Skip to main content

 

Cisco Meraki Documentation

Enrolling and Supervising iOS Devices using Apple Configurator 2.0

To see the updated article for supervising and enrolling iOS 11+ devices with Apple Configurator 2.5+, including information on how to add devices into ADE via Apple Configurator, see here.

Meraki Systems Manager provides administrators the ability to mass enroll and supervise devices using Apple Configurator, a macOS application. Apple Configurator 2 allows for mass configuration of iOS 9+ devices while physically connected to a Mac computer. A USB hub can be used to configure dozens of devices at once. Follow these links to download the application, and view more Apple Configurator documentation.

 

With Apple Configurator 2.0 or later, Apple has allowed the use of the Automated Device Enrollment (ADE) for automatic enrollment into Meraki Systems Manager, which can be used to speed up the process into a no-touch experience for mass enrollment of devices. Alternatively, if your iOS devices are not in Apple's ADE, you can use the manual enrollment method by configuring your Systems Manager MDM Server in Apple Configurator via enrollment URL. This article will cover both Apple Configurator 2 MDM enrollment options in detail: ADE automatic enrollment method and manual enrollment URL method. 

iOS devices that are using Apple's Automated Device Enrollment (ADE) can be supervised and enrolled over-the-air anytime they are factory reset. ADE is the best way to permanently force your devices to be owned and managed by your organization, and it is important to assign your ADE settings properly before deployment. 

Device Supervision

During the enrollment process, it is possible to supervise iOS devices. Supervision enables many additional features including restrictions, which you can find listed in the Meraki Dashboard under Systems Manager > Manage > Settings > Restrictions > iOS Supervised Restrictions.

If your iOS devices are not currently Supervised, they will be required to be factory reset to become Supervised. Therefore, it is recommended to Supervise devices (if desired) prior to performing any configuration or providing the device to users. Supervision steps are covered in detail in the guide below. 

Prerequisites

  • Apple Configurator 2.0 or greater

  • macOS 10.11.0 or greater

  • iOS device(s) powered up and physically connected to Mac

  • The Mac and iOS device(s) are not locked

  • Internet access with unblocked access to Apple and Meraki Systems Manager

    • Refer to Help > Firewall info for a list of ports and IP addresses

  • For Automatic enrollment: iOS devices must be in Apple’s ADE

Access to the internet is critical to the enrollment process. If an iOS device is not able to contact Meraki Systems Manager when trying to enroll, it will be unable to complete the process and/or receive any additional profiles and apps. 

Apple Configurator 2 - Automatic Enrollment

Automatic Enrollment through Apple Configurator only works on iOS devices that are in Apple’s Automated Device Enrollment (ADE), and allows you to pre-provision wireless settings on devices to seamlessly enroll during the device's setup assistant. Please be sure to add your Apple ADE account to Meraki Systems Manager before beginning this process, and ensure your devices are visible in Systems Manager > Manage > ADE.

If you are not using Apple's ADE, please follow the steps for the "Apple Configurator 2 - Manual Enrollment". 

  1. Open your Meraki Dashboard and go to Systems Manager > Manage > ADE.   

  2. Checkmark the devices you want to assign ADE settings.

  3. Click on Assign settings:
    ADE_Assign_settings.png

  4. Configure your preferred ADE settings:
    ADE_Configure_Settings.png

    Allow pairing: allow devices to connect to computers via USB cable.

    Supervise: allow device to become supervised by your organization.

    Mandatory: force device to always enroll in your Systems Manager network upon inital setup (when first powered on, or factory reset). 

    Removable: If unchecked, the “Meraki Management” enrollment profile will not be visible for end users to remove on the iOS device in Settings > General > Device Management. Unchecking this prevents end users from un-enrolling themselves from Meraki management later. 

  5. Click Assign x device(s) -- x is the number of devices that will receive these ADE settings. Now you will see these devices change to have an orange “Assigned” status next to it. The device is currently waiting to be turned on for the first time, or to be factory reset so it can receive these ADE settings.
    DeviceAssigned.png
     

  1. Now, you are ready to use Apple Configurator 2. Highlight the devices you want to automatically enroll in Apple Configurator 2 and click on Actions > Prepare…

4.png

  1. Choose Configuration: Automatic Enrollment. Click Next
    5.png

  2. Upload a wireless profile, so the iOS device(s) can connect to a SSID in range so iOS devices can automatically configure with Apple and Meraki.

    6.png

    To create a wifi profile in Apple Configurator 2, go to File > New Profile, and add your wifi settings. Save this profile so you can upload it here. 

    It is necessary to add a wifi profile during this step so each iOS device can communicate to Apple and Cisco Meraki to complete the automatic ADE settings assignment and Meraki Systems Manager enrollment.   
  3. If your Meraki Systems Manager enrollment requires Active Directory authentication, input your domain credentials here. If not, leave these fields blank and click Prepare.
    7.png

  4. Apple Configurator will now download the latest iOS version from Apple and install it on the connected devices. Be patient while the latest iOS version downloads and installs.

  5. Your devices will now be at the "Hello" initial iOS setup screen. These devices now contain the wifi profile as well as the Meraki Management enrollment profile. These devices will skip the steps chosen in Step 4. Once these devices are at their homescreen, they can have apps and profiles installed through Meraki Systems Manager. All your devices can now be managed in Systems Manager > Monitor > Devices.

8.jpg

At this point, the automatic enrollment process is complete - your devices are now managed and ready to be distributed to end users!

Apple Configurator 2 - Manual Enrollment

Manual Enrollment is the way to enroll iOS devices not in Apple’s Automaded Device Enrollment (ADE). First we will cover how to setup your Meraki MDM server in Apple Configurator. Then, Apple Configurator will factory erase the devices to prepare them with supervision and Meraki Systems Manager enrollment.

  1. Go to Apple Configurator 2 in the menu bar and choose Preferences...

  2. Click on the Servers tab.   

  3. Click the “+” to add a new server.  

  4. Define your MDM Server:

    • Name: Any name you choose.

    • Hostname or URL: Enrollment URL copied from your Meraki Dashboard found in Systems Manager > Manage > Add Devices > iOS > Apple Configurator > Enrollment URL (AC2+)
      9.png

  5. Click Next.

    If you see the following error regarding “unsupported URL” do not be alarmed. Click Next again.
    10.png

     

  6. Leave the Enrollment Profile and Trust Profile empty and click Next.
    11.png

  7. You have now successfully configured your Systems Manager MDM Server. Close this window and now you can complete the enrollment using this MDM Server. 
    12.png

  8. Plug your iOS devices to this Mac. Highlight the device you would like to enroll and go to the menu bar and choose Actions > Prepare...
    13.png

  9. Choose Configuration: Manual. Click Next
    14.png

  10. Choose your Meraki MDM Server (set up in Steps 1-7). Click Next.
    15.png

  11. Choose if you would like the devices Supervised by your organization. Choose if you would like to allow pairing with other computers. Click Next.
    16.png

    Supervision will allow many additional restrictions to be added to devices in Meraki later. Supervision helps keep your iOS devices managed by your organization.
    The "pair" option will not allow these iOS devices to connect to other computers via USB cable. If you do not allow pairing here, they will be undetectable to other computers via iTunes, Apple Configurator, or any USB detection. 
  12. Choose the Organization that you want to have Supervision of these devices. Click Next

       17.png

  1. Choose what steps you would like the iOS initial setup assistant to skip. Then click Prepare

       18.png

  1. Apple Configurator will now download the latest iOS version from Apple and install it on the connected devices. Be patient while the latest iOS version downloads and installs. All devices will now be prepared with these settings, which requires a device factory reset. All data saved on the device will be lost. 
  2. Now, your devices will be at their iOS initial setup assistant "Hello" screen. You will need to configure each iOS device from here one by one, just so it can connect to wifi and receive the enrollment profile. Slide to set up. 
  3. Choose a wifi network in range. 
  4. Now you should see a screen asking if you want to accept the automatic configuration. Apply configuration here and you will be enrolled in Systems Manager and your enrollment will go through. 
    19.png
     
The iOS device will skip all the steps chosen in step 13 of this guide. Accept the Apple terms & conditions, and now your device will be at the homescreen. It is now enrolled in Meraki Systems Manager where you can install apps and profiles remotely. Look for this client in Systems Manager > Monitor > Clients, and begin management!
20.jpg