Enrolling iOS Devices
iOS devices can be enrolled as a DEP device or a BYOD device. The following sections provide detailed steps.
Enrolling iOS DEP Devices
DEP devices are registered in the Apple’s Device Enrollment Program (DEP). The advantage of a DEP device is the Deep Freeze MDM settings can be directly pushed to the device during initial device setup. Even when the mobile device is reset, the settings are pushed to the device again during setup.
Configuring a DEP device has three stages:
• Creating an Apple Push Certificate – to connect Deep Freeze MDM with Apple Enterprise Mobile Management.
• Configuring a DEP MDM Server – to connect Deep Freeze MDM to Apple Enterprise Mobile Management for DEP devices.
• On Device Setup – to connect the device to Deep Freeze MDM and receive notifications and provide the ability to track the device.
Creating an Apple Push Certificate
The first step to connect the Deep Freeze MDM with Apple Enterprise Mobile Management by creating an Apple Push Certificate and uploading to Deep Freeze MDM.
Complete the following steps:
1. Go to MDM > Settings > Push Certificate.
2. Click Certificate Request to download the Certificate Request. Save it on your computer.
3. Go to Apple Push Certificate Portal (https://identity.apple.com/pushcert/) and sign in with your Apple ID and password.
4. Click Create a Certificate. Select I have read and agree to these terms and conditions and click Accept.
5. Click Choose File. Browse to select the Certificate Request file (.csr) from Deep Freeze MDM and click Open.
6. Click Upload. The message You have successfully created a new push certificate with the following information: is shown.
7. Click Download to download the Apple Push Certificate (.pem) and save it on your computer.
8. Go to Deep Freeze Cloud > MDM > Settings > Push Certificate.
9. Click Choose File. Browse to select the Apple Push Certificate file and click Open.
10. Specify the Apple ID.
11. Click Upload.
Deep Freeze MDM is now connected to Apple Enterprise Mobile Management.
Configuring a DEP MDM Server
Device Enrollment Program (DEP) is for devices purchased directly from Apple and owned by your organization.
Complete the following steps to configure a DEP Server:
1. Go to Deep Freeze Cloud > MDM > Settings > DEP.
2. Click DEP Public Key to download the public key.
3. Go to http://deploy.apple.com/ and sign in to your account.
4. Click Get Started.
5. Click Add MDM Server.
6. Enter a name for your MDM server (for example Deep Freeze MDM – your company name).
7. Click Choose File. Browse to select the DEP Public Key downloaded in step 2. Click Next.
8. Download the DEP Server Token.
9. Go to Deep Freeze Cloud > MDM > Settings > DEP.
10. Click Choose File. Browse to select the DEP Server Token.
11. Click Upload.
12. Go to http://deploy.apple.com/.
13. Click Manage Devices.
14. Click Choose by Serial Number. Specify the serial number of your device.
15. Select Assign to Server and select the MDM Server.
16. Click OK.
17. Go to Deep Freeze Cloud > MDM > Settings > DEP.
18. Click Sync with Apple to refresh
19. Configure the following settings:
> General Configuration
~ Initial device group: select the group that the device will belong to. If no group is selected the device will be part of the Default iOS group.
~ Force Deep Freeze MDM enrollment – select this option if this device will be automatically enrolled in Deep Freeze MDM profile and the Deep Freeze MDM app will be automatically downloaded. Clearing this checkbox gives you an option to either Apply configuration or Skip configuration during initial setup.
~ Place device in Supervised mode – select this option to place this device in Supervised mode. Supervised mode gives more control to the administrator over the device and additional restrictions can be set. Optionally, select Allow Deep Freeze MDM removal by user if you want to give the permission to the user to remove the MDM user profile from Settings > Device Management > Deep Freeze MDM.
~ Allow pairing with macOS computers – select this option to make the mobile device visible in macOS computers and pair with them. If this option is not selected, the mobile device will not be visible in the Bluetooth settings in your macOS computers.
> Organization Details – This information is presented to the user of the device during the setup process:
~ Support phone number – specify the phone number of the support team.
~ Support email address – specify the email address for your support team.
~ Department name – specify the name of the department to which the mobile device user belongs.
> Device Naming Scheme – This option controls how supervised devices are renamed. Select one of the following:
~ Default Name – keep devices’ default names when they enroll.
~ Add prefix to name – rename each device when it enrolls by adding a prefix to its default name. Define the prefix in the Prefix field that appears when this option is selected.
~ Name devices based on serial numbers – select this option to define custom names for specific serial numbers. Existing and newly enrolled devices are then assigned the name associated with their serial number. Devices with serial numbers that do not have defined names are not affected (they keep their default/existing name).
To use this option, you must create and upload a table that associates names to serial numbers:
a. Select the Name devices based on serial numbers option.
b. Click Download CSV Template.
c. Edit the downloaded template by defining a name for each serial number you add to the table. Remember that you can enter serial numbers for devices that already enrolled as well as those that will enroll in the future.
d. Save and close the .csv file.
e. Click Choose File and use the file browser to select the .csv file.
• Optional Setup Panes – You can choose to skip any of the setup steps below during initial configuration of the mobile device:
> Skip passcode setup
> Skip location service
> Skip restoring from backup
> Remove "Move from Android" from restore options
> Skip signing in to Apple ID and iCloud
> Skip Terms and Conditions
> Skip Touch ID setup
> Skip Apple Play setup
> Skip zoom setup
> Skip Privacy pane (iOS 12+)
> Skip iMessage and Face Time (iOS 12+)
> Skip ScreenTime (iOS 12+)
> Skip Software Update (iOS 12+)
> Disable Siri
> Disable sending diagnostics info
20. Click Save.
21. Set up the mobile device (for a new device) or reset the device.
Once the device setup is completed, go to Deep Freeze Cloud > MDM > Devices to view the device.
 | An Apple device can only be assigned to one Apple MDM Server. The Apple device must be assigned to the Apple MDM Server that is connected to Deep Freeze MDM. If the Apple device is assigned to another Apple MDM Server, you must unassign the iOS device and re-assign to the Apple MDM Server that is connected to Deep Freeze MDM. |
Enrolling iOS "BYOD" Devices
A BYOD device allows the user complete control on their mobile device. A user can install or uninstall apps or remove the Deep Freeze MDM profile from the settings.
Configuring a mobile device as a BYOD device has two stages:
• Creating an Apple Push Certificate – to connect Deep Freeze MDM to Apple Enterprise Mobile Management.
• On Device Setup – to connect the device to Deep Freeze MDM.
Creating an Apple Push Certificate
The first step to connect the Deep Freeze MDM with Apple Enterprise Mobile Management by creating an Apple Push Certificate and uploading to Deep Freeze MDM.
Complete the following steps:
1. Go to MDM > Settings > Push Certificate.
2. Click Certificate Request to download the Certificate Request. Save it on your computer.
3. Go to Apple Push Certificate Portal (https://identity.apple.com/pushcert/) and sign in with your Apple ID and password.
4. Click Create a Certificate. Select I have read and agree to these terms and conditions and click Accept.
5. Click Choose File. Browse to select the Certificate Request file (.csr) from Deep Freeze MDM and click Open.
6. Click Upload. The message You have successfully created a new push certificate with the following information: is shown.
7. Click Download to download the Apple Push Certificate (.pem) and save it on your computer.
8. Go to Deep Freeze Cloud > MDM > Settings > Push Certificate.
9. Click Choose File. Browse to select the Apple Push Certificate file and click Open.
10. Specify the Apple ID.
11. Click Upload.
Deep Freeze MDM is now connected to Apple Enterprise Mobile Management.
On Device Setup
Complete the following steps to enroll an iOS device:
1. Go to www.deepfreeze.com/Enroll on the mobile device.
2. Enter the Network ID (XXX-XXX-XXXX).
3. Press Register.
4. In the profile that appears, press Install.
5. Press Install again to confirm.
6. A message Do you trust this profile’s source to enroll your iPhone into remote management? appears. Press Trust.
Go to Deep Freeze Cloud > MDM > Devices to view the device.