Requirements for Apple Device Management
Apple Push Notification Service certificate
For Apple Device Management to work effectively with macOS and iOS devices, you must generate an Apple Push Notification Service (APNS) certificate that is unique to your RMM installation.
We do not provide this certificate but we provide a wizard to help you obtain one from Apple Inc. For more information, see Add a new Apple Push Certificate.
iOS Wi-Fi Firewall Requirements
For Apple iOS we use the device’s built-in MDM framework APIs that are controlled via the Apple Push Notification Service (APNS). These are used to register the device, upload information, and send commands.
To receive these push notifications, the device connects directly to the APNS over the cellular network or Wi-Fi. To permit the APNS traffic when connecting via Wi-Fi, the following TCP ports must be open in the firewall:
The device may be unable to use APNS if there is a proxy server on the Wi-Fi network because APNS requires a direct and persistent connection from device to server.
|1640||Certificate Enrollment Server||Used for over the air Managed Device Management enrollment|
|2195||Apple Push Notification Service||Used to send notifications to the APNs|
|2196||Apple Push Notification Service||Used by the APNs feedback service|
|2197||Apple Push Notification Service||Used to send notifications to the APNS|
|5223||Apple Push Notification Service||Used by devices to communicate to APNS and receive push notifications|
|443||Secure Sockets Layer (HTTPS)||Used as a fallback where devices are unable to communicate with APNS on port 5223|
For more information, see the Apple support documentation.