Configure device supervision
You can configure Macs that are allowed to supervise your Apple Business Manager iPhones and iPads. These Macs can pair with a device even if you block USB pairing in general.
To configure a Mac for device supervision, upload its supervision identity certificate to the Apple Business Manager profile in Sophos Mobile.
Do as follows:
- On the Mac, create a new organization in Apple Configurator or use an existing organization.
- Open the Keychain Access app.
-
Under My certificates, export the organization’s certificate.
There’s one certificate for each organization you’ve configured in Apple Configurator.
Ensure that you export the certificate in CER format, that is, with a .cer file extension.
-
In your Apple Business Manager profile in Sophos Mobile, go to the USB pairing tab and configure the following settings:
- Clear the Allow USB pairing with all hosts check box.
- Select Upload host certificate to upload the certificate file.
-
Optional: To configure another Mac for device supervision, do one of the following:
- Upload another certificate to the Apple Business Manager profile.
-
Share the organization between the Macs by doing the following:
Export the organization from Apple Configurator on the first Mac and import it on the second Mac.
-
Share the supervision identity between the Macs by doing the following:
On the first Mac, export the supervision identity from Apple Configurator in PKCS #12 format with a .p12 file extension. On the second Mac, use Keychain Access to open the .p12 file.
For details about managing organizations and supervision identities, see Apple Configurator 2 User Guide: Organization preferences in Apple Configurator 2.