Prerequisite: This procedure assumes that you have already enrolled in the
Apple Device Enrollment Program (DEP) and set up an administrator account for the
Apple DEP web portal.
Tip: If you have already enrolled in the Apple Volume Purchase Program
(VPP), you can use the same Apple ID for DEP.
To use Apple DEP with Sophos Mobile Control, you need to create a virtual MDM server
on the Apple DEP web portal and link it to the Sophos Mobile Control server. This
includes a verification process to establish a secure connection between Sophos
Mobile Control and the Apple DEP web service.
To set up a virtual MDM server for Sophos Mobile Control:
Log in to the Sophos Mobile Control console with an administrator account
for the customer for which you want to manage the DEP devices.
On the menu sidebar, under SETTINGS, click , and then click the Apple DEP tab.
Click Download public key to download the Sophos Mobile
Control public key file for Apple DEP.
The file is saved to your local computer, using the download settings of your
Open the Apple DEP web portal at https://deploy.apple.com
in a new browser window.
You can do this by clicking the Apple DEP web portal
link in Sophos Mobile Control.
Log in to the Apple DEP web portal with your company Apple ID.
On the portal, go to Add MDM Server.
, and then click
Enter a name for MDM server, for example Sophos Mobile
In the next step, upload the public key file that you downloaded from Sophos
In the next step, download the server token.
At this point, you may log out from the Apple DEP web portal.
On the Apple DEP tab of Sophos Mobile Control, click
Upload a file and select the server token that you
downloaded from the Apple DEP web portal.
The details of your virtual MDM server are displayed.
Click Save to save your changes.
The DEP server token is valid for one year. To notify when the token is about to
expire, Sophos Mobile Control sends several email reminders to all administrators of
the relevant customer, starting 30 days prior to the expiry
Important: When you create a new server token on the Apple DEP web portal,
you must use the same Apple ID that you used for the creation of the initial