You can configure iOS devices to auto-enroll with Sophos Mobile during device
activation.
To do so, you use Apple Configurator 2 to assign devices to the Sophos Mobile MDM server. When
the users switch on their devices for the first time, the iOS setup assistant starts. During setup, the devices
are automatically enrolled with Sophos Mobile.
To configure auto-enrollment of iOS devices with Sophos Mobile:
-
As a one-time step to prepare auto-enrollment, create a device group that will be assigned to devices
during auto-enrollment with Sophos Mobile. In the device group properties, select the
Enable iOS auto-enrollment option. See Create device group.
-
Make a note of the URL that is displayed in the Auto-enrollment URL field of the
device group.
You need this URL when you configure devices with Apple Configurator 2.
-
Connect the iOS device you want to auto-enroll to an USB port of a Mac with Apple Configurator 2
installed.
-
In Apple Configurator 2, use the Prepare Assistant to set up the device configuration.
-
Select Manual Enrollment and then enter the auto-enrollment URL of the device
group.
-
Follow the further steps of the Prepare Assistant. You can optionally configure the following aspects of
the device activation:
- Enable device supervision mode.
- Configure host computers to which the device is allowed to connect with, using USB ports.
- For supervised devices, generate or choose a "supervision identity".
- Disable configuration steps of the iOS setup assistant.
After you have completed the configuration, hand over the device to the user. When the user switches on the
device for the first time, the iOS setup and the enrollment with Sophos Mobile are performed as
configured.
Tip By default,
Sophos Mobile manages auto-enrolled devices under a name that is composed
from the device ID and the device type. Alternatively,
Sophos Mobile can use the name that is
configured on the device. See the
Synchronize device name option in
Configure iOS settings.