Cellular policies

Apple disabled APN settings in iOS 9.0, but re-enabled APN settings in iOS 9.0.1. Ivanti strongly recommends creating a cellular policy for new configurations.

Ivanti EPMM provides a cellular policy that defines the network path for cellular data connectivity, or the Access Point Name (APN). It is possible to configure a cellular data policy using an APN setting or a cellular policy, depending on the version of iOS running on a given device.

The cellular policy allows you to define a customized APN for devices without disrupting device users’ cellular connectivity. The cellular policy in Ivanti EPMM supports Apple’s configuration profile com.apple.cellular payload.

The cellular policy includes the following information:

  • A name and description
  • Active or inactive status
  • A username and password for connecting to the cellular network
  • Priority, if more than one cellular policy is defined in Ivanti EPMM
  • The preferred method of authenticating with the cellular network
  • An Access Point Name (APN), which defines the gateway between the mobile network and your computer network

Cellular policies can be applied to devices running iOS 7 through the most recently released version of iOS or supported newer versions.

Only one cellular policy can be used on a device at any given time. A cellular policy cannot co-exist with an APN setting on the same device. If you upgrade a device from iOS 8 to iOS 9, for example, you must remove the APN setting and apply a cellular policy.

Migrating devices from an APN setting to a cellular policy

If you are managing devices with an APN setting applied, you will need to migrate these devices to a cellular policy.

  1. Make sure the devices are connected to a Wi-Fi network.
  2. Apply the relevant iOS devices to a label, and remove the APN setting from that label.
  3. Ensure the APN setting has been removed from iOS devices in the label.
  4. Apply the new cellular policy to the label applied to the iOS devices.

Defining a cellular policy

If you define more than one cellular policy, you can set the priority of each policy in relation to the others. For instance, if you define three policies, you can configure each policy to take precedence over the next, such that policy 1 would take priority over policy 2, which, in turn, would take priority over policy 3. Note that the most recent priority setting overrides the previous. For example, if you edit policy 3 to take higher priority than policy 2, then the order of priority shifts to policy 1, policy 3, policy 2.

All things being equal, this means that policy 1 will be applied to devices. If, however, policy 1 is only applied to label 1, this means that policy 3 will be applied to label 2.

To define a cellular policy:

  1. Go to Policies & Configs > Policies.
  2. Click Add New.

  3. Select iOS and macOS > iOS Only > Cellular.

    The New Cellular Policy dialog box opens.

  4. Use the table in Cellular policy settings as a guideline for filling out the form.
  5. Click Save.
  6. Go to Actions > Apply To Label.
  7. Select the label or labels to apply from the Apply To Label dialog.
  8. Click Apply.

Cellular policy settings

The following table describes the settings available in the New Cellular Policy window. For more information about creating a cellular policy, see Defining a cellular policy.

Table 34.  Cellular policy settings

Item

Description

Name

Enter a name for the cellular policy.

Status

Select Active to enable the policy, or Inactive to disable it.

Priority

Set the priority of cellular policies if there is more than one cellular policy.

If you want to place greater priority on this cellular policy than another, select Higher than, and then select the cellular policy over which this policy will take priority.

If you want to place lesser priority on this cellular policy than another, select Lower than, and then select the cellular policy that will be used before the one you are defining.

Description

Enter a description of the cellular policy.

User Name

Enter a user name for authentication.

Password

Enter a password for authentication.

Authentication Type

Select CHAP to use Challenge-Handshake Authentication Protocol (CHAP) to authenticate the user with the cellular carrier.

Select PAP to use Password Authentication Protocol (PAP) to authenticate the user with the cellular carrier.

Protocol Mask

Select the version of Internet Protocol you would like to enable for this cellular policy: IPv4, IPv6, or Both.

APN Configurations

Click + to configure the name of the gateway between a mobile network and your computer network.

Currently, iOS only uses the first APN setting from the list of APN settings.

For each APN, enter the following values:

  • Name: Enter a name for the APN.

  • Authentication Type: Enter the authentication type.

  • User Name: Enter a username for authenticating with the cellular network.

  • Password: Enter a password for authenticating with the cellular network.

  • Proxy server: Enter the URL of the proxy server on the cellular network.

  • Port: Enter the port number for the proxy server.

  • Enable XLAT-464: Choose whether to enable the XLAT-464 option.

  • Roaming Protocol Mask: Select the IP version to use for roaming in the context of this cellular policy: IPv4, IPv6, or Both.

    Note: Ivanti EPMM now supports the Cellular.APNsItem EnableXLAT464 Apple property, which enables the XLAT-464 option to provide access service for IPv6 across IPv6 networks.

  • Domestic Roaming Protocol Mask: Select the default IP version to use for domestic roaming in the context of this cellular policy: IPv4, IPv6, or Both.

    Note: Starting with Ivanti EPMM 11.8.0.0, the Apple Cellular.APNsItem DefaultProtocolMask deprecated property is no longer supported.

Configuring an eSIM refresh cellular plan policy

An embedded SIM ("eSIM") can digitally store the information that is normally stored on a physical SIM card. Because the encrypted eSIM is not linked to a specific cellular carrier, it is easy to switch from one carrier to another.

In order to activate eSIM cellular plan profiles, configure devices to query and respond to a carrier URL that is provided by your carrier.

Examples of carrier URLs:

  • Verizon: https://2.vzw.otgeuicc.com

  • AT&T: https://cust-001-v4-prod-atl2.gdsb.net

  • T-Mobile: https://t-mobile.gdsb.net

This feature is applicable only to iPad devices with iPadOS 13.0+ and 14.0+ that have a cellular plan.

Activity related to eSIM is tracked in the logs. You can view the eSIM ID in the Device Details page; see Advanced searching .

To delete a cellular plan, you can wipe the device. However, if you want to keep the data plan on the device, deselect the Preserve data plan field in the Wipe dialog box (Devices > Actions > Wipe.)

Procedure 

  1. Go to Policies & Configs > Policies.

  2. Click Add New.

  3. Select iOS and macOS > iOS Only > eSIM Refresh Cellular Plan.

    The eSIM Refresh Cellular Plan dialog box opens.

  4. Use the information in Table 2 below, eSIM Refresh Cellular Plan Policy Settings, as a guideline for filling out the form.

  5. Click Save.
Table 35.  eSIM Refresh Cellular Plan policy settings

Item

Description

Name

Enter a name for the eSIM Refresh Cellular Plan policy.

Status

Select Active to enable the policy, or Inactive to disable it.

Priority

Set the priority of cellular policies if there is more than one cellular policy.

If you want to place greater priority on this cellular policy than another, select Higher than, and then select the cellular policy over which this policy will take priority.

If you want to place lesser priority on this cellular policy than another, select Lower than, and then select the cellular policy that will be used before the one you are defining.

Description

Enter a description of the eSIM Refresh Cellular Plan policy.

eSIM Cellular Plan URL

Enter the eSIM cellular plan URL that will be used.

For the correct URL to use, check:

https://www.apple.com/ipad/cellular/