Requirements for Apple Device Management

Apple Push Notification Service certificate

For Apple Device Management to work effectively with macOS and iOS devices, you must generate an Apple Push Notification Service (APNS) certificate that is unique to your RMM installation.

We do not provide this certificate but we provide a wizard to help you obtain one from Apple Inc. For more information, see Add a new Apple Push Certificate.

iOS Wi-Fi Firewall Requirements

For Apple iOS we use the device’s built-in MDM framework APIs that are controlled via the Apple Push Notification Service (APNS). These are used to register the device, upload information, and send commands.

To receive these push notifications, the device connects directly to the APNS over the cellular network or Wi-Fi. To permit the APNS traffic when connecting via Wi-Fi, the following TCP ports must be open in the firewall:

The device may be unable to use APNS if there is a proxy server on the Wi-Fi network because APNS requires a direct and persistent connection from device to server.

Port Service Description
1640 Certificate Enrollment Server Used for over the air Managed Device Management enrollment
2195 Apple Push Notification Service Used to send notifications to the APNs
2196 Apple Push Notification Service Used by the APNs feedback service
2197 Apple Push Notification Service Used to send notifications to the APNS
5223 Apple Push Notification Service Used by devices to communicate to APNS and receive push notifications
443 Secure Sockets Layer (HTTPS) Used as a fallback where devices are unable to communicate with APNS on port 5223

For more information, see the Apple support documentation.