Getting started with Apple device management

Endpoint Manager MDM gives you access to management options for your macOS devices, such as settings and configurations, software distribution, and console actions. Some MDM enrolled devices can also be managed using the Ivanti Agent, enabling hybrid management that combines the capabilities of MDM and traditional agent-based management.

Configuring Endpoint Manager for Apple device management

1.Configure your CSA in the console. The Ivanti Cloud Services Appliance (CSA) provides secure communication and functionality over the internet. The CSA acts as a meeting place where devices, MDM or agent-managed, can communicate with the Endpoint Manager core server—even if they are behind firewalls or use a proxy to access the internet. The CSA requires a third-party certificate for mobile device management. To configure your CSA, see Configuring the Ivanti Cloud Services Appliance.

2.Select your CSA for MDM. To select the CSA you would like Endpoint Manager MDM to communicate with, navigate to Tools > Modern Device Management > MDM Configurations > Common Settings > Cloud Service Appliances (CSA).

3.Connect your core to your LDAP server. In addition to querying the core database, Endpoint Manager also provides the directory tool that lets you locate, access, and manage devices in other directories via LDAP. In most deployments, the LDAP configuration points to an Active Directory server. For information about configuring the connection to your LDAP server, see LDAP queries.

4.Set up credentials for using notification services. Endpoint Manager uses the Apple Push Notification Service (APNS) to communicate with Apple devices, which requires you to have an APNS certificate. For information about obtaining a certificate and enabling APNS, see Apple notification services.

Enrolling Apple devices

•Enroll DEP devices. Endpoint Manager works with Apple's Device Enrollment Program (DEP), allowing you to perform setup-free deployment of all Apple devices. For information about enrolling in and enabling DEP, see Apple device deployment programs (DEP).

•Enroll macOS devices. For information about enrolling macOS devices, see Enrolling Mac devices.

MacOS devices can also be concurrently managed using the Ivanti Agent. Hybrid management using both the Ivanti Agent and MDM enables extensive device management, combining agent-based management with MDM configuration enhancements. For more information, see Installing the agent for hybrid management.

Managing enrolled devices

•Create agent settings to configure devices. Agent settings for mobile devices allow you to configure device settings and restrictions from the Endpoint Manager console. For more information about the available settings, see Distributing MDM agent settings.

•Distribute software to devices.

Create packages to distribute apps from the Apple App Store, manifest URLs, or your VPP account. For information on creating and distributing software packages, see Distributing content to MDM managed devices. For information about linking Endpoint Manager and your VPP account, see Using a VPP Account.

•Perform actions from the console. After a device is enrolled, it appears in the inventory, and you can perform actions such as locking the device or viewing the device inventory. Most of these actions are performed by right-clicking on the device in the inventory. For information about available actions, see Device actions.