| Task |
Path |
Best Practices |
| Create and Upload APNS Certificate |
In MaaS360, navigate to Setup> Services > Mobile Device Management > APNS Certificate |
- Use a shared Apple ID created with a company-managed email instead of a personal account. |
| Configure Directory and User Authentication Setup |
In MaaS360, navigate to Setup > Settings > Directory and Enrollments > User Authentication Setup > Select Default Authentication |
- By default, user authentication for enrollment is based on the authentication type specified in the user record (Local or Corporate). If you're using SAML, the default is configured in the User Authentication Setup settings. |
| Configure User Settings |
In MaaS360, navigate to Setup > Settings > User Settings > Basic > User Password Settings |
- By default, MaaS360 doesn’t generate passwords for local users. Manually set them for admin-driven setup, or auto-generate them for user enrollment.
- Corporate users authenticate through your directory using Cloud Extender or Entra ID.
|
| Configure iOS Security Policy (Supervised Enrollment) |
In MaaS360, navigate to Security > Policies > View the iOS policy > Supervised Settings |
- Supervised Settings allows administrators to deploy advanced configurations, enforce restrictions, and manage app deployment and user experience. |
|
Integrate MaaS360 with Apple Volume Purchase Program VPP (if applicable)
|
In MaaS360, Navigate to Apps > Catalog > More > Apple VPP Licenses > Add Token |
- Use Apple’s Volume Purchase Program (VPP) to install free and paid apps on supervised devices without requiring an Apple ID.
- The devices must be supervised to take advantage of silent installation. |
| Build an App Catalog |
In MaaS360, Navigate to Apps > Catalog > Add > iOS > iTunes App Store App |
- Distribute apps to devices across your organization directly from MaaS360.
- Use Security Policies to block users from uninstalling managed apps distributed to their devices.
|
|
Integrate MaaS360 with Apple Device Enrollment Program DEP
|
In Maas360, Navigate to Devices > Enrollments > Other Enrollment Options > Apple > Apple Device Enrollment > Tokens > Add Token |
- Ensure DEP token names are unique and clearly identifiable to prevent confusion during renewal.
- If an administrator is enrolling devices, disable the “Authenticate User” option in the profile. User assignment can be completed after enrollment through the MaaS360 portal.
- Configure and assign the DEP profile to automatically enroll the device into remote management and streamline initial setup by skipping selected Setup Assistant screens.
|
|
Begin Device Enrollment
|
Power on device > Follow on-screen instructions > Connect to the internet > Remote Management is prompted |
- If the devices are cellular, ensure Wi-Fi is available as a backup network in case cellular connectivity is unavailable during activation or enrollment.
- If the device encounters a failed DEP profile during enrollment, perform a factory reset using Recovery mode. This clears the failed configuration and allows the device to receive the correct DEP profile upon initial setup.
|
|
Assign Devices to Users (if applicable)
|
In Maas360, Navigate to Devices > Locate device > View > More > Assign User |
Note: If the Authenticate User setting was enabled in the Profile, then this is not applicable.
|
|
Manage Devices in the Portal
|
In MaaS360, navigate to Devices > Inventory > Locate the device > View to open the device summary > Select More to access all available actions |
Once your devices are enrolled, you can manage and monitor them all in the MaaS360 portal.
|