Sophos Mobile

Configure Apple DEP

Torben Bäcker
Sophos Mobile Team
June 2018
 To configure Apple DEP go to
Setup\System Settings\Apple DEP

2
Click here to download your tenant‘s public key.
This has to be uploaded to the Apple DEP portal
to connect your tenant to your Apple DEP account.
 Click on this link to open the Apple DEP portal.

The public key is downloaded as *.pem.

Log in with your Apple DEP Apple ID.
If your account has been upgraded to Apple Business Manager
you will be forwarded to the new login page.
Log in with your Apple DEP Apple ID.
Read and press Continue
 Apple requires MFA with text messages.
If you have multiple phone numbers choose the right one.
Step is skipped if only one phone number is defined in Apple ID.
Enter the code you got via text message.
Choose if you want to trust this browser.
Click MDM Servers
 Click Add New MDM Server.

You see a list of your configured servers.

Here is just an entry for devices that were imported to Apple DEP manually via the Apple Configurator.
Enter the name of your server and tenant.
Like <server name/tenant name> or
<your Central account name>.
Just make sure you can identify it here
again if you want to assign devices or have
to renew the DEP token.
Click here to allow this MDM Server to
remove devices from the Apple Business
Manager. For example if they are lost,
destroyed or sold.
Click Upload File… and upload the *.pem
file you‘ve downloaded from Sophos
Mobile.
Click Save to create the
MDM Server.
You can now see your Sophos Mobile tenant.

Click Get Token to download

your Apple DEP token.
Token downloaded as *.p7m file.
Now switch back to the Sophos Mobile Admin Console.
Click Upload a file and upload the *.p7m file.
You will see the expiration date and other account details.
Don‘t forget to save your changes.
Now you can add Apple DEP profiles.Apple DEP is successfully configured.
Click Add to create a new Apple DEP profile.
Enter the name and description of the profile.
The
In DEP
this devices
case demo.will be member
of the selected
If selected device group.
this taskbundle will be executed once the
device is enrolled with Sophos Mobile after a device
wipe.

Select enrollment options.

If Assign user to device is checked users
have to enter their SSP credentials
during the first device startup.
Selected pages are skipped
during first device startup.
Support information is shown
during first device startup.
Here you can define to which computers
USB connections are allowed.
That can be all, selected hosts or none.

Click Apply once you are ready.

The profile named demo was created.
Don‘t forget to save your changes.
After saving the profile you can set a default
profile for all newly assigned Apple DEP devices.
 Profile was selected as default profile.
Click Save.

Switch to the Apple DEP portal and assign devices to your Sophos Mobile tenant.
Click Device Assignments to assign
devices to your Sophos Mobile tenant.
You can assign devices via serial number, order number
or upload a CSV file with serial numbers.
 Device serial number entered.

Click Done.
Select Assign to Server.
Choose your Sophos Mobile tenant.
 Device serial number entered.

Device was assigned. Switch back to the Sophos Mobile

Admin Console and go to Devices.

Click Done.
Select Assign to Server.
Choose your Sophos Mobile tenant.
In the Device view click Apple DEP.
Click Synchronize with Apple DEP portal to import the Apple DEP devices immediately.
Sophos Mobile will synchronize the devices regularly with your Apple DEP account.
It can take some minutes to synchronize the devices. Reload the page after a while.
After reloading the page your assigned devices will appear.
The Apple DEP profile demo is already assigned.
You can also assign or unassign profiles by selecting one or more devices
and clicking the Actions button.
Click on a device to see its Apple DEP details.
The device is ready to be enrolled with Sophos Mobile.
Wipe the device and it will get the profile from Apple
and the Profile push date will be set.