How to enroll iOS devices?

Before enrolling an iOS device, please make sure that you have configured the APNs certificate in your server.

There are different methods to enroll an iOS device. These methods of enrollment are subject to various criteria such as the size of the company, number of devices, security preferences, etc. The enterprises can use any of the below enrollment methods based on their requirement:

1. Enrollment without authentication
2. Email/SMS enrollment
3. Self enrollment
4. Apple Configurator enrollment
5. DEP enrollment
6. DEP enrollment using Apple Configurator
7. G Suite Enrollment for iOS.
8. User Enrollment

Enrolling iOS devices without Authentication

Users can enroll their iOS devices without providing any authentication credentials. They can just enroll devices with a single enrollment URL.

Open Safari browser and enter your enrollment URL which will look something like https://<portalname>.hexnodemdm.com/enroll/.

1. This would take you to the enrollment screen. Enable the checkbox to agree with the terms and conditions and click Enroll.
2. Provide the necessary permissions to allow profile download.
3. After the profile gets downloaded, navigate to Settings > General > Profile for devices running iOS versions below 15. For devices running iOS 15+, navigate to Settings > General > VPN & Device Management.
4. Choose Profile Service under the DOWNLOADED PROFILE tab.
5. Click Install to install the configuration profile and certificate.
6. Click Trust to allow remote management.
7. When the profile is installed, click Done.
8. Once the enrollment is complete, the Hexnode app will start installing automatically on devices running iOS versions below 15. A prompt will be shown for devices running iOS 15+ to install the Hexnode MDM app. Click Install.
9. Once the app is installed, allow the MDM to access the location, camera, microphone, and photos and send notifications.
10. After allowing the permissions, click Agree & Continue.

Email or SMS enrollment

Authenticated enrollment can be enabled under Admin > Enrollment on the Hexnode UEM console. Enrollment with authentication delivers an enrollment request via email or SMS to the users which include the enrollment URL, username, password, and a QR code. A typical enrollment request would look something like this:

Once the enrollment credentials are received,

1. Open Safari browser and enter the enrollment URL. It would look something like this: https://<portalname>.hexnodemdm.com/enroll/.
2. This would take you to the enrollment screen. Enable the checkbox to agree with the terms and conditions and click Enroll.
3. Enter the username and one-time password specified in the enrollment request and click Authenticate.
4. Provide the necessary permissions to allow profile download.
5. After the profile gets downloaded, navigate to Settings > General > Profile. for devices running iOS versions below 15. For devices running iOS 15+, navigate to Settings > General > VPN & Device Management.
6. Choose Hexnode MDM under the DOWNLOADED PROFILE tab.
7. Click Install to install the configuration profile and certificate.
8. Click Trust to allow remote management.
9. When the profile is installed, click Done.
10. Once the enrollment is complete, the Hexnode app will start installing automatically on devices running iOS versions below 15. A prompt will be shown for devices running iOS 15+ to install the Hexnode MDM app. Click Install.
11. Once the app is installed, allow the MDM to access the location, camera, microphone, and photos and send notifications.
12. After allowing the permissions, click Agree & Continue.

Self enrollment

Self-enrollment is a type of authenticated enrollment by which users will enroll their devices using their preassigned passwords (for local users) or their directory passwords (for AD, Microsoft Entra ID, Okta, and Google users). Users will not receive any enrollment requests if they have opted for self-enrollment.

1. Access your enrollment URL through the Safari browser. The enrollment URL will look something like https://<portalname>.hexnodemdm.com/enroll/.
2. On the enrollment screen, enable the checkbox to agree with the terms and conditions and click Enroll.
3. Select the domain or authenticate via Microsoft, Google, or Okta.
4. Enter the username and password.
5. Click Authenticate.
6. Provide the necessary permissions to allow profile download.
7. After the profile gets downloaded, navigate to Settings > General > Profile for devices running iOS versions below 15. For devices running iOS 15+, navigate to Settings > General > VPN & Device Management.
8. Choose Profile Service under the DOWNLOADED PROFILE tab.
9. Click Install to install the configuration profile and certificate.
10. Click Trust to allow remote management.
11. When the profile is installed, click Done.
12. Once the enrollment is complete, the Hexnode app will start installing automatically on devices running iOS versions below 15. A prompt will be shown for devices running iOS 15+ to install the Hexnode MDM app. Click Install.
13. Once the app is installed, allow the MDM to access the location, camera, microphone, and photos and send notifications.
14. After allowing the permissions, click Agree & Continue.

MDM enrollment with Apple Configurator

Apple Configurator is an OSX program that allows one to create configuration profiles for Apple devices including iPad, iPhone, Apple TV, and iPod Touch for easily deploying in business or school.

Follow these steps to enroll devices to Hexnode UEM with Apple Configurator:

Assign a user for the enrolled device.

1. From your Hexnode UEM portal, navigate to Enroll > Platform – Specific > iOS > Apple Configurator.
2. Select a user from the list and click on Save.

Once the user is assigned you can open the Apple configurator on your Mac and follow the below steps.

Create a Wi-Fi profile

To create a Wi-Fi profile,

1. Open Apple Configurator.
2. Go to File > New Profile > Wi-Fi > Configure.
3. Configure the Wi-Fi profile and save.

Create a Blueprint

1. Go to Blueprint > Edit Blueprints.
2. Create a new blueprint and name it.
3. Name the new blueprint.
4. Select the blueprint and click on the Add button on the top of Configurator 2 (or right-click on the blueprint > Add and select Profiles)
5. Select the Wi-Fi profile created previously.
6. Select the blueprint and click on the Prepare button on the top of Configurator 2 (or right-click on the blueprint > Prepare).
7. Select Manual configuration and click Next.
8. Select New Server and click Next.
9. Provide any name and the enrollment URL available at Admin > Configurator Enrollment in Hexnode UEM.
10. When the Configurator finishes fetching the certificates, click Next.
11. To assign the blueprint to an organization, click New Organization and click Next.
12. You can choose to sign in to Device Enrollment Program or click Skip.
13. Provide organization details and click Next.
14. Select Generate a new Supervision identity and click Next.
15. In Setup Assistant, select the steps that you want to show while starting up the iOS device. You can also skip all the steps by selecting the option ‘Don’t show any of these steps’.
16. Click Prepare.
17. Enter the device password to apply the settings. The blueprint will be prepared now.

Apply Blueprint

1. Connect iOS devices to the computer.
2. Click on Blueprints on the top of Configurator and select the blueprint’s name and click Apply.
3. When the blueprint is applied, a prompt appears giving a warning message that the device could erase, modify, remove or update. Click on Apply to apply the blueprint to the device and the device resets.
4. If the device is already prepared, a prompt may appear saying that Apple Configurator could not perform the action. Click Erase.
5. After applying the blueprint, a prompt appears on devices running iOS versions below 15, asking whether to apply/skip remote management configuration. Choose Apply Configuration and click Next.

Troubleshooting Tips

• • Common errors while enrolling iOS devices in Hexnode MDM.
  • Common errors while enrolling iOS devices using Apple Configurator.