Requirements for DMA
- For on premise: the flag is ON at System level. SO accounts under system will need flags set to enable (as of 2023.8).
-
For hosted: enabled per SO.
Supported operating systems
Device Management for Apple supports the three most recent, major Apple macOS and iOS versions.
Apple Push Notification service (APNs) certificates
For Device Management for Apple to work effectively with macOS and iOS devices, you must generate an Apple Push Notification service (APNs) certificate that is unique to your N-central account.
We don't provide the APNs certificate, but we provide a wizard to help you obtain one from Apple Inc. For more information, see Add an Apple Push Certificate.
Role permission requirements
There are specific Device Management for Apple permissions required to view information and to manage the different components such as profiles, commands, and App Store purchases. For example, if you want to manage App Store purchases, your user role must include the Apps & Books permission.
For more information, see the Device Management for Apple table in Permissions Dictionary.
iOS Wi-Fi firewall requirements
For Apple iOS we use the device’s built-in MDM framework APIs that are controlled via the Apple Push Notification Service (APNS). These are used to register the device, upload information, and send commands.
To receive these push notifications, the device connects directly to the APNS over the cellular network or Wi-Fi. To permit the APNS traffic when connecting via Wi-Fi, the following TCP ports must be open in the firewall:
The device may be unable to use APNS if there is a proxy server on the Wi-Fi network because APNS requires a direct and persistent connection from device to server.
Port | Service | Description |
---|---|---|
1640 | Certificate Enrollment Server | Used for over the air Managed Device Management enrollment |
2195 | Apple Push Notification Service | Used to send notifications to the APNs |
2196 | Apple Push Notification Service | Used by the APNs feedback service |
2197 | Apple Push Notification Service | Used to send notifications to the APNS |
5223 | Apple Push Notification Service | Used by devices to communicate to APNS and receive push notifications |
443 | Secure Sockets Layer (HTTPS) | Used as a fallback where devices are unable to communicate with APNS on port 5223 |
For more information, see the Apple support documentation.
Apple device supervision
When an Apple device is supervised it means the device is enrolled in DMA. Supervision provides a higher level of device management, allowing additional restrictions, configurations, and customizations that are not available on standard devices. Device supervision is required to issue some commands such as Shutdown Device and Instant Restart.
For more information, see Apple device supervision.
Updated: Oct 30, 2024