Requirements for DMA
Apple Push Notification Service certificate
For Device Management for Apple to work effectively with macOS and iOS devices, you must generate an Apple Push Notification Service (APNS) certificate that is unique to your N-sight RMM account.
We do not provide this certificate but we provide a wizard to help you obtain one from Apple Inc. For more information, see Add an Apple Push Certificate.
Role permission requirements
There are specific Device Management for Apple permissions required to view information and to manage the different components such as profiles, commands, and App Store purchases. For example, if you want to manage App Store purchases, your user role must include the Apps & Books permission. For more information, see the Device Management for Apple table in Default System Role Permissions.
iOS Wi-Fi firewall requirements
For Apple iOS we use the device’s built-in MDM framework APIs that are controlled via the Apple Push Notification Service (APNS). These are used to register the device, upload information, and send commands.
To receive these push notifications, the device connects directly to the APNS over the cellular network or Wi-Fi. To permit the APNS traffic when connecting via Wi-Fi, the following TCP ports must be open in the firewall:
The device may be unable to use APNS if there is a proxy server on the Wi-Fi network because APNS requires a direct and persistent connection from device to server.
|1640||Certificate Enrollment Server||Used for over the air Managed Device Management enrollment|
|2195||Apple Push Notification Service||Used to send notifications to the APNs|
|2196||Apple Push Notification Service||Used by the APNs feedback service|
|2197||Apple Push Notification Service||Used to send notifications to the APNS|
|5223||Apple Push Notification Service||Used by devices to communicate to APNS and receive push notifications|
|443||Secure Sockets Layer (HTTPS)||Used as a fallback where devices are unable to communicate with APNS on port 5223|
For more information, see the Apple support documentation.
Apple device supervision
When an Apple device is supervised it means the device is owned by an organization, and the organization has more control over the device configuration and its restrictions. Device supervision is also required to issue some commands such as Shutdown Device and Instant Restart.
For more information, see Apple device supervision.