Device Provisioning - Apple

Apple provisioning overview
Cerberus Enterprise supports enrolling and managing Apple devices. Apple provisioning requires an APNs certificate and can be performed using different enrollment methods. Prerequisite: configure Apple Management (APNs) Before enrolling any Apple device, complete Apple Management setup (APNs) . Choose an enrollment method Manual enrollment (Enrollment Profile) This method provides an enrollment URL and a configuration profile file (mobileconfig) that you install on the device. Read Apple manual enrollment . Automated Device Enrollment (ADE) This method integrates with Apple Business Manager to automate enrollment for company-owned devices. Read Apple Automated Device Enrollment (ADE) . You can use manual enrollment and ADE in parallel, depending on your device fleet and purchasing process.

Apple manual enrollment (Enrollment Profile)
Cerberus Enterprise supports manual enrollment for Apple devices using an enrollment URL and an enrollment profile file. Manual enrollment is available when Apple Management (APNs) is configured. If you have not completed APNs setup yet, read Apple Management setup (APNs) . Get the enrollment URL and profile Open the Enrollment section in the dashboard and select the Apple manual enrollment (Enrollment Profile) tab. Copy the Enrollment URL , or use the send-by-email action. Download the Enrollment Profile (mobileconfig file). How to enroll an iPhone or iPad iOS/iPadOS 15.0+ Send the enrollment profile file ( enroll.mobileconfig ) to the device, or open the Enrollment URL in Safari on the device. On the device, open Settings → Profile Downloaded → Install , then follow the instructions. After enrollment, you can verify the status in Settings → General → VPN & Device Management (or Profiles & Device Management ). Only install enrollment profiles that you obtained from your Cerberus Enterprise dashboard.

Apple Automated Device Enrollment (ADE)
Automated Device Enrollment (ADE) integrates with Apple Business Manager (ABM) to automatically enroll company-owned devices when they are turned on for the first time (or after a factory reset). ADE requires Apple Management (APNs) to be configured first. If needed, read Apple Management setup (APNs) . How to enroll devices automatically Add devices to your Apple Business Manager account. After adding new devices to your ABM account, sync them in Cerberus Enterprise from the Devices section using the Sync from ABM action. Create an ADE profile in the dashboard from Enrollment → Apple Automated Device Enrollment (ADE) → New ADE profile . Assign an ADE profile to a device from the device details page using the ADE profile field. ADE profile settings (overview) An ADE profile controls how the device is enrolled and how Setup Assistant behaves. In Cerberus Enterprise, an ADE profile includes a name, an optional initial policy, and some enrollment options. Profile name A human-readable name for the profile (for example, Default ADE profile ). Policy The policy initially applied to enrolled devices. You can assign a policy when creating a new ADE profile. Enrollment options MDM removable : controls whether the MDM payload can be removed from the device. Allow pairing : controls whether pairing is allowed (deprecated by Apple in iOS 13). Auto-advance setup : automatically advances Setup Assistant through its screens. Await device configured : blocks Setup Assistant until the server marks the device as configured. Mandatory : prevents skipping profile application during setup. Multi user (Shared iPad) : configures the device for Shared iPad. Supervised : requests supervision for the device. After a device has an ADE profile assigned, it is ready to be automatically enrolled.