Avalanche powered by Wavelink
This page refers to an older version of the product.View the current version of the User Guide.
Creating Enrollment Rules for Smart Devices
To manage Smart devices using Avalanche, create enrollment rules. Enrollment rules allow devices to connect to the server and display devices in the right folders. An enrollment rule contains an ID, password, and the folder that devices using the rule are placed in.
To connect a device to Avalanche, the device user must provide the enrollment ID and password. When the device connects, it enrolls and is placed in the folder associated with the enrollment rule it used. You have the option to move the device to a different folder after it is enrolled, but if the device re-enrolls, it is moved back to the folder associated with the enrollment rule.
A device uses the enrollment rule when it enrolls. If you change the folder associated with an enrollment rule, devices that have already enrolled are not affected and do not change folders. If you move a device to a new folder, it is only moved back into the enrollment rule folder if the device user attempts to re-enroll. You can have more than one enrollment rule associated with a folder.
All of the enrollment rules for your company are available at each folder of the company. As long as the user has permissions for enrollment rules, he can create or edit an enrollment rule from any folder. However, when you deploy an enrollment rule, you must include the folder the rule is associated with in the deployment.
An enrollment rule has the following options:
|
Enrollment ID |
The name of the enrollment rule. It is recommended that enrollment rules have IDs that are specific to your company and indicate the purpose for the enrollment rule. For example, you may create enrollment IDs that begin with your company name and then name the department that will use the enrollment rule. For security reasons, you cannot create an enrollment rule that has the same ID as an enrollment rule used by another company. |
|
Folder |
The folder this enrollment rule is assigned to. To change the folder, you must select a different folder from the Enrollment Rules page before creating an enrollment rule. |
|
Type |
Assigns the enrollment rule to a group of people you define, or for an organizational unit in an LDAP directory. •Group. A group policy allows any device using the policy to enroll. To enroll a device using a group enrollment rule, the user provides the enrollment name and password. The device is placed in the folder associated with the enrollment rule. •LDAP. When you create an LDAP enrollment rule, you link the enrollment rule to an organizational unit in your LDAP directory service. To enroll a device using an LDAP enrollment rule, the user provides the enrollment name and password and his own domain and username. The device is placed in the folder associated with the enrollment rule. Before you can create an LDAP enrollment rule, you must install the Avalanche LDAP Integration Services and configure Avalanche with the addresses for the LDAP Integration Services and your existing LDAP server. For information on configuring these settings, see Configuring General System Settings. |
|
Password/Verify Password |
The password required to enroll the device. This password must be entered for first-time enrollment unless Require LDAP credentials to access the corporate portal is selected. |
|
Require LDAP credentials to access the corporate portal |
Requires an LDAP user name and password to access the LD Portal app. |
|
EULA |
Associates a EULA that all users must accept when they first enroll a device. You can download a template through Avalanche or upload your own custom EULA to display as part of the initial enrollment process. Declining the EULA prevents the device from enrolling. If you don't upload a EULA, this won't be a requirement for enrolling a device. |
|
Use Apple Device Enrollment Program |
Allows you to perform touchless configurations of iOS devices purchased through Apple based on order numbers or serial numbers. When you use DEP, you can streamline the setup process by disabling features or steps associated with the device's first-time use, such as creating a passcode or associating an Apple ID with the device. This is only available for devices using iOS 7.0 and newer. For more information, see Apple Device Enrollment Program. This option is required to select any options listed below. You cannot select this option until you've generated a key-value pair from the System Settings screen. |
|
Apple DEP tokens |
Associates an Apple DEP token with the enrollment rule. Any iOS devices associated with the token, either by order or serial number, are automatically managed using this enrollment rule. When creating an enrollment rule, you must have the server token file created as part of the initial setup process in the Apple Deployment Programs console. For more information, see Using Avalanche as an MDM Server for Apple DEP. |
|
Mandatory MDM Enrollment |
Prevents the device from being activated unless it is enrolled into a mobile device management service like Avalanche. When selected, users must enter an enrollment password for Group rules or Active Directory credentials for LDAP when setting up the device. If this option is not selected, users can skip the enrollment screen when activating iOS devices. |
|
Allow Host Pairing |
Allows users to sync the device with a host computer via a USB cable connection. Not selecting this option doesn't prevent wireless syncing with a host computer. |
|
Use Supervised mode |
Allows administrators to manage devices wirelessly through Avalanche or over a USB connection, providing additional restrictions and configuration options. You can control the availability of features like AirDrop, iMessage, app data usage, account modifications, web filters, and single app mode. When devices use Supervised mode, you can perform silent app installs that will not alert device users or prompt them to enter their Apple ID to complete the install. Supervised mode can be activated without using Apple DEP. For more information, see your Apple documentation. |
|
Lock MDM Profile |
Prevents users from manually removing the MDM profile directly from the iOS device. This option can only be set for devices with Use Supervised mode enabled. |
|
Phone Number |
Provides users with a phone number on the device to contact their administrator. When users first set up the iOS device, tapping About Configuration on the Configuration screen will display this number. |
|
A list of setup panes to skip |
Skips these specific screens and disables the listed features when setting up an enrolled iOS device for the first time: •Hide and disable passcode •Disable Location Services •Disable restoring from backup •Disable Applie ID and iCloud sign in •Skip Terms and Conditions •Disable Siri •Disable auto sending diagnostic information |
To create an enrollment rule:
1.Click the Enrollment tab. In the Navigation Tree, select the folder you want the rule to be associated with. In the Enrollment Rules panel, click Add.
-Or-
In the Navigation Tree, select the folder you want to create a rule for and click View. On the Folder Details page, click Add in the Enrollment Rules panel. The Enrollment Rule dialog box appears.
2.Type the enrollment ID and password in the text boxes.
3.Choose whether the rule type is group or LDAP. If you create a rule for LDAP, select the organizational unit you want to associate with the enrollment rule. The LDAP option is only available if you have LANDESK Mobility Manager installed.
4.When you are using the LANDESK Portal app with Avalanche, the Portal app generally requires each user to provide his LDAP credentials in order to use the app. If you want to allow users to access the Portal app without providing credentials, clear the Require LDAP credentials to access the corporate portal option.
5.If you want the device to display a End User License Agreement (EULA) to the device user that the user must accept in order to be managed, you can upload one of your own or modify the template provided by Wavelink. Click Download template to view the sample template, or click Browse to upload your own text file.
6.If you want the enrollment rule to work with Apple's Device Enrollment program, select Use Apple Device Enrollment Program. Click Add and upload the server token you received when setting up your virtual MDM server from the Apple Deployment Program console. If you haven't created a server token yet, see Using Avalanche as an MDM Server for Apple DEP. You can upload multiple server tokens as needed, but a minimum of one is required to use DEP. Once you've uploaded a server token, select other settings as needed.
7.Click Save.
8.Perform a deployment to send the enrollment rule to the Smart device server. Be sure to include the folder associated with the rule in the folders that are deployed.
When a device uses the enrollment rule, it appears in the folder's inventory and the Smart device profile applied to the folder will be applied on the device.
This page refers to an older version of the product.View the current version of the User Guide.
The topic was:
Inaccurate
Incomplete
Not what I expected
Other
Copyright © 2017, Ivanti. All rights reserved.