eSIM Management for Apple devices
Apple devices may be using LTE connectivity and may be equipped with an eSIM instead of a physical SIM chip : https://support.apple.com/en-us/HT209044
FileWave and Apple offer options to manage these eSIM devices.
Restrict access to eSIM settings:
Deploying iOS / restrictions profile allows you to restrict access to eSIM settings, to make sure the device user is not changing the carrier:
Configure eSIM:
While eSIMs can be configured manually, it is possible to use FileWave to update eSIM configurations remotely for your devices. Carriers should provide you a cellular plan url which will be used by the device to get the Carrier configuration.
To have your devices refresh the cellular plan:
1. Create a new profile | |
2. Select "Command Policy" in the iOS and macOS 10.10+ section | |
3. In the profile definition, enter the url provided by your carrier in the Refresh Cellular Plan section | |
4. Deploy the profile to the corresponding devices |
The command will be sent to the device at each verify ; you may want to remove devices from corresponding groups once they have been configured properly to avoid re-sending the command too frequently.
Prior to iPadOS 13.4, the eSIM restriction would impact the ability of refreshing Cellular Plan via your MDM. If you have devices earlier than 13.4, then It is required to remove the restriction before deploying the Command Policy profile updating the plan. Upgrading your iPadOS device to 13.4.1 solves this issue.
The following options are also available in the iOS restriction payload to allow you configuring access to cellular settings:
Automatic configuration of new devices
If you buy a large number of eSIM capable devices, you may want to automate the process of configuring the eSIM during enrollment.
This can be achieved with:
- a Profile Fileset, with a "Command Policy" which will define Refresh Cellular Plan url provided by your carrier
- Create a smart group with the following criteria:
- All involved devices (see notes below on identifying devices)
- Empty phone number
When enrolling a new device, it will be a member of our defined smart group and we'll assign the Refresh Cellular command to configure the eSIM to the group as well. Once that command is completed, the device will then report having a phone number and will thus be excluded from the Smart Group in future.
Currently, iOS devices do not report if they are eSIM capable or not, so it's not possible to create a Smart Group based on a built-in inventory field. However, there are a couple of ways this can be worked around:
- Use a specific DEP server in ASM/ABM, add all matching devices and use the DEP account field in the Smart Group (this would be a manual operation in ASM/ABM)
- Slightly easier, you can add your devices as placeholders, and create a specific Custom Field to flag matching devices and use the Custom Field in the Smart Group
- Filter devices by model as only some models are eSIM capable. Apple lists them here : https://www.apple.com/ipad/cellular/ ; Mactracker, a free macOS app, can also be used to get information about device capabilities.