https://support.eset.com/kb5771
Issue
- Configure ESET Remote Administrator 6.3 or 6.4 to manage iOS devices using ESET Mobile Device Management
Solution
To enroll iOS device in ESET Mobile Device Connector, follow these steps:
III. Create an MDM Policy
IV. Register your iOS device in ERA
VI. Create an activation Task for iOS MDM
I. Create a MDM certificate
This step is not required if you already have HTTPS certificate (3rd party HTTPS certificate signed by trusted Certification Authority, or certicate created in ERA and signed by ERA CA). In that case, skip part I. and move to part II.
- Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in. How do I open ERA Web Console?
- Click Admin → Certificates → New → Certificate.
Figure 2-1
Click the image to view larger in new window
- In the Basic section, complete the following fields:
Product: Select Mobile Device Connector from the Product drop-down menu.
Host: Type the IP address or Hostname of the server where Mobile Device Connector is installed into the Host field.
In case the MDM server is not visible from the internet and the communication is port-forwarded from a router that is visible to the outside network, use the IP adress or Hostname of the router instead.
Figure 2-2
Click the image to view larger in new window
-
In the Attributes (Subject) section:
Organization: Type your Organization name used in ESET Remote Administrator.
- Expand the Sign section and click Select Certification Authority.
Figure 2-3
Click the image to view larger in new window
- Select the certification authority that you want to use and then click OK.
Figure 2-4
Click the image to view larger in new window
- Click Finish and proceed to part II.
II. Create an APN certificate
- Click Admin → Certificates → New → APN Certificate.
- Specify the certificate attributes and then click Submit Request.
- In the Download section, use the links provided to download the Private Key and CSR and save to your hard drive.
Figure 3-1
Click the image to view larger in new window
- Click Open Apple Portal or navigate to https://identity.apple.com/pushcert in your web browser and sign in with your Apple ID.
Figure 3-2
Click the image to view larger in new window
- Click Create a Certificate.
Figure 3-3
Click the image to view larger in new window
- If you agree to the Apple Push Certificates Portal Terms of Use, click Accept.
- Click Browse, select the CSR certificate you downloaded in step 3 above, click Open and then click Upload.
Figure 3-4
Click the image to view larger in new window
- After the upload completes (this may take some time and you may need to refresh the browser), click Download next to the Mobile Device Management certificate and save the certificate to your hard drive.
Figure 3-5
Click the image to view larger in new window
- Proceed to part III.
III. Create an MDM Policy
- Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in. How do I open ERA Web Console?
- Click Admin → Policies.
- Click Policies → New.
- Expand Basic and type a name for the policy into the Name field (the Description field is optional).
- Expand Settings and select ESET Remote Administrator Mobile Device Connector from the drop-down menu.
- Type the Hostname (IP address) of the server where Mobile Device Connector is installed. In case the MDM server is not visible from the internet and the communication is port-forwarded from a router that is visible to the outside network, use the IP adress or Hostname of the router instead.
- Type your actual organization's name used in ESET Remote Administrator into the Organization field (this name is used by the enrollment profile generator to include this information in the profile).
Figure 4-1
Click the image to view larger in new window - In the HTTPS certificate section, click Change certificate → Open certificate list and then select the MDM Certificate created in part II.
- In the Apple Push Notification Service section, upload the two Apple Push Notification Service files to their respective items:
- APNS Certificate (signed by Apple) - this is the file downloaded from the Apple's portal, usually named:
MDM_ESET, spol. s.r.o._Certificate.pem
- APNS Private Key - this is the file created in part II, step 3, usually named:
APN Private Key Export CN= ... .pem
- APNS Certificate (signed by Apple) - this is the file downloaded from the Apple's portal, usually named:
- In the Agents section, click Change certificate. Click Open certificate list and select the Agent Certificate you created after installing ESET Remote Administrator.
- Click Assign to display all Static and Dynamic Groups and their members. Select the Mobile Device Connector instance that you want to apply an APNS Certificate to and click OK.
When you are finished, proceed to part IV.
IV. Add your mobile device in ERA and send an enrollment link
ERA version 6.3 and earlier: Click here for instructions.
- Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in. How do I open ERA Web Console?
- Click Computers, select the group to which you want to add your mobile device(s), and then click Add New → Mobile devices.
Figure 5-1
Click the image to view larger in new window
- In the Add mobile devices window, select Enrollment via e-mail and click Continue. To enroll a single device at a time, select Individual enrollment via link or QR code. Click here for step-by-step instructions.
Figure 5-2
Click the image to view larger in new window
- Select the target MDM Connector, the ESET license that will be used for activation, and the target group.
- To simplify the mass enrollment process, you can create a CSV file in advance, which will include the required data. To import a CSV file, click Import CSV.
- Expand Delimiter and select the delimiter you used in the file (semicolon, comma, space).
- Expand Column Mapping, use the drop-down menus next to Email Address, Device Name, and Description to assign the columns from your CSV file to the designated columns required for the import. When you are finished, click Import.
- Click Enroll and proceed to part V.
- Select Individual enrollment via link or QR code in the Add mobile devices window and click Continue.
- Type in the Device name and Decsription, select the MDM Connector and ESET License, and then click Nextto proceed.
- In the last preview window you can see a summary of the enrollment, including the download link and QR code. Click Enroll and proceed to part V.
V. Enroll your iOS device
- On your mobile device(s), access the enrollment email that you sent in part IV above and tap the enrollment link.
Figure 6-1
- At the Install Profile screen, tap Install, and then tap Install again.
Figure 6-2
Figure 6-3
- Tap Trust to allow installation of the new profile.
- After installing the new profile, the Signed by field will display that the profile is Not Signed. This is a standard behavior for any MDM enrollment because iOS does not yet recognize the certificate.
- Continue to part VII to activate the product.
VI. Create activation Task for iOS MDM
After completing parts I – V above, the device will appear in the Computers section of ESET Remote Administrator under Lost & Found and will automatically be added to the dynamic group Mobile devices → iOS devices.
Send an activation task from ESET Remote Administrator using the instructions in the following article: How do I activate ESET business products in ESET Remote Administrator? (6.x)
- Click Computers, select the group to which you want to add your mobile device(s), and then click Add New → Mobile devices.
Device enrollment for ERA 6.3 and earlier:
- Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in. How do I open ERA Web Console?
- Click Computers, select the group to which you want to add your mobile device(s), and then click Add New → Mobile devices.
Figure 7-1
Click the image to view larger in new window
- Type a name for the task into the Name field.
Figure 7-2
Click the image to view larger in new window
- Expand Mobile Device Connector and click Select. Select the MDC instance you will use to distribute the MDM profile and then click OK.
Figure 7-3
Click the image to view larger in new window
- Expand Settings and type the following information into their respective fields:
- ​Type the Name of the mobile device (this name will be shown in the list of Computers).
- Type the IMEI number, Wi-Fi Mac address or Serial Number (use the Serial Number for iOS devices without cellular capability, such as iPads and iPods) for your device into the Device Identification field.
- Type the email address that is associated with the mobile device.
- ​Type the Name of the mobile device (this name will be shown in the list of Computers).
- Select the Email enrollment link option.
Figure 7-4
Click the image to view larger in new window
- Click Finish when you are finished entering names and identification information for all of your devices.
- Click Send enrollment link to send your enrollment emails to client devices.
Continue to Part V below to add the MDM profile on your client devices.
Warning:
The Hostname in the HTTPS certificate MUST MATCH the Hostname that you set up in the ESET Mobile Device Connector Policy.
Warning:
The Hostname in the HTTPS certificate MUST MATCH the Hostname that you set up in the ESET Mobile Device Connector Policy.
Add a comment
Please log in or register to submit a comment.