- What's new in XenMobile Server 10.8
- Fixed issues
- Known issues
- System requirements and compatibility
- Install and configure
- Certificates and authentication
- User accounts, roles, and enrollment
- ActiveSync Gateway
- Android for Work
- Bulk enrollment of iOS and macOS devices
- Client properties
- Deploy iOS and macOS devices through Apple DEP
- Device enrollment limit
- Enroll devices
- Firebase Cloud Messaging
- Google Play credentials
- Integrate with Apple Education features
- Network Access Control
- Samsung KNOX
- Security actions
- Shared devices
- XenMobile Autodiscovery Service
- Device policies by platform
- AirPlay mirroring device policy
- AirPrint device policy
- Android for Work app restriction policy
- Android for Work permissions
- APN device policy
- App access device policy
- App attributes device policy
- App configuration device policy
- App inventory device policy
- App lock device policy
- App network usage device policy
- Apps notifications device policy
- App restrictions device policy
- App tunneling device policy
- App uninstall device policy
- App uninstall restrictions device policy
- BitLocker device policy
- Browser device policy
- Calendar (CalDav) device policy
- Cellular device policy
- Connection manager device policy
- Connection scheduling device policy
- Contacts (CardDAV) device policy
- Control OS Updates device policy
- Copy Apps to Samsung Container device policy
- Credentials device policy
- Custom XML device policy
- Defender device policy
- Delete files and folders device policy
- Delete registry keys and values device policy
- Device Health Attestation device policy
- Device name device policy
- Education Configuration device policy
- Enterprise Hub device policy
- Exchange device policy
- Files device policy
- FileVault device policy
- Font device policy
- Home screen layout device policy
- Import iOS & macOS Profile device policy
- Kiosk device policy for Samsung SAFE
- Launcher configuration device policy for Android
- LDAP device policy
- Location device policy
- Mail device policy
- Managed domains device policy
- MDM options device policy
- Organization information device policy
- Passcode device policy
- Personal hotspot device policy
- Profile Removal device policy
- Provisioning profile device policy
- Provisioning profile removal device policy
- Proxy device policy
- Registry device policy
- Remote support device policy
- Restrictions device policy
- Roaming device policy
- Samsung MDM license key device policy
- Samsung SAFE firewall device policy
- SCEP device policy
- Siri and dictation policies
- SSO account device policy
- Storage encryption device policy
- Store device policy
- Subscribed calendars device policy
- Terms and conditions device policy
- VPN device policy
- Wallpaper device policy
- Web content filter device policy
- Webclip device policy
- WiFi device policy
- Windows CE certificate device policy
- Windows Information Protection device policy
- XenMobile options device policy
- XenMobile uninstall device policy
- Add apps
- Add media
- Deploy resources
- Automated actions
- Monitor and support
- REST APIs
- XenMobile Mail Manager 10.x
- XenMobile NetScaler Connector
- On-premises XenMobile interaction with Active Directory
- Management Modes
- Device Requirements
- Security and User Experience
- User Communities
- Email Strategy
- XenMobile Integration
- Multi-Site Requirements
- Integrating with NetScaler Gateway and NetScaler
- SSO and Proxy Considerations for MDX Apps
- Reference Architecture for On-Premises Deployments
- Server Properties
- Device and App Policies
- User Enrollment Options
- Tuning XenMobile Operations
- App Provisioning and Deprovisioning
- Dashboard-Based Operations
- Role-Based Access Control and XenMobile Support
- Systems Monitoring
- Disaster Recovery
- Citrix Support Process
- Sending group enrollment invitations in XenMobile
- Configuring an on-premises Device Health Attestation server
- Configuring certificate-based authentication with EWS for Secure Mail push notifications
Deploy iOS and macOS devices through Apple DEP
Apple has device enrollment programs for business and education accounts. For business accounts, you enroll in the Apple Deployment Program to use the Apple Device Enrollment Program (DEP) for device enrollment and management in XenMobile. That program is for iOS and macOS devices. For information about signing up for a business Apple Deployment Program account, see this PDF from Apple.
Be aware that the Apple Deployment Program is available for organizations and not individuals. You must provide a considerable amount of corporate details and information to create an Apple Deployment Program account. Thus, it could take time to request and receive approval for accounts.
For education accounts, you create an Apple School Manager account. Apple School Manager unifies the Device Enrollment Program (DEP) and Volume Purchase Program (VPP). Apple School Manager is a type of Education DEP. To create an Apple School Manager account, go to https://school.apple.com/.
Go to deploy.apple.com to apply for an Apple Deployment Program account. When applying for a DEP account, the best practice is to use an email address for the organization, such as email@example.com.
For education accounts, go to https://school.apple.com/.
After you type your organization information, Apple emails you a temporary password for the new Apple ID.
You then sign in with your Apple ID and complete the security settings for the account.
Configure and enable two-step verification, which is required for use with the DEP Portal. During these steps, after you add a phone number, you receive the 4-digit PIN for the two-step verification.
Log in to the DEP Portal to complete the account configuration using the two-step verification that you set up.
Add your company details and then select from where you purchase devices. For details on purchasing options, see the next section, Order DEP-enabled devices.
Add the Apple Customer Number or the DEP Reseller ID. Then verify your enrollment details and wait for Apple to approve your account.
After you receive your logon credentials from Apple, log in to the Apple DEP Portal.
To connect your account to XenMobile, see “Integrate your Apple DEP account with XenMobile” in Bulk enrollment of iOS and macOS devices.
You can order DEP-enabled devices directly from Apple or DEP-enabled authorized resellers or carriers. To order from Apple, provide your Apple Customer ID in the Apple DEP Portal. Your Customer ID enables Apple to associate your purchased devices with your Apple DEP account.
To order from your reseller or carrier, contact your Apple reseller or carrier to check if they participate in the Apple DEP. Ask for the Apple DEP ID of the reseller when purchasing devices. Apple requires that information when you add your Apple DEP reseller to your Apple DEP account. After you add the Apple DEP ID for the reseller, you receive a DEP customer ID. Provide the DEP customer ID to the reseller, who uses the ID to submit information about your device purchases to Apple. For more information, see this Apple website.
Follow these steps to associate devices with your XenMobile Server by using the DEP Portal to update your Apple DEP account.
Log on to the Apple DEP Portal.
Click Device Enrollment Program and then click Manage Devices. In Choose Devices By, choose the option for which you want to upload and define your Apple DEP-enabled devices: Serial Number, Order Number, or Upload CSV File.
To assign your devices to a XenMobile Server, under Choose Action, choose Assign to Server. Then, in the list, choose the name of your XenMobile Server. Click OK.
Your Apple DEP devices are now associated with the selected XenMobile Server.
XenMobile displays a License Expiration Warning when Apple DEP tokens are nearing expiration or have expired.
When users enroll an Apple DEP-enabled device, their experience is as follows.
Users start their Apple DEP-enabled device.
XenMobile delivers the Apple DEP configuration that you configured in the XenMobile console to the Apple DEP-enabled device.
Users configure the initial settings on their device.
The device automatically starts the XenMobile device enrollment process.
Users continue to configure the other initial settings on their device.
In the home screen, users might be prompted to sign in to iTunes so that they can download Citrix Secure Hub.
This step is optional if XenMobile is configured to deploy the Secure Hub app using the device-based Volume Purchase Program (VPP) app assignment. In this case, you don’t need to create an iTunes account or use an existing account.
Users open Secure Hub and type their credentials. If required by the policy, users might be prompted to create and verify a Citrix PIN.
XenMobile deploys any remaining required apps to the device.