14.4 Enrolling an iOS Device Manually

This scenario shows you how to enroll an iOS device as a non-supervised device using the ZENworks User Portal. The following enrollment procedure was performed on an iOS 12.2 device.

  1. In the Safari browser on the iOS device, enter ZENworks_server_address/zenworks-eup, where ZENworks_server_address is the DNS name or IP address of the ZENworks MDM Server. For example, if the IP address of your server is 10.0.0.0, then specify 10.0.0.0/zenworks-eup as the EUP page URL.

    NOTE:Ensure that the Safari browser is not running in the private mode if the iOS version of the device is less than 11.

    iOS devices 10.3 and later versions no longer use SHA-1 signed certificates. You need to move to SHA-256 certificates to ensure that the device enrolls to ZENworks successfully. For more information, see Apple Support.

    The login screen for the ZENworks User Portal is displayed. You use the ZENworks User Portal to enroll devices to the zone.

  2. Enter the user’s user name and password. If Allow Simple Enrollment option is selected for the user source to which the user belongs, then the registration domain need not be specified or else specify the registration domain. For information, see Section 6.1, Enabling a User Source for Mobile Device Enrollment. Tap Sign In.

    NOTE:If the Allow Simple Enrollment option is not enabled or the registration domain name is not configured, then you can specify the configured user source name in the Domain field while enrolling a device.

    All devices associated with the user, are displayed in the ZENworks User Portal.

  3. Tap Enroll in the upper-right corner to display the enrollment options for the device.

    The enrollment options are determined by the user’s Mobile Enrollment policy. For details, see Creating and Assigning a Mobile Enrollment Policy.

  4. Tap Managed Device Only to display the Enroll Device Options screen. If you have configured your Mobile Device Enrollment policy to allow the user to specify the device ownership (corporate or personal), you are prompted for that information. Select the appropriate device ownership option and click OK.

  5. Tap Download Certificate.

    NOTE:If you are enrolling an iOS 12.1.2 or older device, on clicking Download Certificate, you will be navigated to the Install Profile screen. Click Install and follow the prompts to install the profile.

    1. Allow the website to download the configuration profile.

    2. The configuration profile will be downloaded. You can now proceed to the Settings menu to download the profile.

    3. Navigate to the Settings menu on the device, click General > Profiles.

    4. Tap ZENworks Trust Profile.

    5. Install the profile.

  6. Enable the enrollment certificate on the device. To enable the certificate:

    NOTE:These steps are not applicable for an iOS 10.2 or older device and you need to proceed with installing the ZENworks Device Enrollment Program Profile.

    1. Navigate to the Settings menu on the device and click General > About.

    2. Click Certificate Trust Settings.

    3. Enable the root certificate displayed on the screen and follow the prompts to install the root certificate. Navigate back to the EUP page.

  7. Tap Download Profile in the Enroll as Managed Device screen.

    NOTE:If the user is enrolling an iOS 12.1.2 or older device, then on clicking Download Profile, the user will be navigated to Install Profile screen. Tap Install and follow the prompts to install the profile.

    1. Allow the website to download the profile.

    2. The configuration profile will be downloaded. You can now proceed to the Settings menu to download the profile.

    3. Navigate to the Settings menu on the device to install the profile and tap General > Profiles.

    4. Tap ZENworks Device Enrollment Program Profile.

      The ZENworks Device Enrollment Program Profile contains the MDM profile required for ZENworks to manage the device.

    5. Tap Install and follow the prompts to install the profile.

  8. Navigate back to the EUP page. The device is displayed in the My Devices list with the status as Enrollment in Progress. You need to refresh the browser to update the status to Device is Active.

    NOTE:If the device remains in Enrollment in Progress state for a considerable amount of time, then in the ZENworks User Portal, tap the refresh icon appearing against the device.

    At this point in time, you can view the enrollment mode on the Device Information page in ZCC. To view the device information, from the left hand side navigation pane in ZCC, click Devices > Mobile Devices (or navigate to the folder as configured in the Mobile Enrollment Policy) and select the appropriate device. The enrollment will be displayed as iOS MDM.

  9. An email account is automatically set up on the device based on the Mobile Email Policy assigned to the user or the device.

    NOTE:If an Exchange ActiveSync account was manually configured on the iOS device before it was enrolled, then it should be deleted as an email account will be automatically configured on the iOS device if a Mobile Email policy is assigned.

After the device is enrolled to the ZENworks Management Zone, the enrollment mode of the device is displayed as iOS MDM + ActiveSync on the Device Information page in ZCC.