Skip to content

Auto-enroll iPhones and iPads

You can configure iPhones and iPads to auto-enroll with Sophos Mobile during device activation.

To do so, you use Apple Configurator 2 to assign devices to the Sophos Mobile MDM server. When the users switch on their devices for the first time, the setup assistant starts. During setup, the devices are automatically enrolled with Sophos Mobile.


For auto-enrollment, it is required that the user that activates the device is registered for Sophos Central Self Service Portal.

For details on Apple Configurator 2, see the Apple Configurator 2 user guide.

To configure auto-enrollment of iPhones and iPads with Sophos Mobile:

  1. As a one-time step to prepare auto-enrollment, create a device group that will be assigned to devices during auto-enrollment with Sophos Mobile. In the device group properties, select the Enable iOS auto-enrollment option.

    See Create device group.

  2. Make a note of the URL that is displayed in the Auto-enrollment URL field of the device group.

    You need this URL when you configure devices with Apple Configurator 2.

  3. Connect the device you want to auto-enroll to an USB port of a Mac with Apple Configurator 2 installed.

  4. In Apple Configurator 2, use the Prepare Assistant to set up the device configuration.
  5. Select Manual Enrollment and then enter the auto-enrollment URL of the device group.
  6. Follow the further steps of the Prepare Assistant. You can optionally configure the following aspects of the device activation:

    • Enable device supervision mode.
    • Configure host computers to which the device is allowed to connect with, using USB ports.
    • For supervised devices, generate or choose a "supervision identity".
    • Disable configuration steps of the setup assistant.

After you have completed the configuration, hand over the device to the user. When the user switches on the device for the first time, the setup and the enrollment with Sophos Mobile are performed as configured.

Device name

By default, Sophos Mobile manages auto-enrolled devices under a name that is composed from the device ID and the device type. Alternatively, Sophos Mobile can use the name that is configured on the device. See the Synchronize device name option in iPhone and iPad settings.