Getting started with Modern Device Management

Endpoint Manager MDM gives you access to device, application, and security management options for your mobile devices. Some MDM enrolled devices can also be managed using the Ivanti Agent, enabling hybrid management that combines the capabilities of MDM and traditional agent-based management.

For OS specific getting started guides, see the following sections:

Getting started with Android device management

Getting started with Apple device management

Getting started with Windows device management

Configuring Endpoint Manager for mobile device management

1.Configure your CSA in the console. The Ivanti Cloud Services Appliance (CSA) provides secure communication and functionality over the internet. The CSA acts as a meeting place where devices, MDM or agent-managed, can communicate with the Endpoint Manager core server—even if they are behind firewalls or use a proxy to access the internet. The CSA requires a third-party certificate for mobile device management. To configure your CSA, see Configuring the Ivanti Cloud Services Appliance (Management Gateway).

2.Set up credentials for using notification services. Endpoint Manager uses notification services to communicate with mobile devices. The notification service used depends on the OS of the devices being managed. For information about enabling notification services, see Setting up notification services.

3.Connect your core to your LDAP server. In addition to querying the core database, Endpoint Manager also provides the directory tool that lets you locate, access, and manage devices in other directories via LDAP. In most deployments, the LDAP configuration points to an Active Directory server. For information about configuring the connection to your LDAP server, see LDAP queries.

4.(Android) Create an Android Enterprise account. An enterprise account connects Endpoint Manager and Google, enabling Android Enterprise device management and giving you access to an enterprise managed Play Store. For information about creating an enterprise account, see Android Enterprise accounts.

5.(Recommended for iOS) Get a certificate from a certificate authority for signing iOS profiles. If you don't sign the profiles with a certificate from a certificate authority, the user is warned that the profile is not trusted when he attempts to enroll his device. For information on setting up a certificate to sign iOS profiles, see Apple profile signing certificates.

6.(Recommended for iOS) Add DNS TXT records to allow iOS devices to resolve the address of the CSA. We recommend that you add DNS TXT records to allow iOS devices to resolve the address of the CSA. This makes the enrollment process much easier for users and removes the possibility for errors. For more information, see Adding DNS TXT records.

Enrolling devices

Enrolling Android Enterprise devices

Chromebook enrollment

Enrolling iOS devices

Enrolling Mac devices

Windows direct to core enrollment

Managing devices

Create agent settings to configure devices. Agent settings for mobile devices allow you to configure device settings and restrictions from the Endpoint Manager console. For more information about the available settings, see Distributing MDM agent settings.

Create software packages for devices. Create packages to distribute software to managed mobile devices. For information on creating and distributing software packages, see Distributing content to MDM managed devices.

Perform actions from the console. After a device is enrolled, it appears in the inventory, and you can perform actions such as wiping or locating the device. Most of these actions are performed by right-clicking on the device in the inventory. For information about available actions, see Device actions.