Enroll macOS devices

When a customer is not eligible for Automated Device Enrollment, or you determine it's not the best option for the customer, you can set up manual enrollment using the following tasks:

• Enable Enrollment Helper to prompt end users to enroll their macOS device
• End user actions to enroll macOS devices

Enrollment of Virtual Machines (VMs) in Device Management for Apple is not tested or supported.

If the Enrollment Helper is disabled at the account or customer level, use this task to enroll specific macOS devices.

Requirements

• The Apple Push Notification service (APNs) must be set up prior to enrollment.

Enable Enrollment Helper to prompt end users to enroll their macOS device

You can also use the automated task, Relaunch Device Management for Apple enrollment guide, to prompt end users to enroll their device.

1. On the All Devices view North-pane go to the Workstations tab.
2. Right-click the target workstation and select Enable Enrollment Helper.
3. In the confirmation prompt dialog, click OK.

   The end user is prompted to enroll their device.

   The enrollment profile is downloaded to: /Library/DeviceManagementHelper/temp/mdm_profile.mobileconfig
   
   If the MDM Helper guide does not launch, double-click mdm_profile.mobileconfig to authorize the device enrollment.

End user actions to enroll macOS devices

When end users are prompted to enroll their device, they are guided through the following steps:

1. In the Enrollment dialog, select Continue to enroll your device, or opt to install the enrollment profile at a more convenient time by selecting Later.

   

   When you select Continue, an explanation of the next required steps display.

2. Enter an administrative password when prompted to authorize changes.

   macOS only supports one mobile device management MDM solution per device. If we detect a third-party MDM profile on the device, our MDM profile does not install, and N-sight RMM indicates the discovery of another MDM on the device. You must remove the existing MDM profile from the device.

   After the device authenticates with the Device Management for Apple server, we return a successful enrollment message on the computer and in the device Summary tab in N-sight RMM.

   After the device is enrolled, the end user no longer receives security or permission notifications for our products, except for Screen Recording for Take Control, which Apple does not allow to be approved using any MDM solution.

Related articles

• Upload a configuration profile to DMA
• Unenroll devices from DMA

Updated: Jul 05, 2024