Enrolling and Supervising iOS Devices using Apple Configurator v1.4 or earlier
Systems Manager provides administrators the ability to mass enroll devices using Apple Configurator, a Mac application. Apple Configurator allows for mass configuration of iOS devices while physically synced via USB to a Mac computer. A USB hub can be used to configure dozens of devices at once. Apple Configurator is only supported with Mac devices running OS X 10.7.5 and higher. Follow these links to download the application, and view more Apple Configurator documentation.
Alternatively, devices that meet the requirements can be supervised and enrolled over the air using Apple's Device Enrollment Program, or devices can be enrolled using Configurator v1.5 or later by providing the enrollment URL during device preparation.
Apple Configurator provides for three workflow panes: Prepare, Supervise, and Assign. From the Prepare pane, connected devices can either be put into Supervised mode or remain un-supervised (supervision OFF). Supervision mode performs a factory reset of all connected devices, installs the selected version of iOS, and installs a Supervision profile on the device along with any other selected profiles or apps. With 'Supervision OFF,' selected configuration profiles and iOS apps can be installed on connected devices without first wiping the device.
Older versions of Apple Configurator are deprecated - to see the updated article for supervising and enrolling devices with Apple Configurator 2, see here.
Benefits to Supervising Devices
A decision to Supervise devices should be made early, as supervising requires a complete wipe of each device (erases all content and settings).
Supervision allows for the following iOS supervised restrictions listed on the Systems Manager > Manage > Settings page toward the bottom of the Restrictions tab:
- Allow iMessage
- Allow app removal
- Allow Game Center
- Allow Bookstore
- Allow Bookstore erotica
- Allow UI configuration profile installation
- Enable Single App mode
- Enable HTTP proxy
Mass enrollment steps for Systems Manager can be followed from either the Prepare or Supervise tabs in Apple Configurator. In order for the Meraki SM management profile to successfully install, both the Mac computer running Apple Configurator AND the connected iOS device(s) need to have an unblocked connection to the internet. This is required, because the iOS devices need to contact Systems Manager and Apple's MDM servers immediately upon enrollment. The most common reason for a failed Meraki SM management profile installation is because the iOS device does not have an active internet connection at the time the Meraki SM management profile is installed (often times the result of putting a device into Supervision mode - thus wiping the device and removing its WiFi connection).
Instead of manually connecting to a WiFi network from each device, a configuration profile with WiFi settings can be applied via Apple Configurator prior to installing the Meraki SM Management Profile.
Physically sync iOS device(s) connected to a Mac computer running Apple Configurator
- Import the Meraki Management profile to Apple Configurator
- Push a profile with a wireless payload to devices synced to Mac computer (optional)
- Push the Meraki Management profile to devices synced to Mac computer
Import the Meraki Management profile to Apple Configurator
- In Systems Manager Dashboard, navigate to the iOS tab on the Systems Manager > Manage > Add devices page
- Scroll down to Apple Configurator heading
- Download the meraki_sm_mdm.mobileconfig file to Mac computer (do not install file; only save the file)
- Launch Apple Configurator on Mac
- Select either the Prepare or Supervise tab (Supervise tab only available if synced device has already been put into Supervision mode)
- Import the meraki_sm_mdm.mobileconfig file downloaded in step c by selecting the '+' symbol below the 'Profiles' box
- Un-check the Meraki Management profile as an active wireless internet connection should be confirmed prior to installation
Push a profile with a wireless payload to devices synced to a Mac computer (optional)
This step can be skipped by manually selecting a SSID from every synced device. However, it can save time if a large number of devices are being configured at once.
- Create a New Profile within Apple Configurator under the settings tab using the + symbol
- Give the profile a Name
- Scroll down to Wi-Fi
- Enter details to a valid wireless network available to the connected iOS devices and click Save
- Apply/Refresh to push the profile to devices
- From a single device in the set of synced devices, navigate to Settings > WiFi and confirm that the device is connected to the wireless network configured in the profile
- Confirm that the device is connected to the public internet by navigating to a website such as http://www.meraki.com
Push the Meraki Management profile to devices synced to a Mac computer
- Place a check next to the Meraki Management profile (leave the WiFi profile checked)
- Select Apply/Refresh to push the Meraki Management profile to devices
To verify that the Meraki SM management profile successfully installed, please navigate to Settings > General > Device Management from a single synced device, and check whether the Meraki profile is installed.
In this example, the following profiles should be listed:
- Meraki Management profile;
- A profile containing WiFi settings; and
- A Supervision Profile (depending on the deployment model used)
If everything has installed correctly and the devices have checked-in with Systems Manager Dashboard, they will show up under Monitor > Clients.
In some cases, the Systems Manager profile fails to install on an iOS device with an error "Can't install profile."
This happens when the iPad does not have network access, and cannot verify the profile that you're trying to push with Apple Configurator.
To remedy this error, ensure that:
- "Airplane Mode" is turned off
- The iPad is joined to a network and can access the internet
- Ensure that your network firewall does not block the Simple Certificate Enrollment Protocol (SCEP), which runs over HTTPS
- Ensure that all traffic to/from ios.meraki.com is unrestricted
- Ensure that the Mac computer running Apple Configurator has access to the public internet
For the necessary IPs/ports that need to be opened for iOS devices to communicate with Systems Manager, please consult the Firewall Information page.
Using Apple Configurator, users can mass enroll devices to a Systems Manager network. This saves administrators or end users from having to manually enroll each iPad to Systems Manager. This is a great option for schools and institutions with a large number of devices to enroll.
For more information on using Systems Manager in conjunction with Apple Configurator to manage iOS devices, please read our Best Practices Whitepaper on the topic.