troubleshooting