You can configure iOS devices to auto-enroll with Sophos Mobile Control during device
activation. To do so, you use Apple Configurator 2 to assign devices to the
Sophos Mobile Control MDM server. When the users switch on their devices for the
first time, the iOS setup assistant starts. During setup, the devices are
automatically enrolled with Sophos Mobile Control.
To configure auto-enrollment of iOS devices with Sophos Mobile Control:
As a one-time step to prepare auto-enrollment, create a device group that will
be assigned to devices during auto-enrollment with Sophos Mobile Control. In the
device group properties, select the Enable iOS
auto-enrollment option. See Create device group.
Make a note of the URL that is displayed in the Auto-enrollment
URL field of the device group.
You need this URL when you configure devices with Apple
Connect the iOS device you want to auto-enroll to an USB port of a Mac with
Apple Configurator 2 installed.
In Apple Configurator 2, use the Prepare Assistant to set up the device
Select Manual Enrollment and then enter the
auto-enrollment URL of the device group.
Follow the further steps of the Prepare Assistant. You can optionally configure
the following aspects of the device activation:
- Enable device supervision mode.
- Configure host computers to which the device is allowed to connect with,
using USB ports.
- For supervised devices, generate or choose a "supervision
- Disable configuration steps of the iOS setup assistant.
After you have completed the configuration, hand over the device to the user. When
the user switches on the device for the first time, the iOS setup and the enrollment
with Sophos Mobile Control are performed as configured.
By default, Sophos Mobile Control manages auto-enrolled devices under a
name that is composed from the device ID and the device type. Alternatively, Sophos
Mobile Control can use the name that is configured on the device. See the
Synchronize device name
option in Configure iOS settings