Enroll iPhone - MDM Profile error + Procedure

Good afternoon,

I'm looking for answers, after weeks of trying and failing.

I'm enrolling iPhones, I got them in Apple DEP console and in Sophos. While I enrolled 26 Android phones in less then a week, I keep on having issues trying to prepare 7 iPhones.
I have 2 main issues:

- I start the wizard to add the iPhone, Mode "Register" or "Register + Operation Bundle", got the QR code. Finished starting procedure on the phone, I download SMC app and scan the QR code. Well, the profile I download is not valid because "New MDM payload doesn't match the less recent one" (freely translated Italian to English). Device doesn't register to Sophos (Not managed), but "Operation bundles" I send work, almost and slowly.

- I still haven't found an efficient, definitive procedure from the wizard to successfully enroll iPhones. I tried all the options, but there is always something wrong, on SMC or Intercept X. I need to find a way to enroll them with complete management.
Note: is it normal every time I enroll an iPhone, I got 2 devices in my list, and the one I created is the one that is not managed?

Could someone help me, please? I'm losing my mind and too much time on this activity.

Thank you in advance,
Luca




Edit tags
[edited by: GlennSen at 6:13 AM (GMT -7) on 24 May 2022]
  • Hi Luca, 

    Thanks for reaching out to us. 

    If you are using Apple DEP/Apple Business Manager, you will not need to enroll the devices manually. When you factory reset an iOS device, it will receive the MDM configuration and proceed through all necessary setup steps when you first power on the device. 

    Do you know if a DEP profile has been created and applied as the default to any devices that enroll using Apple DEP as described in the following document?
    - Create DEP Profile

    Kushal Lakhan
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Good morning Kushal,

    thanks for answering!
    First of all, I've the cloud version of Sophos Central.
    Yes, I did certificate matching between Apple DEP and Sophos, and I set DEP profile as mentioned in the article.

    As soon as I turn devices on, they recognize the Company management, I log on as Sophos admin, set the user Apple ID and get to main screen.
    Then, I install SMC app, and I scan the QR code Sophos Central shows me. That QR code let me download the MDM profile I should install on the phone, but installation fails with that message.
    If I sent an Operation bundle with SMC profile, Intercept X app installation and Intercept X profile, it works, but SMC app is in error status, because registration is not complete. Probably, it needs that profile to be installed.

    Now, what I would like to find is the right procedure to enroll iPhones, our partner is not helping me in this. 
    I'm enrolling via Wizard, Registration only option, and later I manually install SMC and Intercept X apps, and send their profiles, but I have that issue anyway.

    Thank you very much,
    Luca

  • Could you check within Apple Business Manager to verify if the device is assigned to Sophos Mobile as the management server? 

    The steps specific to Sophos Central are mentioned in the following document. In the document, there’s also a warning present which appears to match up with the symptoms you're getting. 
    Create Apple Business Manager profile

    If you continue to experience issues with this, I recommend giving our support team a call so they can look over the configuration you have present. 

    Kushal Lakhan
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks for the update and quick reply. I'll be sure to keep an eye on this thread. Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution.