Enrolling iPads and iPhones into JAMF’s Casper suite can be done through Apple Configurator 2, text messages, email invitations, Apple’s Device Enrollment Program (DEP), or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper when set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll cover that as well:
Download the Enrollment Profile
To download an enrollment profile from Casper MDM:
Add the Profile To Apple Configurator:
- Log into the web interface of the JSS.
- Click on the link along the top navigation bar for Mobile Devices.
- Click on Enrollment Profiles in the sidebar.
- Click on the plus sign (+).
- Provide a new name for the profile.
- Click on the User and Location Information tab.
- Enter any of the information you wish to have associated with this account when the profile is used to enroll a device into the JSS (not required – use this if you want your devices to have these associated, like if you use Configurator to setup departments and then associate a blueprint to each department and use an enrollment profile per blueprint).
- At the Enrollment Profiles screen, click on Download for the appropriate profile (for most environments there should only be one).
- Click on the Save button.
- Click on the General tab.
- Click on the Download button to download a .mobileconfig file that contains enrollment information.
- Click on the Trust Profile button to download the trust profile (a .mobileconfig with our cer).
- Once the profile is downloaded, it will automatically attempt to enroll the computer you are downloading it from in the Profiles System Preferences pane.
- Click on Cancel.
- Click on your downloads and you have now downloaded the two .mobileconfig files that will enroll devices into Casper. Note that if you have a cert signed by a CA you shouldn’t need the Trust Profile.
To deploy the profile through Apple Configurator:
- Open Apple Configurator 2 on the client computer.
- Click File and then click on New Blueprint.
- Provide a name for your Blueprint.
- Once the new Blueprint is created, click on it.
- Click on Profiles.
- Click Add Profiles…
- Manually add the first profile by browsing to it.
- Drag any other profiles into the list.
- Apply the Blueprint to devices to see if it works.
If you then wish to unenroll, simply remove the profiles by tapping on profiles and then tapping on the Remove button. Per the MDM API, a user can elect to remove their device from management at any point unless the device is supervised (and then it’s harder but still possible to remove the device from management), so expect this will happen occasionally, even if only by accident.