Register Apple devices in Apple Business Manager
In the first step, all company-owned devices must be registered in the Apple Business Manager (formerly Device Enrollment Program – DEP). Apple Business Manager is a web-based portal for IT administrators. It allows devices purchased directly from Apple or an authorized Apple dealer to quickly and easily integrate iOS devices into the firm’s IT. For more information on automatic device registration, see Apple's help pages.
Note! You can also add existing devices to the Apple Business Manager at a later date. How to do this is explained here: How to add iOS devices to the Apple Business Manager.
- Create an account for your company for the Apple Business Manager. For this you need a so-called D&B D-U-N-S® Number. Call up your number here, or apply for a new one if necessary.
- Order devices from Apple or an authorized dealer.
- Make sure that the new devices are assigned to your account by Apple Business Manager.
Connect Cortado with Apple Business Manager
Once all the serial numbers of the Apple devices have been loaded into Apple Business Manager, you can start the configuration. For this, Cortado must firstly be connected to the
- In the Management Console open Control Panel→ Global Settings.
- In the DEP tab under DEP Certificate,you have the following options (right column):
- Download: Download the DEP certificate here. This is a Cortado generated certificate.
- Renew: You can generate a new DEP certificate here, if necessary (for example, if the old one expires).
- Import: If required, you can import a previously generated certificate here.
- The DEP certificate downloaded in the last step (arrow in upper picture), has to be uploaded to Apple in the next step.
- For this purpose, open the Apple Business Manager under https://business.apple.com/ and select Settings→ Device Management Settings→ Add New MDM Server (arrows in illus.).
- Under MDM Server Info enter a name of your choice (e.g.: department, location, user groupe) (upper arrow in illus.).
Note! At this point, you need to add a separate MDM server for each DEP profile you want to add, since a separate server token is needed for each profile.
- Under MDM Server Settings→ Choose File (lower arrow in illus.) select the DEP certificate, that you downloaded in the Management Console under Global Settings→ DEP→ Download.
- Then save the settings by clicking Save.
- Download your Token now (arrow in illus.). You must load this token into the DEP profile later in the Management Console.
- Then, under Device (left arrowin illus.) select the devices, you want to assign.
- After this, click on Edit Device Management (right arrow in illus.).
- Under Assign to server (arrow in illus.) select your MDM server (or your DEP profile).
- Confirm by clicking on Continue.
Create configuration profile in the management console
- In the Cortado Management Console select Global Settings→ DEP→ Add (arrow in illus.).
Note for Cortado Server! Illustrations may vary slightly.
Configure the DEP profile as follows:
- Mandatory: Specify here whether the use of the profile should be mandatory for the users. If the checkbox is left empty, the users can choose whether to install the DEP profile or to create a profile of their own.
- Verify profile: If this checkbox is enabled, the device configuration can only be completed if all steps required in the Cortado Management Console have been carried out.
- Supervised: Currently, all devices that receive this profile are placed into supervised mode. This is regardless whether this checkbox is crossed or not.
- Enable pairing: If this checkbox is enabled, the user may connect his device to a Mac or a PC and connect to iTunes.
- Shared iPad: Activate this checkbox if an iPad should be used by multiple users. This allows different user profiles to be set up on one iPad. You can find more information on the Apple page.
- Upload token: Select the Select token button and upload the Token from the Apple Business Manager (arrow in illus.).
- Anchore certificate (Cortado Server only!):
- Root certificate: Retain this pre-set selection if you use certificates generated by Cortado Server (self signed) (see the section Encryption (Certificates))
- None: Select this setting if you are using Cortado Server root certificates that were purchased from a public certification authority (e.g. Symantec or Comodo). Apple installs these purchased certificates onto the devices automatically and they don’t need to be rolled out separately via DEP.
- Upload root certificate: Select this setting if you are using root certificates generated by your company-owned certification authority for Cortado Server. (You can find detailed information about certification in the section Encryption (Certificates).)
- Device setup steps: You can specify what steps the user is allowed to make during setup of the device itself. Take note here that when you enable the checkbox Sign in to Apple ID and iCloud, you allow the devices to be used for business as well as for private purposes (COPE). Remove the checkmark if the devices are to be used exclusively for business purposes (COBO). If the checkmark is in place, the user can enter her private Apple ID during the configuration.
- Click on OK to finish configuration.
Users now only have to switch on the devices. The newly created DEP profile will now be automatically used for the device configuration (left illus.). Provided that the devices are new and unused or have been reset to factory settings.
During configuration, the user must enter her user name and password (right illus.). Therefore, before the device can be configured, the user must have been imported into the management console. Cortado Server users use their domain credentials.
Note for Cortado MDM! Users must create a password using the invitation email and your email address. Alternatively, you can assign a password for the user during user import.
That means that, during the configuration, the user only needs to carry out the setup steps that you selected under Device setup steps.