Enroll Apple iOS devices

There is only one way to enroll devices running iOS with DME. This requires at least DME client app 4.1.4.

Enrolling Apple iOS devices

To enroll an Apple iOS device with DME, the end user must do the following:

1. Select Tools > MDM Enrollment in the client menu.

   The client app will try to collect the Wi-Fi (MAC) address of the device. If unsuccessful (if the device is running iOS 7, and it has never been in contact with the DME server before being upgraded to iOS 7), the client will ask the user to provide the MAC address.

2. The user provides the Wi-Fi Address.

   The user is instructed to go to the device Settings > General > About to find and copy the Wi-Fi Address, and paste it back into DME.

   For more details about this, see the DME App User Guide for Apple iOS.

3. The client will then open the Safari browser at the DME Apple MDM Enrollment web page. See the next section, Installing Apple MDM profile for information about further user steps.

   During the enrollment performed by the end user, the user accepts the installation of a DME MDM Configuration Profile. When that profile is installed, the iDevice completes the enrollment process using the Simple Certificate Enrollment Protocol (SCEP), during which DME validates the device and generates a device certificate. DME can then manage and monitor the iDevice without further user involvement. Device settings profiles can be updated transparently, and device information can be obtained and registered by DME. The Apple Push Notification Service (APNS) is used to enable the communication between devices and DME.

Please note that the user is only allowed to choose the MDM Enrollment option once. If the user is interrupted in the enrollment process, for instance if the Internet connection is interrupted, the option will be gone from the Tools menu. To get the option back, you can instruct the user to do the following:

1. Lock the device (Tools > Lock) to go to the Login screen (iPhone: Rotate to Landscape direction if the Unlock pattern screen is shown).
2. Enter RESETMDM as user name, and tap Login.

   The user name field is cleared.

3. Log in as normal.

   The MDM Enrollment option is now back in the menu.

Warning: If you try to enroll an Apple iOS device with DME by connecting it directly to the DME server enrollment page (<DME_Server>/mdm or <DME_Server>/ios/ or <DME_Server>/iphone/), duplicate entries will occur in the DME server for the same device - one being the "DME" device, and the other being the "MDM device".

To get rid of these duplicate devices, instruct the users to enroll using the MDM Enrollment menu option. Note that the MDM enrollment is expected to fail at one point because the device has already been enrolled, but the process is sufficient to make the DME server aware that the DME device has the same Wi-Fi address as the "MDM device", and the server will then combine the two devices.

Note that when the two devices are combined, the set of default settings will be applied to the device, and any settings changed by the user will be reset.