Quick Start Guide for DMA

This Quick Start Guide is a summary of how to get started using Device Management for Apple (DMA) so you can manage Apple devices in N-central.

This is not an all-inclusive guide to Device Management for Apple. For more detailed information and all the DMA tasks, see the full Device Management for Apple section.

Requirements

Zero-touch enrollment requires Server 23.7 for NCOD and 23.8 for OnPrem.

• Review and set up iOS Wi-Fi firewall requirements. See Requirements for DMA.
• Review and set up appropriate role permission requirements. See Permissions Dictionary.
• Generate an Apple Push Notification Service (APNS) certificate that is unique to your N-central account. See Add a new Apple Push Notification Certificate.

Step 1: Select your DMA set up option

Option 1: Zero-Touch Enrollment		Option 2: Manual Enrollment
DMA with Apple Business Manager. Higher volume, lower touch Advantages: Highly scalable and repeatable. One account per client to manage all their Apple devices. Automates enrollment for every device added to the ABM account. Renewal of certificates available in N-central. Challenges: More management of Apple tools as you must maintain the ABM accounts for your clients. Needs client consent to create an ABM account for them and will require contractual protection to be built into your contracts.		DMA with user approved manual enrollment. Lower volume, higher touch Advantages: Quickly add devices individually as needed Renewal of certificates available within N-central. Multi-tenancy: customer accounts are separated, with each customer using their own Apple push certificate. Challenges: Difficult to scale: devices need to be added one at a time. Profiles are not pushed automatically. Users can unenroll themselves.

Step 2: Enroll devices

Option 1: Zero-Touch Enrollment (Automated enrollment)

Zero-touch enrollment requires Server 23.7 for NCOD and 23.8 for OnPrem.

1. In the left-hand navigation menu, click Configuration > Device Management for Apple >  Auto-enrollment.
2. Select Add ABM Server token.
3. Select the target Customer and Site to associate with this ABM Server token and select Next.
4. Select Download public key and Next.

   

5. Click the Apple Business Manager link to sign in and follow the steps.

   

6. Upload ABM server token.

The end user is prompted to enroll their device.

macOS only supports one mobile device management MDM solution per device. If we detect a third-party MDM profile on the device, our MDM profile does not install, and N-central indicates the discovery of another MDM on the device. You must remove the existing MDM profile from the device.

Option 2: Manual Enrollment

1. In the left-hand navigation menu, click Configuration > Device Management for Apple > Push Certificates.

2. Select Add certificate.

   

3. Select client from the client list and (optional) enter a different display name click Next.

   

4. Enter client's Apple ID and click Download CSR > Next.

5. Select Apple Push Certificate Portal to sign in and create your .pem file by following the instructions provided.

6. Select Next.

7. Drag and drop the .pem file into Device Management for Apple and select Finish.

Your ID displays in the Apple Push Certificates section. To turn on Enrollment Helper:

1. In the left-hand navigation menu, click Views > All Devices.
2. Select the checkbox next to the targeted device after the agent has installed.
3. Select DMA > Enrollment Helper > Enable.

   

The end user is prompted to enroll their device.

macOS only supports one mobile device management MDM solution per device. If we detect a third-party MDM profile on the device, our MDM profile does not install, and N-central indicates the discovery of another MDM on the device. You must remove the existing MDM profile from the device.

Related articles

• Requirements for DMA
• Automated Device Enrollment
• Manual device enrollment

Updated: Jul 09, 2024