Requirements for DMA

  • For on premise: the flag is ON at System level. SO accounts under system will need flags set to enable (as of 2023.8).
  • For hosted: enabled per SO.

Supported operating systems

Device Management for Apple supports the three most recent, major Apple macOS and iOS versions.

Apple Push Notification service (APNs) certificates

For Device Management for Apple to work effectively with macOS and iOS devices, you must generate an Apple Push Notification service (APNs) certificate that is unique to your N-central account.

We don't provide the APNs certificate, but we provide a wizard to help you obtain one from Apple Inc. For more information, see Add an Apple Push Certificate.

Role permission requirements

There are specific Device Management for Apple permissions required to view information and to manage the different components such as profiles, commands, and App Store purchases. For example, if you want to manage App Store purchases, your user role must include the Apps & Books permission.

For more information, see the Device Management for Apple table in Permissions Dictionary.

iOS Wi-Fi firewall requirements

For Apple iOS we use the device’s built-in MDM framework APIs that are controlled via the Apple Push Notification Service (APNS). These are used to register the device, upload information, and send commands.

To receive these push notifications, the device connects directly to the APNS over the cellular network or Wi-Fi. To permit the APNS traffic when connecting via Wi-Fi, the following TCP ports must be open in the firewall:

The device may be unable to use APNS if there is a proxy server on the Wi-Fi network because APNS requires a direct and persistent connection from device to server.

Port Service Description
1640 Certificate Enrollment Server Used for over the air Managed Device Management enrollment
2195 Apple Push Notification Service Used to send notifications to the APNs
2196 Apple Push Notification Service Used by the APNs feedback service
2197 Apple Push Notification Service Used to send notifications to the APNS
5223 Apple Push Notification Service Used by devices to communicate to APNS and receive push notifications
443 Secure Sockets Layer (HTTPS) Used as a fallback where devices are unable to communicate with APNS on port 5223

For more information, see the Apple support documentation.

Apple device supervision

When an Apple device is supervised it means the device is enrolled in DMA. Supervision provides a higher level of device management, allowing additional restrictions, configurations, and customizations that are not available on standard devices. Device supervision is required to issue some commands such as Shutdown Device and Instant Restart.

For more information, see Apple device supervision.

Updated: Oct 30, 2024