Skip to main content

Apple Manual Enrollment

Not able to use DEP?

Apple's Device Enrollment Program is great but you may find that all or some of your devices aren't showing in Apple School Manager or Apple Business Manager. Devices are usually excluded because they were not purchased directly from Apple or an Authorized Reseller. iOS device capable of running iOS 11+ can be manually added to your ASM/ABM account but unfortunately this not yet an option for macOS. This section covers several manual enrollment methods and why you might need to leverage them.

Add iOS devices to ASM/ABM using Apple Configurator 2

If you have an iOS 11+ or tvOS 11+ device that was not originally purchased from Apple or an Apple Authorized Reseller, you can manually add the device to ASM/ABM using Apple Configurator 2. Please first review Apple's documentation here followed by FileWave Knowledge Base article here for more FileWave-specific processes. Once the device has been added to ASM/ABM you can take advantage of DEP for any future enrollments of this device.

MDM enroll iOS or macOS using URL Enrollment

If you are unable to enroll devices using DEP, you can still MDM enroll an iOS or macOS device using FileWave's URL Enrollment method. This method is commonly used to allow an end-user to MDM enroll a previously configured device without the need for a Factory Reset. The one downside to this enrollment method is that the end-user will have the ability to remove the MDM Profile and unenroll their device from the FileWave MDM. This process also requires the macOS users to have Administrator privileges in order to install the MDM Profile.

If getting authentication required during enrollment, please review this section to learn how to disable URL enrollment authentication. 

macOS URL Enrollment

    Navigate to "https://yourfilewaveserver.domain.com:20443" using web browser of choice. Click the large "Enroll Device" button to download the MDM Enrollment Profile.
      If using a self-signed certificate, you will see an additional step to download certificate. If enrollment authentication is enabled, please authenticate. Located the downloaded MDM Enrollment Profile "enroll.mobileconfig". Double-click on the "enroll.mobileconfig" file. Open "System Preferences > Profiles" from your macOS menubar. Click "Install" next to the "FileWave OTA Enrollment" Profile. Click "Install" again at the next prompt and authenticate using your macOS Administrator credentials. The MDM Enrollment Profile is now installed and the FileWave Client will be installed automatically.
        If you have not imported your custom macOS FileWave Client, please review the Generate custom FileWave Client for macOS DEP enrollments section.

        iOS URL Enrollment

          Navigate to "https://yourfilewaveserver.domain.com:20443" using iOS Safari.

          Click the large "Enroll Device" button to download the MDM Enrollment Profile.

            If using a self-signed certificate, you will see an additional step to download certificate and manually trust.

            If enrollment authentication is enabled, please authenticate.

            "Allow" the Profile download, acknowledge the "Profile Downloaded" prompt, and navigate to "Settings".

            Click the "Profile Downloaded" item from the "Settings" and click "Install".

            Click "Install" again and "Trust" the "Remote Management" prompt.

            Your iOS device is now MDM enrolled and you should see the "FileWave App Portal" on the Home Screen.

            iOS User Enrollment (BYOD)

            Starting with iOS 13, FileWave allows your end-users to enroll using User Enrollment. This is a new form of BYOD enrollment that allows your organization to deploy VPP applications to the devices while keeping other end-user data private from the MDM. This method also required the use of Managed Apple IDs configured in either Apple School Manager or Apple Business Manager.

            For more in-depth information and setup of iOS User Enrollment, please consult the following FileWave Knowledge Base article iOS BYOD User Enrollment. This article contains a video walk though of the enrollment process along with the limitations of iOS User Enrollment.

            Enroll non-MDM macOS Client

            Enrolling a macOS device outside of the MDM is possible although it is unrecommended. To enroll a non-MDM macOS device into FileWave, you will need to simply install the FileWave Client PKG using a macOS Administrator account.

            Features unavailable with non-MDM macOS enrollment

              VPP content deployment Profile Deployment (macOS Big Sur unsupported) Profile Restrictions (Security and Privacy) FileVault Disk Encryption with Key Escrow Remote Shutdown/Reboot Lock Device Activation Lock Bypass Firmware Password Management Software Updates via MDM (macOS Big Sur)

               

              Features available with non-MDM macOS enrollment

                Location Tracking Fileset Deployment (PKG, .app, scripts) Limited Profile Restrictions Observe Client Remote Wipe Inventory w/ Custom Fields Legacy Software Updates

                Generate a custom FileWave Client PKG

                  Open the FileWave Customer Installer Builder for macOS. Fill out the settings accordingly. Click the "Build" button and wait for the automatic download. Extract ZIP and install the customized FileWave Client PKG.
                    Mandatory Settings Product Version = Your FileWave Server Version Sync Computer Name = macOS Hostname will be FileWave Client Name (recommended) Server Name = Fully Qualified Domain Name of your FileWave Server Server Port = 20015 (do not modify) Client Password = Password used to change individual Client Preferences and to start screen-sharing session
                    Optional Settings Is Tracking = Is Location Tracking Enabled for macOS Clients Monitor Port = Port used for FileWave Client Monitor (do not modify) Overwrite Configuration = Overwrite any existing FileWave Client configuration with settings entered here (recommended) Remotecontrol Enabled = Screen-sharing enabled for macOS Clients Remotecontrol Prompting = Whether or not to Prompt the end-user before starting screen-sharing session Server Certificate = Only upload certificate is using a Self-Signed Certificate; not required for CA-signed certificate Server Publish Port = 20005 (do not modify) Tickle Interval = Idle time for macOS Clients before checking for new Model Update (do not modify) Vnc Relay Port = 20030 (do not modify) Vnc Server Port = 20031 (do not modify)
                    Booster Settings Do not configure unless instructed by FileWave SE

                  Back to top