Deploy Home Deploy Sign in Submit a ticket

MDM Set up

PreviousDevice Configuration NextEnroll Standard Device

Last updated 9 months ago

MDM Set up

To set up MDM, you need to configure the following:

Apple Push Certificate

To connect the Faronics Deploy MDM with Apple Enterprise Mobile Management, you need to create an Apple Push Certificate and upload to Faronics Deploy MDM. To complete this process, you must have an , and generate an Apple MDM Push Certificate, which is required to manage Apple devices.

Complete the following steps to generate an Apple MDM Push Certificate:

Download your certificate signing request (CSR), signed by Deploy.
Go to the Apple Push Certificates Portal.
1. Sign in with your Apple ID.
2. Click Create a Certificate.
3. Read and agree to the terms and conditions, then click Accept.
4. Click Choose File and select the CSR file to be uploaded, then click Upload.
5. Click Download to download your push certificate. Once you have generated the Apple MDM Push Certificate, you can now upload the certificate to Deploy.
In the MDM page, click Configure > MDM Setup.
Under the Push Certificate tab:
Enter the Apple ID used to generate the certificate.
Click Choose File and upload your push certificate.
Click Done.

DEP MDM Server

Device Enrollment Program (DEP) allows businesses to quickly deploy and configure Apple devices by providing a fast, streamlined way to deploy organization-owned Apple devices.

To add a DEP Server, you need to generate a DEP Server Token.

Click Configure > MDM Setup.
Under the DEP Server tab, click Add New.
Click Download to download your public key certificate. After obtaining the public key certificate, go to the Apple Business/School Manager portal and upload your public key certificate to be able to download your Server Token.
Click Choose File and select the Server Token to be uploaded, then click Save.

To edit DEP server settings, click Edit Settings and make your changes.

Click Configure > MDM Setup.
Under the DEP Server tab, configure the following:
- General Configuration
  - Initial device policy – Select the policy that will be enforced on the device. If no policy is selected, the Default iOS Policy will be pushed to the device.
  - Force Faronics Deploy MDM enrollment – Selecting this option automatically enrolls the device in Faronics Deploy MDM profile and downloads the Faronics Deploy MDM App.
  - Place device in Supervised mode – Selecting this option gives more control to the administrator over the device and be able to set additional restrictions.
  - Allow Faronics Deploy MDM removal by user – Selecting this option gives the user permission to remove the MDM user profile.
  - Allow pairing with OS X computers – Selecting this option makes the mobile device visible in OS X computers and allows pairing.
- Optional Setup Panes – You can choose to skip any of the setup steps below during initial configuration of the mobile device:
  - Skip passcode setup
  - Skip restoring from backup
  - Skip signing in to Apple ID and iCloud
  - Skip Touch ID setup
  - Skip Zoom setup
  - Skip iMessage and Face Time (iOS 12+)
  - Skip Software Update (iOS 12+)
  - Disable sending diagnostics info
  - Skip location service
  - Remove 'Move from Android' from restore options
  - Skip Terms and Conditions
  - Skip Apple Play setup
  - Skip Privacy pane (iOS 12+)
  - Skip ScreenTime (iOS 12+)
  - If false, disables Siri. Available in iOS 5 and later. Also available for user enrollment.
- Organization Details – This information is presented to the user of the device during the setup process:
  - Support phone number – Specify the phone number of the support team.
  - Support email address – Specify the email address for your support team.
  - Department name – Specify the name of the department to which the mobile device user belongs.
- Device Naming Scheme – This option controls how supervised devices are renamed. Select one of the following:
  - Default Name – Select this option to keep the device default names during enrollment.
  - Add prefix to name – Rename each device during enrollment by adding a prefix to the default name. Define the prefix in the Prefix field that appears when this option is selected.
  - Name devices based on serial numbers – Select this option to define custom names for specific serial numbers. Existing and newly enrolled devices are then assigned the name associated with their serial number. Devices with serial numbers that do not have defined names are not affected (they keep their default/existing name).
  - To use this option, you must create and upload a CSV file that associates names to serial numbers:
    Select the Name Devices Based on Serial Numbers option.
    Click Download CSV Template.
    Add or update the information in the CSV file, then save the file.
    Click Choose File and use the file browser to select the .csv file.

To update a DEP server token, you must sign in to your Apple DEP or Apple School Manager account and follow the steps to generate a new server token. Once you have generated the new server token, you can now upload the new server token to Deploy.

To unpair DEP account, click Unpair DEP Account.

An Apple device can only be assigned to one Apple DEP MDM Server. The Apple device must be assigned to the Apple MDM Server that is connected to Deploy MDM. If the Apple device is assigned to another Apple MDM Server, you must unassign the iOS device and re-assign to the Apple MDM Server that is connected to Deploy MDM.

Once the device setup is completed, the device will be displayed under Apple Devices under the MDM page in Deploy.

Sync with Apple

Click Sync with Apple to sync VPP token/license-related information.

VPP Account

The Volume Purchase Program (VPP) allows an organization to bulk purchase, distribute and manage apps and books to the iOS devices (iPads, iPhones, and Macs) used within the organization.

To add a VPP Service token, you must sign in to your Apple Volume Purchase Program for business or education and download the VPP service token file found on the VPP purchases page. After downloading the VPP service token, you can now upload the new service token to Deploy.

If you are enrolled in Apple's Volume Purchase Program, you can retrieve your managed distribution token from the Volume Purchase Program portal.

To delete a VPP service token, select a token from the list and click Delete.

Make sure that this token is not being used by more than one MDM server, otherwise, the VPP information will not sync properly.

Sync with Apple

Click Sync with Apple to sync VPP token/license-related information.

If you purchase licenses from Apple after adding your token, you will need to Sync with Apple button to make Faronics Deploy MDM aware of the change.

PreviousDevice Configuration NextEnroll Standard Device

Last updated 9 months ago

To set up MDM, you need to configure the following:

Apple Push Certificate

Complete the following steps to generate an Apple MDM Push Certificate:

Download your certificate signing request (CSR), signed by Deploy.
Go to the Apple Push Certificates Portal.
1. Sign in with your Apple ID.
2. Click Create a Certificate.
3. Read and agree to the terms and conditions, then click Accept.
4. Click Choose File and select the CSR file to be uploaded, then click Upload.
5. Click Download to download your push certificate. Once you have generated the Apple MDM Push Certificate, you can now upload the certificate to Deploy.
In the MDM page, click Configure > MDM Setup.
Under the Push Certificate tab:
Enter the Apple ID used to generate the certificate.
Click Choose File and upload your push certificate.
Click Done.

DEP MDM Server

Device Enrollment Program (DEP) allows businesses to quickly deploy and configure Apple devices by providing a fast, streamlined way to deploy organization-owned Apple devices.

To add a DEP Server, you need to generate a DEP Server Token.

Click Configure > MDM Setup.
Under the DEP Server tab, click Add New.
Click Download to download your public key certificate. After obtaining the public key certificate, go to the Apple Business/School Manager portal and upload your public key certificate to be able to download your Server Token.
Click Choose File and select the Server Token to be uploaded, then click Save.

To edit DEP server settings, click Edit Settings and make your changes.

Click Configure > MDM Setup.
Under the DEP Server tab, configure the following:
- General Configuration
  - Initial device policy – Select the policy that will be enforced on the device. If no policy is selected, the Default iOS Policy will be pushed to the device.
  - Force Faronics Deploy MDM enrollment – Selecting this option automatically enrolls the device in Faronics Deploy MDM profile and downloads the Faronics Deploy MDM App.
  - Place device in Supervised mode – Selecting this option gives more control to the administrator over the device and be able to set additional restrictions.
  - Allow Faronics Deploy MDM removal by user – Selecting this option gives the user permission to remove the MDM user profile.
  - Allow pairing with OS X computers – Selecting this option makes the mobile device visible in OS X computers and allows pairing.
- Optional Setup Panes – You can choose to skip any of the setup steps below during initial configuration of the mobile device:
  - Skip passcode setup
  - Skip restoring from backup
  - Skip signing in to Apple ID and iCloud
  - Skip Touch ID setup
  - Skip Zoom setup
  - Skip iMessage and Face Time (iOS 12+)
  - Skip Software Update (iOS 12+)
  - Disable sending diagnostics info
  - Skip location service
  - Remove 'Move from Android' from restore options
  - Skip Terms and Conditions
  - Skip Apple Play setup
  - Skip Privacy pane (iOS 12+)
  - Skip ScreenTime (iOS 12+)
  - If false, disables Siri. Available in iOS 5 and later. Also available for user enrollment.
- Organization Details – This information is presented to the user of the device during the setup process:
  - Support phone number – Specify the phone number of the support team.
  - Support email address – Specify the email address for your support team.
  - Department name – Specify the name of the department to which the mobile device user belongs.
- Device Naming Scheme – This option controls how supervised devices are renamed. Select one of the following:
  - Default Name – Select this option to keep the device default names during enrollment.
  - Add prefix to name – Rename each device during enrollment by adding a prefix to the default name. Define the prefix in the Prefix field that appears when this option is selected.
  - Name devices based on serial numbers – Select this option to define custom names for specific serial numbers. Existing and newly enrolled devices are then assigned the name associated with their serial number. Devices with serial numbers that do not have defined names are not affected (they keep their default/existing name).
  - To use this option, you must create and upload a CSV file that associates names to serial numbers:
    Select the Name Devices Based on Serial Numbers option.
    Click Download CSV Template.
    Add or update the information in the CSV file, then save the file.
    Click Choose File and use the file browser to select the .csv file.

To unpair DEP account, click Unpair DEP Account.

Once the device setup is completed, the device will be displayed under Apple Devices under the MDM page in Deploy.

Sync with Apple

Click Sync with Apple to sync VPP token/license-related information.

VPP Account

The Volume Purchase Program (VPP) allows an organization to bulk purchase, distribute and manage apps and books to the iOS devices (iPads, iPhones, and Macs) used within the organization.

If you are enrolled in Apple's Volume Purchase Program, you can retrieve your managed distribution token from the Volume Purchase Program portal.

To delete a VPP service token, select a token from the list and click Delete.

Make sure that this token is not being used by more than one MDM server, otherwise, the VPP information will not sync properly.

Sync with Apple

Click Sync with Apple to sync VPP token/license-related information.

If you purchase licenses from Apple after adding your token, you will need to Sync with Apple button to make Faronics Deploy MDM aware of the change.