iOS

iOS devices can be set up as a DEP Device or a BYOD device. The following sections provide detailed steps.

 

DEP Device

DEP devices are registered in the Apple’s Device Enrollment Program (DEP). The advantage of a DEP device is the Deep Freeze MDM settings can be directly pushed to the device during initial device setup. Even when the mobile device is reset, the settings are pushed to the device again during setup.

Configuring a DEP device has two stages:

•	Creating an Apple Push Certificate - to connect Deep Freeze MDM with Apple Enterprise Mobile Management.

•	Configuring a DEP MDM Server - to connect Deep Freeze MDM to Apple Enterprise Mobile Management for DEP devices.

•	On Device Setup - to connect the device to Deep Freeze MDM and receive notifications and provide the ability to track the device.

 

Creating an Apple Push Certificate

The first step to connect the Deep Freeze MDM with Apple Enterprise Mobile Management by creating an Apple Push Certificate and uploading to Deep Freeze MDM.

Complete the following steps:

1.	Go to MDM > Settings > Push Certificate.

2.	Click Certificate Request to download the Certificate Request. Save it on your computer.

3.	Go to Apple Push Certificate Portal (https://identity.apple.com/pushcert/) and sign-in with your Apple ID and password.

4.	Click Create a Certificate. Select I have read and agree to these terms and conditions and click Accept.

5.	Click Choose File. Browse to select the Certificate Request file (.csr) from Deep Freeze MDM and click Open.

6.	Click Upload. The message You have successfully created a new push certificate with the following information: is shown.

7.	Click Download to download the Apple Push Certificate (.pem) and save it on your computer.

8.	Go to Deep Freeze Cloud > MDM > Settings > Push Certificate.

9.	Click Choose File. Browse to select the Apple Push Certificate file and click Open.

10.	Specify the Apple ID.

11.	Click Upload.

Deep Freeze MDM is now connected to Apple Enterprise Mobile Management.

 

Configuring a DEP MDM Server

Device Enrollment Program (DEP) is for devices purchased directly from Apple and owned by your organization.

Complete the following steps to configure a DEP Server:

1.	Go to Deep Freeze Cloud > MDM > Settings > DEP.

2.	Click DEP Public Key to download the public key.

3.	Go to http://deploy.apple.com/ and sign-in to your account.

4.	Click Get Started.

5.	Click Add MDM Server.

6.	Enter a name for your MDM server (for example Deep Freeze MDM - your company name).

7.	Click Choose File. Browse to select the DEP Public Key downloaded in step 2. Click Next.

8.	Download the DEP Server Token.

9.	Go to Deep Freeze Cloud > MDM > Settings > DEP.

10.	Click Choose File. Browse to select the DEP Server Token.

11.	Click Upload.

12.	Go to http://deploy.apple.com/.

13.	Click Manage Devices.

14.	Click Choose by Serial Number. Specify the serial number of your device.

15.	Select Assign to Server and select the MDM Server.

16.

Click OK.

17.	Go to Deep Freeze Cloud > MDM > Settings > DEP.

18.	Click Sync with Apple to refresh

19.	Configure the following settings:

•	General Configuration

—	Initial device group: select the group that the device will belong to. If no group is selected the device will be part of the Default iOS group.

—

Force Deep Freeze MDM enrollment - select this option if this device will be automatically enrolled in Deep Freeze MDM profile and the Deep Freeze MDM app will be automatically downloaded. Clearing this check box gives you an option to either Apply configuration or Skip configuration during initial setup.

—

Place device in Supervised mode - select this option to place this device in Supervised mode. Supervised mode gives more control to the administrator over the device and additional restrictions can be set (for more information see..). Optionally, select Allow Deep Freeze MDM removal by user if you want to give the permission to the user to remove the MDM user profile from Settings > Device Management > Deep Freeze MDM.

—	Allow pairing with OS X computers - select this option to make the mobile device visible in OS X computers and pair with them. If this option is not selected, the mobile device will not be visible in the Bluetooth settings on your OS X computers.

•	Organization Details - This information is presented to the user of the device during the setup process:

—	Support phone number - specify the phone number of the support team.

—	Support email address - specify the email address for your support team.

—	Department name - specify the name of the department to which the mobile device user belongs.

•	Optional Setup Panes - You can choose to skip any of the setup steps below during initial configuration of the mobile device:

—	Skip passcode setup

—	Skip location service

—	Skip restoring from backup

—	Remove "Move from Android" from restore options

—	Skip signing in to Apple ID and iCloud

—	Skip Terms and Conditions

—	Skip Touch ID setup

—	Skip Apple Play setup

—	Skip zoom setup

—	Disable Siri

—	Disable sending diagnostics info

20.	Click Save.

21.	Setup the mobile device (for a new device) or reset the device.

 

Once the device setup is completed, go to Deep Freeze Cloud > MDM > Devices to view the device.

 

An Apple device can only be assigned to one Apple MDM Server. The Apple device must be assigned to the Apple MDM Server that is connected to Deep Freeze MDM. If the Apple device is assigned to another Apple MDM Server, you must unassign the iOS device and re-assign to the Apple MDM Server that is connected to Deep Freeze MDM.

BYOD Device

A BYOD device allows the user complete control on their mobile device. A user can install or uninstall apps or remove the Deep Freeze MDM profile from the settings.

Configuring a mobile device as a BYOD device has two stages:

•	Creating an Apple Push Certificate - to connect Deep Freeze MDM to Apple Enterprise Mobile Management.

•	On Device Setup - to connect the device to Deep Freeze MDM.

 

Creating an Apple Push Certificate

The first step to connect the Deep Freeze MDM with Apple Enterprise Mobile Management by creating an Apple Push Certificate and uploading to Deep Freeze MDM.

Complete the following steps:

1.	Go to MDM > Settings > Push Certificate.

2.	Click Certificate Request to download the Certificate Request. Save it on your computer.

3.	Go to Apple Push Certificate Portal (https://identity.apple.com/pushcert/) and sign-in with your Apple ID and password.

4.	Click Create a Certificate. Select I have read and agree to these terms and conditions and click Accept.

5.	Click Choose File. Browse to select the Certificate Request file (.csr) from Deep Freeze MDM and click Open.

6.	Click Upload. The message You have successfully created a new push certificate with the following information: is shown.

7.	Click Download to download the Apple Push Certificate (.pem) and save it on your computer.

8.	Go to Deep Freeze Cloud > MDM > Settings > Push Certificate.

9.	Click Choose File. Browse to select the Apple Push Certificate file and click Open.

10.	Specify the Apple ID.

11.	Click Upload.

Deep Freeze MDM is now connected to Apple Enterprise Mobile Management.

 

On Device Setup

Complete the following steps to enroll an iOS device:

1.	Go to www.deepfreeze.com/Enroll on the mobile device.

2.	Enter the Network ID (XXX-XXX-XXXX).

3.	Press Register.

4.	In the profile that appears, press Install.

5.	Press Install again to confirm.

6.	A message Do you trust this profile’s source to enroll your iPhone into remote management? appears. Press Trust.

 

Go to Deep Freeze Cloud > MDM > Devices to view the device.