To manage a device from Bushel
, it must first be added to your Bushel. The technical whiz-bang name for that process is Enrollment. We currently provide 3 ways to enroll devices into your Bushel. All three are available on the Enrollment page when you’re logged into Bushel.
The first and best way to enroll devices into your Bushel is an Apple program called the Device Enrollment Program, or DEP for short. DEP is a way of tying devices to your Bushel so that they cannot be removed from the device, even if the device is wiped. Other than through DEP, all enrollment into your Bushel is optional on the devices and so devices can be unenrolled at will. DEP requires an actual DEP account with Apple, which you can sign up for at https://deploy.apple.com/qforms/open/register/index/avs
The second way to enroll devices into your Bushel is via Open Enrollment. When you Configure Open Enrollment you create a link that allows your users to enroll without logging into the portal. Simply open Open Enrollment from the Enrollment page and click Enable. Once enabled, you’ll see the URL to enroll devices.
The third way to enroll devices is manually. Simply log into your Bushel, click on Enrollment and then click on the Enroll button for Enroll This Device. When prompted for “Who will this device belong to?” enter the username (e.g. the user’s name in front of their email address most likely or the username for your email system if it’s something different than that). Also provide the email address itself in the Email Address field and then click Enroll This Device. Now, if you want to enroll the device you’re using, simply complete the screen prompts for the profile installation and you’ll be good to go. Or, you can save the mobileconfig file that’s downloaded and send it to others in order to allow them to install it as well. Simply cancel the installation process (most easily done from a Mac) and distribute the Enroll.mobileconfig file as needed. You can also put a user’s name in front of the file name, so you know which will enroll each user. If you need to enroll 3 or 4 people in other countries or cities, this might be the best option!
OK, so we basically gave 4 ways to enroll. But that’s because we’re trying to make it as easy as possible to enroll devices into your Bushel.
krypted January 7th, 2015
Posted In: Bushel, iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment
Apple, bushel, enroll, ios, mdm, open enrollment
Enrolling iPads into the JAMF Casper MDM solution is done through Apple Configurator, messages or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper MDM when they are set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll start there:
Obtain the Certificate for the JSS Server
To obtain the trust certificate from the JSS Server:
Download the Enrollment Profile
- Open the web interface for the JSS.
- When prompted to trust the certificate, click on the disclosure triangle and then the checkbox to trust the cert, providing the administrative credentials when prompted.
- Open Keychain Utility.
- Click in the search field.
- Search for JSS.
- Control-click on the name of your server’s “Built-in Certificate Authority” entry.
- Choose the option to Export.
- When prompted, provide a name for the certificate in the Save As fiel.
- Choose a location to save the certificate to using the Where field.
- The .cer format is sufficient for our purposes.
- Click Save.
To download an enrollment profile from Casper MDM:
- Log into the web interface of the JSS.
- Click on the link for Mobile Device Enrollment
- At the Mobile Device Enrollment Invitations screen, click on the Enrollment Profiles tab.
- At the Enrollment Profiles screen, click on Download for the appropriate profile (for most environments there should only be one)
- Once the profile is downloaded, it will automatically attempt to enroll the computer you are downloading it from in the Profiles System Preferences pane.
- Click on Cancel.
- Click on the downloads link in Safari.
- Click on the magnifying glass icon to see the .mobileconfig file.
You have now downloaded the .mobileconfig file that will enroll devices into Casper MDM.
Add the Profile To Apple Configurator:
To deploy the profile through Apple Configurator:
Deploy The Casper MDM Enrollment Profile Through Apple Configurator
- Open Apple Configurator on the client computer.
- Click on Prepare in the row of icons along the top of the screen.
- Drag the profile (by default currently called MDM-iOS5.mobileconfig) from the Finder into the list of Profiles.
- The profile then appears in Apple Configurator (in this example, called MDM-iOS5).
Once the profile is installed in Apple Configurator, let’s deploy it. In this example, don’t configure any other options. To deploy:
- Set the name to be blank, numbering should be disabled, Supervision should be off, iOS should be set to No Change, “Erase before installing” should be unchecked, Don’t Restore Backup should be set in the Restore field.
- Check the box for the newly added profile (MDM-iOS5 in this example).
- Click on the Prepare button.
- At the “Are you sure you want to apply these settings to all USB-connected devices?” screen, click on the Apply button.
- The subsequent screen shows when devices are being configured. Here, dock the device to receive the profile (note, all docked iOS devices are going to be configured with this profile).
- Once the device is connected, the profile will begin to install. You are then prompted to “Tap device to install profile”.
- On the device, tap on the Install button.
- At the Warning screen, tap Install.
- Once the Profile is installed, tap Done.
- You have now been enrolled.
If you then wish to unenroll, simply remove the profiles by tapping on profiles and then tapping on the Remove button. Per the MDM API, a user can elect to remove their device from management at any point, so expect this will happen occasionally, even if only by accident.
krypted August 8th, 2012
Posted In: iPhone, Mass Deployment
Apple Configurator, automate enrollment, CA, Casper, casper suite, enroll, export certificate, iPad, iPhone, ipod touch, JAMF, JSS, keychain utility, mass enrollment, mdm, mobile device management, trust