Set up a virtual MDM server

Prerequisite: This procedure assumes that you have already enrolled in the Apple Device Enrollment Program (DEP) and set up an administrator account for the Apple DEP web portal.

Note: For detailed information on enrolling in DEP, visit the Apple DEP website at http://www.apple.com/business/dep/ or see the Apple Deployment Programs online help.
Tip: If you have already enrolled in the Apple Volume Purchase Program (VPP), you can use the same Apple ID for DEP.

To use Apple DEP with Sophos Mobile Control, you need to create a virtual MDM server on the Apple DEP web portal and link it to the Sophos Mobile Control server. This includes a verification process to establish a secure connection between Sophos Mobile Control and the Apple DEP web service.

To set up a virtual MDM server for Sophos Mobile Control:

  1. Log in to the Sophos Mobile Control console with an administrator account for the customer for which you want to manage the DEP devices.
  2. On the menu sidebar, under SETTINGS, click Setup > System setup, and then click the Apple DEP tab.
  3. Click Download public key to download the Sophos Mobile Control public key file for Apple DEP.
    The file is saved to your local computer, using the download settings of your web browser.
  4. Open the Apple DEP web portal at https://deploy.apple.com in a new browser window.
    You can do this by clicking the Apple DEP web portal link in Sophos Mobile Control.
  5. Log in to the Apple DEP web portal with your company Apple ID.
  6. On the portal, go to Device Enrollment Program > Manage Servers, and then click Add MDM Server.
  7. Enter a name for MDM server, for example Sophos Mobile Control.
  8. In the next step, upload the public key file that you downloaded from Sophos Mobile Control.
  9. In the next step, download the server token.
    At this point, you may log out from the Apple DEP web portal.
  10. On the Apple DEP tab of Sophos Mobile Control, click Upload a file and select the server token that you downloaded from the Apple DEP web portal.
    The details of your virtual MDM server are displayed.
  11. Click Save to save your changes.
The DEP server token is valid for one year. To notify when the token is about to expire, Sophos Mobile Control sends several email reminders to all administrators of the relevant customer, starting 30 days prior to the expiry date.
Important: When you create a new server token on the Apple DEP web portal, you must use the same Apple ID that you used for the creation of the initial token.