Enroll devices with Apple User Enrollment
Users can enroll their personal iPhones and iPads in Sophos Central Self Service Portal. As an administrator, you can also enroll the devices in Sophos Mobile Admin.
Restrictions
- Profile-based Apple User Enrollment is available for iOS and iPadOS 17 and earlier.
- You can’t enroll supervised devices in Apple User Enrollment management mode.
Requirements
Before you can enroll a device with Apple User Enrollment, complete the following:
- Set up Apple User Enrollment.
- Add the user to Sophos Central.
-
Add the user to Apple Business Manager and create a Managed Apple ID.
See Apple Business Manager User Guide: Use Managed Apple IDs in Apple Business Manager.
Account-driven Apple User Enrollment
With account-driven Apple User Enrollment, a user enrolls their device as follows:
- Give the Managed Apple ID and password to the user.
- On the device they want to enroll, the user must open the Settings app, go to General > VPN & Device Management, and tap Sign in to Work or School Account.
- The user enters their Managed Apple ID.
- The device redirects the user to a Sophos Mobile page where they must sign in with their Sophos Central Self Service Portal credentials.
- The user selects an enrollment configuration from the list of configurations you added for account-driven Apple User Enrollment.
- If you’ve configured Terms of Use and a post-enrollment text, the user must acknowledge these.
- When the user taps Download profile, the Sophos Central Self Service Portal redirects the user back to their Settings app.
- The user must enter their Managed Apple ID password.
- When the user taps Allow Remote Management and enters their device password, the Settings app downloads and installs the Sophos Mobile enrollment profile.
When the enrollment was successful, a Sophos Mobile entry shows on the device in Settings > General > Device Management.
Profile-based Apple User Enrollment
With profile-based Apple User Enrollment, a user enrolls their device as follows:
- Give the Managed Apple ID and password to the user.
-
The user must sign in to Sophos Central Self Service Portal, go to Mobile, and select Enroll Device.
They can sign in using the device they want to enroll or use another device to sign in.
-
Sophos Central Self Service Portal directs the user to a Sophos Mobile enrollment web form. When the user confirms the web form, the device downloads a configuration profile from Sophos Mobile.
-
The user must open the Settings app and tap Enrol in.
-
On the next page, the user can read information about User Enrollment. To enroll, the user must tap Enrol My iPhone or Enrol My iPad. The enrollment process then starts.
When the enrollment was successful, a Sophos Mobile entry shows on the device in Settings > General > Device Management.
Profile-based Apple User Enrollment for administrators
Typically, users perform Apple User Enrollment by themselves. As an administrator, you can also perform profile-based Apple User Enrollment from Sophos Mobile, but you can’t perform account-driven Apple User Enrollment from Sophos Mobile.
To perform profile-based Apple User Enrollment as an administrator, do as follows:
- In Sophos Mobile, go to Devices and click Add > Add device wizard.
- Select Search for user and search for the user that you want to assign to the device.
- Select the user.
-
On the Device details page, select the iOS & iPadOS platform. Enter other details as required.
-
On the Enrollment type page, do one of the following:
- To enroll the device: Select Apple User Enrollment and enter the Managed Apple ID.
- To enroll the device and perform additional tasks: Select Apple User Enrollment with task bundle, select the task bundle, and enter the Managed Apple ID.
-
On the Enrollment page, scan the QR code with the Camera app of the device you want to enroll. The device opens a Sophos Mobile enrollment web form.
- Confirm the web form.
- Complete the enrollment process on the device, as described in Profile-based Apple User Enrollment from step 4 onwards.