This guide provides a streamlined checklist to deploy MaaS360 for basic iOS device management—ideal for organizations that don’t require full device supervision or advanced control. Devices may be personally-owned or company-owned without supervision (i.e., not enrolled via Apple Business Manager or Apple Configurator). There is no separation of work and personal content in this enrollment without the addition of the MaaS360 Secure Productivity Suite.
Use this setup when:
Your employees are either using personally-owned devices or receiving company-owned devices that are not supervised. In this scenario, the user or an administrator must manually install the MaaS360 management profile on each device. Enrollment does not require a factory reset, allowing for quick setup. However, because the devices are not supervised, users can remove the management profile at any time. This basic level of management is better suited for personally owned devices, as it offers limited policy enforcement and reduced control over the device compared to supervised deployments.
Deployment tip:
MaaS360 offers a wide range of features, settings, and configuration options to support your device management goals. This checklist is designed to help you get started with the most common and essential tasks. We recommend beginning with a small group of devices to test and refine your configuration, then scaling your deployment based on what works best for your environment.
Before you begin:
Make sure the following steps are completed before deploying MaaS360 for basic iOS device management.
- Complete the MaaS360 Getting Started Checklist
- Configure your User Directory in MaaS360 (corporate or local)
- Set up your Apple Push Notification service (APNs) certificate
- Choose a device enrollment method:
- Self Service URL – Publish a general link users can access to enroll their device using their corporate or local credentials.
- Unique Enrollment Request – Send an enrollment request to the user's device via email or SMS with an OTP.
- Bulk Add – Generate enrollment requests that are sent to multiple users in bulk. They are accompanied by an OTP, but corporate or local credentials can also be used for authentication.
The following tasks outline step-by-step instructions to help you seamlessly enroll and manage your iOS devices using MaaS360.
| Task |
Path |
Best Practices |
|
Create and Upload APNS Certificate
|
In MaaS360, navigate to Setup> Services > Mobile Device Management > APNS Certificate
|
- Use a shared Apple ID created with a company-managed email instead of a personal account.
|
|
Configure Directory and User Authentication Setup
|
In MaaS360, navigate to Setup > Settings > Directory and Enrollments > User Authentication Setup > Select Default Authentication
|
By default, user authentication for enrollment is based on the authentication type specified in the user record (Local or Corporate). If you're using SAML, the default is configured in the User Authentication Setup settings. |
| Configure User Settings |
In MaaS360, navigate to Setup > Settings > User Settings > Basic > User Password Settings |
- By default, MaaS360 doesn’t generate passwords for local users. Manually set them for admin-driven setup, or auto-generate them for user enrollment.
- Corporate users authenticate through your directory using Cloud Extender or Entra ID.
|
|
Configure iOS Security Policy (Manual Enrollment)
|
In MaaS360, navigate to Security > Policies > View the iOS policy > Device Settings / Advanced Settings
|
- Only Device Settings and Advanced Settings apply to Manually enrolled iOS devices.
- Supervised Settings are not relevant unless the device is DEP enrolled using Apple Business Manager (ABM) or Apple Configurator. |
|
Generate Enrollment Request (s) (If Applicable)
|
In MaaS360, navigate to Users > Directory > Locate the user > Add Device > Do Not Select (Enroll using iOS User Enrollment) > Send Request
|
To send multiple enrollment requests at once, use the Bulk Add feature. Navigate to Devices > Enrollments > Other Enrollment Options > Bulk Enrollment.
|
|
Self Service Enrollment URL (If Applicable)
|
In Maas360, navigate to Setup > Settings > Basic Enrollment Settings > Self Enrollment > Your users can add a new device from the URL (Specific enrollment link to your account is listed)
|
By default, the Self Enrollment URL includes your account ID as the corporate identifier. To customize the URL, edit the Corporate Identifier in Basic Enrollment Settings. |
|
Manage Devices in the Portal
|
In MaaS360, navigate to Devices > Inventory > Locate the device > View to open the device summary > Select More to access all available actions |
Once your devices are enrolled, you can manage and monitor them all in the MaaS360 portal.
|
To learn more, explore the IBM Documentation or visit our YouTube channel Big Blue Helps for step-by-step MaaS360 tutorials.