View - Sources

The Sources View of the FileWave Anywhere can be thought of as a configuration view for the FileWave system. Today it is limited to Apple configuration elements, but before too long we'll see Google and Microsoft settings in here as well.

We will use this view whenever we need to do something like renew an APNS certificate, DEP, or VPP token.

Apple General Settings (APN)

What

At the very top of the Sources View for Apple services, you will find some overall settings related to Apple in general.

When/Why

We will need to specify these settings when our FileWave server is first setup, and will need to revisit this section at least annually to renew our APN (Apple Push Notification) certificate.

How

We'll discuss APN renewal in a moment, but let's talk about the other two preferences first:

APNS renewal (the first item in the above) must be done at least annually.  The APN cert is the certificate that allows your MDM server to talk to Apple, which in turn then talks to devices on our behalf.  If the certificate expires, then all communication to devices is cut off from the FileWave server.  So yes, a relatively important certificate!

The only piece of the renewal that is done in the WebAdmin is the upload of the new certificate, but you'll want to reference the below documentation on APN renewal for all of the detailed steps for creating that certificate (dependent on platform of your admin workstation).

DEP Accounts (Tokens)

What

DEP Token(s) allow your FileWave server to talk to Apple's DEP (Device Enrollment) services.  This service is critical in supporting automated enrollment workflows, and is also critical in making sure your devices are able to be managed at the enterprise level.

When/Why

We are going to use the DEP Accounts section of the Sources view whenever we want to add, remove or update a DEP token.  Only through valid token(s) can the FileWave server talk to Apple to get device based information.  This same method of communication is used to send our DEP profile information back to Apple for installation on the endpoint during the Setup Assistant phase.  So, yes, it is critical!

How

Edit and Deletion of Tokens are done from the actions menu for any particular token as shown below.  Obviously one needs to take care before deleting a token, so you will be prompted for confirmation.

Editing (aka renewing) or adding a token consists of the following 3 steps:

  1. Download the FileWave server's public Key and save it locally (this identifies the server to Apple)
  2. Login to either ASM or ABM and add or update MDM server as appropriate with above public key, and then download the generated DEP token
  3. Upload the DEP Token back into FileWave

Apple's DEP servers prevent communication when your external IP changes, and traffic will be blocked until you renew your token.  This most often happens in the instance of your network doing some type of disaster recovery failover.

DEP Synchronization

Your FileWave server synchronizes nightly with Apple DEP servers automatically. However, if you need to sync manually in the mean time you can do so from this view by clicking the () icon.  You'll be prompted for either a Sync (recommended) or a Full Sync (use only under special circumstances) as shown below:

 

DEP Profile Workflows

What

Having DEP Profiles defined is one thing, but having them assigned to devices is another...and critical.  DEP Profile workflows allow us to automatically assign DEP profiles based on programmatic criteria.

When/Why

As much as possible we always want to use automatic profile assigning rules.  Automatic assignment saves us time from having to manually assign profiles, and ensures that even brand new devices that are still in shrink wrap will have a DEP profile assigned correctly.

Reminder: DEP profile assignment, or changes in assignment impact nothing on the device's current state.  Those changes are only pertinent the NEXT time the device goes through the setup assistant.

You might find you only need one workflow, or you may find you need many...it tends to be driven by the number of DEP profiles you have.  In general, fewer DEP profiles is better (to reduce complexity).

How

Creating a new profile workflow is very similar to creating a smart group or a report.  However, you'll notice in the below that we use the Operating System field from the DEP Devices table to assign our AppleTV profile to all AppleTV devices.  We explicitly use that field because it comes directly from the DEP sync with Apple, and will always be populated, where FileWave normal inventory fields will only be populated AFTER enrollment.

Watch below as we assign all AppleTVs to the AppleTV profile we created earlier:

DEP Profiles

What

The DEP Profile section allows us to create, edit and remove DEP (Apple Device Enrollment) profiles.

When/Why

There are a lot of different reasons for creating and editing DEP profiles, but in general DEP profiles control device setup behavior for Apple devices.  With these profiles we can control what dialogs users see during device setup, force devices to enroll in our MDM environment, and even control device naming.  DEP profiles are a critical part of setting up automated device enrollment and setup.

How

The below is a quick run-through of creating (and editing) a new DEP Profile targeting AppleTV devices.

VPP Tokens

What

VPP (Volume Purchase Program) Tokens from Apple allow us to utilize licenses purchased for App store resources on our FileWave server.  You may have one or many VPP tokens.

When/Why

In ABM/ASM (Apple Business Manager / Apple School Manager) terminology tokens are created and allow access to licenses purchased within a location.  The VPP tokens section of the Sources View allows you to Add, Edit and Remove VPP tokens.

How

Adding a new token is done by simply clicking the plus icon ().  Editing and removal are done through the actions menu, and removal is only possible if all payloads are removed beforehand.

Whether adding a new, or refreshing an existing, token, the steps are the same, and and require the token from Apple:

  1. Download the appropriate location based token from ABM/ASM
  2. Upload the Token to FileWave
  3. Set the Country/Language as needed
  4. Provide a local descriptive name for the Token
  5. Specify where you would like VPP payloads to be created (default is root)

Be aware that if you attempt to import a VPP token already in use on another system, FileWave will warn you as shown:

Only import a token in this circumstance if you are certain it will not interfere with another MDM server.