Auto-enroll iOS devices

You can configure iOS devices to auto-enroll with Sophos Mobile during device activation.

To do so, you use Apple Configurator 2 to assign devices to the Sophos Mobile MDM server. When the users switch on their devices for the first time, the iOS setup assistant starts. During setup, the devices are automatically enrolled with Sophos Mobile.

Note For a detailed description of Apple Configurator 2, see the Apple Configurator 2 user guide (external link).

To configure auto-enrollment of iOS devices with Sophos Mobile:

  1. As a one-time step to prepare auto-enrollment, create a device group that will be assigned to devices during auto-enrollment with Sophos Mobile. In the device group properties, select the Enable iOS auto-enrollment option. See Create device group.
  2. Make a note of the URL that is displayed in the Auto-enrollment URL field of the device group.
    You need this URL when you configure devices with Apple Configurator 2.
  3. Connect the iOS device you want to auto-enroll to an USB port of a Mac with Apple Configurator 2 installed.
  4. In Apple Configurator 2, use the Prepare Assistant to set up the device configuration.
  5. Select Manual Enrollment and then enter the auto-enrollment URL of the device group.
  6. Follow the further steps of the Prepare Assistant. You can optionally configure the following aspects of the device activation:
    • Enable device supervision mode.
    • Configure host computers to which the device is allowed to connect with, using USB ports.
    • For supervised devices, generate or choose a "supervision identity".
    • Disable configuration steps of the iOS setup assistant.

After you have completed the configuration, hand over the device to the user. When the user switches on the device for the first time, the iOS setup and the enrollment with Sophos Mobile are performed as configured.

Tip By default, Sophos Mobile manages auto-enrolled devices under a name that is composed from the device ID and the device type. Alternatively, Sophos Mobile can use the name that is configured on the device. See the Synchronize device name option in Configure iOS settings.