Configure service discovery
You must configure service discovery before you can use account-driven Apple User Enrollment.
For iPhones and iPads owned by the user, service discovery is an enrollment step where the device identifies itself to Sophos Mobile.
Users must enter their Managed Apple ID when enrolling their device with Sophos Mobile. The device uses the domain part of the ID to connect to a service discovery resource on your web server, which contains information the device needs to enroll with Sophos Mobile.
To configure service discovery, do as follows:
- In Sophos Mobile, go to Setup > Apple setup > Apple User Enrollment.
-
Click Set up account-driven Apple User Enrollment.
-
Click Copy to clipboard to copy the JSON code shown on the page.
-
Paste the JSON code into a new text file.
-
Publish the file on your web server at the following URL:
https://your-domain.com/.well-known/com.apple.remotemanagement
Replace
your-domain.com
with the domain you registered in Apple Business Manager for your Managed Apple IDs. -
In your web server configuration, set the file’s
content-type
header toapplication/json
. - Configure your web server to allow
HTTP GET
requests to the URL.