To manage iOS devices in Endpoint Management, you set up an Apple Push Notification service (APNs) certificate from Apple. For information, see APNs certificates.
Endpoint Management enrolls iOS devices into MDM+MAM mode, with the option for users to register in MAM-only mode. Endpoint Management supports the following authentication types for iOS devices in MDM+MAM mode. For information, see the articles under Certificates and authentication.
- Domain plus security token
- Client certificate
- Client certificate plus domain
- Derived credentials
A general workflow for starting iOS device management is as follows:
Choose and configure an enrollment method. See Supported enrollment methods.
Set up device and app security actions. See Security actions.
For supported iOS devices, see Supported device operating systems.
Supported enrollment methods
The following table lists the enrollment methods that Endpoint Management supports for iOS devices:
|Apple Device Enrollment Program (DEP)||Yes|
|Apple School Manager DEP||Yes|
Apple has device enrollment programs for business and education accounts. For business accounts, you enroll in the Apple Deployment Program to use the Apple Device Enrollment Program (DEP) for device enrollment and management in Endpoint Management. That program is for iOS, macOS, and Apple TV devices. See Deploy devices through Apple DEP.
For education accounts, you create an Apple School Manager account. Apple School Manager unifies the Device Enrollment Program (DEP) and Volume Purchase Program (VPP). Apple School Manager is a type of Education DEP. See Integrate with Apple Education features.
You can use the Apple Device Enrollment Program (DEP) to bulk enroll iOS, macOS, and Apple TV devices. You can purchase those devices directly from Apple, a participating Apple Authorized Reseller, or a carrier. Whether you purchase iOS devices directly from Apple, you can use the Apple Configurator to enroll those devices. See Bulk enrollment of Apple devices.
Configure iOS device policies
Use these policies to configure how Endpoint Management interacts with devices running iOS. This table lists all device policies available for iOS devices.
Enroll iOS devices that use user-provided credentials
For more information, see Enroll iOS devices that use derived credentials.
Download the Secure Hub app from the Apple iTunes App Store on the device and then install the app on the device.
On the iOS device Home screen, tap the Secure Hub app.
When the Secure Hub app opens, enter the server address that your help desk provided.
The screens presented might differ from these examples, depending on how Endpoint Management is configured.
When prompted, enter your user name and password or PIN. Click Next.
When prompted to enroll, click Yes, Enroll and then enter your credentials when prompted.
Tap Install to install the Citrix Profile Services.
Tap Open and then enter your credentials.
iOS supports the following security actions. For a description of each security action, see Security actions.
|Activation Lock Bypass||App Lock||App Wipe|
|ASM DEP Activation Lock||Clear Restrictions||Enable/Disable Lost Mode|
|Enable/Disable Tracking||Full Wipe||Locate|
|Lock||Ring||Request/Stop AirPlay Mirroring|
|Restart/Shut Down||Revoke/Authorize||Selective Wipe|