Quick Start Guide for DMA

This Quick Start Guide is a summary of how to get started using Device Management for Apple (DMA) so you can manage Apple devices in N-sight RMM.

This is not an all-inclusive guide to Device Management for Apple. For more detailed information and all the DMA tasks, see the full Device Management for Apple section.

Requirements

• Review and set up iOS Wi-Fi firewall requirements. See Requirements for DMA.
• Review and set up appropriate role permission requirements. See Default system roles and their permissions.
• Generate an Apple Push Notification Service (APNS) certificate that is unique to your N-sight RMM account. See Add a new Apple Push Notification Certificate.

Step 1: Select your DMA set up option

Option 1: Zero-Touch Enrollment		Option 2: Manual Enrollment
DMA with Apple Business Manager. Higher volume, lower touch Advantages: Highly scalable and repeatable. One account per client to manage all their Apple devices. Automates enrollment for every device added to the ABM account. Renewal of certificates available in N-sight RMM. Challenges: More management of Apple tools as you must maintain the ABM accounts for your clients. Needs client consent to create an ABM account for them and will require contractual protection to be built into your contracts.		DMA with user approved manual enrollment. Lower volume, higher touch Advantages: Quickly add devices individually as needed Renewal of certificates available within N-sight RMM. Multi-tenancy: customer accounts are separated, with each customer using their own Apple push certificate. Challenges: Difficult to scale: devices need to be added one at a time. Profiles are not pushed automatically. Users can unenroll themselves.

Step 2: Enroll devices

Option 1: Zero-Touch Enrollment (Automatic enrollment)

1. On the N-sight RMM vertical menu, select Device Management for Apple >  Auto-enrollment.
2. Select Add ABM token.
3. Select the target Customer and Site to associate with this ABM token and select Next.
4. Select Download public key and Next.

   

5. Click the Apple Business Manager link to sign in and follow the steps.

   

6. Upload ABM token.

The end user is prompted to enroll their device.

macOS only supports one mobile device management MDM solution per device. If we detect a third-party MDM profile on the device, our MDM profile does not install, and N-sight RMM indicates the discovery of another MDM on the device. You must remove the existing MDM profile from the device.

Option 2: Manual Enrollment

1. On the N-sight RMM vertical menu, select Device Management for Apple > Push Certificates.

2. Select Add certificate.

   

3. Select client from the client list and (optional) enter a different display name click Next.

   

4. Enter client's Apple ID and click Download CSR > Next.

5. Select ON to turn on the Enrollment Helper and select Next.

   

6. Select Apple Push Certificate Portal to sign in and create your .pem file by following the instructions provided.

7. Select Next.

8. Drag and drop the .pem file into Device Management for Apple and select Finish.

Your ID displays in the Apple Push Certificates section. To turn on Enrollment Helper:

1. On the N-sight RMMvertical menu, select Device Management for Apple .
2. Select Push Certificates.
3. Select the checkbox for the push certificate.
4. Select Turn on Enrollment Helper.

The end user is prompted to enroll their device.

macOS only supports one mobile device management MDM solution per device. If we detect a third-party MDM profile on the device, our MDM profile does not install, and N-sight RMM indicates the discovery of another MDM on the device. You must remove the existing MDM profile from the device.

Related topics

• Requirements for DMA
• Manually enroll devices in DMA
• Automatically enroll devices in DMA

Updated: Mar 28, 2024