IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
This week MaaS360 teams have rolled out a few new features pertinent to the iOS automated device enrollment process (ADE - formerly known as DEP).Apple has enhanced the enrollment process for devices by allowing MDM solutions to add customized screens during setup to address SAML enrollment and custom terms and conditions. With iOS 13 and macOS 10.15 MaaS360 can implement these features with just a few setup items in the portal.Custom EULA DisplayWithin the portal there are two areas that need to be configured to display a custom EULA during DEP enrollment. First, navigate to Setup-->Settings and under Device Enrollment Settings select Advanced. Enable the "Corporate Usage Policy" checkbox and upload a proper TXT or HTML file. Admins will be able to preview the display to ensure it appears properly.
Once the usage policy has been enabled, make sure to Save the settings. Navigate to the Device Enrollment Program setup page and edit or create a new DEP profile. There is a check box to enable the usage policy (note it is only available for iOS 13+ and macOS 10.15+. Devices below the OS versions listed will not see any new behavior).Upon booting up a new device most of the enrollment workflows will remain the same. It isn't until the user gets to the authentication screen that they will notice a difference. Rather than seeing the embedded Apple screen, a MaaS360 window will pop up, and the user will see a more traditional manual enrollment UI (note: the user will not be able to adjust ownership). They will then be prompted to accept the MaaS360 native EULA, then the company EULA. If the user chooses not to accept either, the device will not complete enrollment, but will also not complete activation. They will not be able to move forward without accepting both.