Special thanks to Torben for creating this Content!
Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
This article describes the procedure to configure Apple DEP with Sophos Mobile
What to do
1. Log in to Sophos Mobile on-prem web portal or Sophos Central admin console.
2. Go to Setup --> Apple setup --> Apple DEP
3. Click on “Download Public Key“ to download your tenant‘s public key. This has to be uploaded to the Apple DEP portal to connect your tenant to your Apple DEP account.
4. The public key is downloaded as *.pem. Now Click on Apple DEP web portal link to open DEP portal.
5. Log in with your Apple DEP Apple ID.
6. Apple requires MFA with text messages. If you have multiple phone numbers, choose the right one. This step is skipped if only one phone number is defined in Apple ID.
7. Enter the code you received in a text message.
8. Click on Device Enrolment Program.
9. Click on Manage servers and Click on add MDM server.
10. Enter the name of your server and tenant. Like <server name/tenant name> or <your Central account name>. Just make sure you can identify it here again if you want to assign devices or have to renew the DEP token.
11. Check the box to assign all your Apple DEP devices automatically to your Sophos Mobile tenant. Otherwise, you can assign devices manually by serial number or import them via CSV file and click next to proceed.
12. Now click “Choose file” and upload the *.pem file you’ve downloaded from Sophos Mobile and Click next to proceed.
13. Click on "Your Server“ Token to download your Apple DEP token. Click "Done".
14. The token is downloaded as *.p7m file.
15. You can now see your Sophos Mobile tenant. Now switch back to the Sophos Mobile Admin Console.
16. Click "Upload a file“ and upload the *.p7m file.
17. You will see the expiration date and other account details. Don‘t forget to save your changes.
18. Apple DEP is successfully configured. Now you can add Apple DEP profiles.
19. Click Add to create a new Apple DEP profile.
20. Enter the name and description of the profile. The DEP devices will be a member of the selected device group. If task bundle is selected, the selected this task bundle will be executed once the device is enrolled with Sophos Mobile after a device wipe.
21. Then select the enrollment options. Please note that if “Assign user to device“ is checked, then users have to enter their SSP credentials during the first device startup.
22. Selected pages are skipped during the first device startup.
23. Enter the support information to be shown during the first device startup.
24. Here you can define to which computers USB connections are allowed. That can be all selected hosts or none. Click Apply once you are ready.
25. The profile named “demo“ is created. Don‘t forget to save your changes.
26. After saving the profile you can set a default profile for all newly assigned Apple DEP devices.
27. After the appropriate profile is selected, click “Save“. Switch to the Apple DEP portal and assign devices to your Sophos Mobile tenant.
28. Click Manage Devices to assign devices to your Sophos Mobile tenant. You can assign devices via serial number, order number or upload a CSV file with serial numbers.
29. Device serial number entered. Choose your Sophos Mobile tenant.
30. Once selected, click OK.
31. The device was assigned, click OK and switch back to the Sophos Mobile Admin Console and go to Devices.
32. Go to Device --> click Apple DEP.
33. Click Synchronize with Apple DEP portal to import the Apple DEP devices immediately. Sophos Mobile will synchronize the devices regularly with your Apple DEP account.
34. It can take some minutes to synchronize the devices. Reload the page after a while.
35. After reloading the page your assigned devices will appear. The Apple DEP profile is already assigned.
36. You can also assign or unassign profiles by selecting one or more devices and clicking the “Actions“ button.
37. Click on a device to see its Apple DEP details. The device is ready to be enrolled with Sophos Mobile. Wipe the device and it will get the profile from Apple and the Profile push date will be set.
Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!
Updated the disclaimer
[edited by: Gladys at 5:01 AM (GMT -7) on 6 Apr 2023]