I just did a new install of Sophos Mobile Control. Latest version (9.0.6) on a Windows Server 2019 VM. Now I am ready to enroll some iPhones and I cannot find any documentation or video or overview that describes the entire process from beginning to end. There are so many moving parts and I'm trying to understand how it all works together.
I've created my business account on business.apple.com. In Sophos Mobile Control console I installed my SSL certificate, my APNs certificate, my Apple VPP service token and my DEP server token. As far as I can tell the initial one-time setup is complete.
Unfortunately, our organization had been purchasing iPhones and deploying them to employees without first enrolling them in DEP or adding them to Sophos Mobile. There is a kb article from Apple that describes (vaguely) how to manually enroll an iPhone in DEP (https://support.apple.com/en-us/HT204142#manual). The process requires using the Apple Configurator program on a Mac. However when I attempt to do this using Apple Configurator, it tells me it wants to erase the phone. This is not practical for 30+ phones that have already been deployed. But if this is the only way to do it, then I guess I have no choice. Is there another way to enroll my current iPhones in DEP without wiping the phone? (Or if that's not possible, is there a way to back up the user's phone, let Apple Configurator wipe it, add it to DEP and then restore the user's data?
I plan on allowing my users to install their own personal apps and sign into their own personal iCloud account. The biggest driver behind mobile device management is to be able to (a) remotely wipe the phone if it gets lost and (b) bypass iCloud lock if an employee leaves the company and returns the iPhone but does not sign out of their iCloud/Apple account.
My goal is to get all of my existing iPhones (and all future iPhones) enrolled in DEP and managed by Sophos Mobile. Apparently it's possible to simply install Sophos Mobile on the iPhone and then add it to Sophos Mobile using the add device wizard. But does doing this effectively bypass DEP and if so, what is even the purpose of DEP?
Any step-by-step instructions or references would be much appreciated! I've gone through most of the documentation SMC 9 but I think what I really need is a step by step guide. Does this exist somewhere? As a system admin, I am interested in learning how to do this myself vs hiring someone.
This thread was automatically locked due to age.
