Configure device supervision

You can configure Macs that are allowed to supervise your iOS DEP devices. These Macs can pair with an iOS DEP device even if you block USB pairing in general.

To configure a Mac for device supervision, upload its supervision identity certificate to the iOS DEP profile in Sophos Mobile.

  1. On the Mac, create a new organization in Apple Configurator or use an existing organization.
  2. Open the Keychain Access app.
  3. Under My certificates, export the organization’s certificate.

    There’s one certificate for each organization you’ve configured in Apple Configurator.

    In the export dialog, make sure the certificate is exported in CER format (.cer file name extension).

  4. In your iOS DEP profile in Sophos Mobile, go to the USB pairing tab and configure the following settings:
    1. Clear the Allow USB pairing with all hosts check box.
    2. Select Upload host certificate to upload the certificate file.
  5. Optional To configure another Mac for device supervision, do one of the following:
    • Upload another certificate to the iOS DEP profile.

    • Share the organization between the Macs by doing the following:

      Export the organization from Apple Configurator on the first Mac and import it on the second Mac.

    • Share the supervision identity between the Macs by doing the following:

      On the first Mac, export the supervision identity from Apple Configurator in PKCS #12 format (.p12 file name extension). On the second Mac, open the .p12 file with the Keychain Access app.