Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 8 subscribers
  • Views 1679 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

userless enrollment - iOS devices (Apple DEP) stay unmanaged after profile is assigend

Sophos User2478

Hello!

I have imported several iPhones via Apple Configurator 2 into Apple Business Manager and then further assigned them to Sophos Mobile MDM in ABM.


Those devices show up in the Sophos Mobile Webconsole and I can assign/reassign Apple DEP profiles to them successfully, but they stay "unmanaged". That is why further policies or tasks could not be applied to them. 

Users should not be assigned to this devices in this step (logistical reasons), so individual enrollment via SSP is out of the equation.

What am I missing about the enrollment process? Any advice is appreciated!

Regards Thomas



This thread was automatically locked due to age.
  • +1

    Thanks for reaching out to us. 

    If DEP/ABM is not used to perform the initial setup of the device and you are instead supervising the device using Apple Configurator, you will need to use the following steps to enroll the device for your use-case. 

    - From Sophos Mobile, select +Add > Add device wizard
    - Select Skip user assignment, Next
    - Specify a name for the device, and add an e-mail address for the enrollment steps to be sent to, Next
    - Select Enroll device, Next
    - Select Enrollment without Apple ID

    The steps shown on the screen will need to be followed using the normal Camera app on the mobile device to finish enrollment.

    Let me know if this helps.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    have you factory reset one of the devices that showing in your DEP webconsole in SMC?

  • 0 in reply to Qoosh

    THX for your answer.

    It is possible set to those devices (added from Apple Configurator 2) to "managed state" by your suggested procedure; I used the "Add device wizard" and provided an email address.

    But without an regular AppleID SMC refuses to install apps from the app store - allthough we use VPP.

    I tried using managed AppleIDs from our ABM, but those are not permitted to use the app store. So far I just want to deploy apps that are free.

    A credit card as payment option in ABM has already been provided.

    So, how to I get SMC to install apps from VPP on managed devices without using AppleIDs? Is this even supported?

    Over the last few days Sophos Mobile was not generating enrollment tasks with QR-Codes. Now it works again. Must have been a temporar error.

  • 0 in reply to Andrew Mullins

    I deleted some iPhones from SMC, when they refused to get enroled and used Apple Configurator to "Erase all Content and Settings". 

    Those devices are still present in ABM without an MDM assigned.

  • 0 in reply to Sophos User2478

    Some information on pushing apps through VPP using SMC is available in the following document. 
    - Manage Apple Business Manager apps

    It sounds like you already have this set up. Further guidance in assigning VPP application/licenses to devices/users is mentioned in the following link.
    - Manually assign Apple Business Manager apps

    Let me know if this is what you were looking for.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML