Jump to content

ESET MDM and Apple School Manager


Recommended Posts

Hello all,

is anyone successfully using ESET MDM with Apple School Manager?

My MDM-Server ist registered in ASM, but Devices are not enrolled at activation. Shouldn't that happen automatically?

I want to add devices to ASM with Apple Configurator, but for that i need an URL. Does anyone know the Enrollment-URL for ESET?

MDM solution preferences in Apple Configurator 2 - Apple Support

Is ESET MDM capable of deploying apps?

Thanks in Advance!

Christian

Link to comment
Share on other sites

  • ESET Staff

Hello,

We currently do not support ASM, only ABM is supported.

IIRC main reason was EP is device centric while ASM is user centric but I might be wrong on that one.

M.

Edited by Mirek S.
Link to comment
Share on other sites

Hello,

If I might chime in here, I believe we are having a similar issue.  Ours stems from needing to run Apple Configurator 2 on existing iPads that currently aren't in ABM.  When running through the configurator, it asks for the enrollment URL of the MDM solution (in this case, ESET Mobile Device Manager).

When using the enrollment URL for the new device (https://EMDM.xxx.xxx:9980/ebcsw5n7z), we're met with:

Unable to verify the server's enrollment URL.

The question is, is there a different enrollment URL we can use when enrolling unassociated iOS devices with ABM?

Regards,

Chris

Link to comment
Share on other sites

Actually Support helped me to get one step ahead by

  • using Apple Configurator 2 with URL https://mdm-server:9980/dep
  • some error-messages but certificates are shown
  • Using Admin-Login for ESMC, not shure if this is needed?
  • ipad booted twice, fatal error message but - success. Ipad shows up in ASM
  • Some Minutes Later ipad shows up in ESMC as an unmanaged Mobile Device. 
    Looks like Profile-Install has to be started manually?

So far so good, i can even install VPP-Apps over Apple Configurator, which is of course not as nice as doing it with MDM 😉

Bad thing: this is still not working with an ipad that ist allready in ASM, but as Mirek said ASM (School Manager) is not officially supported by ESET so i'm happy with what we got.

 

Link to comment
Share on other sites

On 1/25/2021 at 10:47 PM, Mirek S. said:

Hello,

We currently do not support ASM, only ABM is supported.

IIRC main reason was EP is device centric while ASM is user centric but I might be wrong on that one.

M.

Thanks for the info. Support told me ASM and Configurator 2 aren't officially supported but work somehow.

Do you know if thats on the roadmap? Ipads in Schools are getting quite big right now and it would be great if we could cover that with ESET.....

 

Link to comment
Share on other sites

  • ESET Staff
13 hours ago, ChrisC said:

Hello,

If I might chime in here, I believe we are having a similar issue.  Ours stems from needing to run Apple Configurator 2 on existing iPads that currently aren't in ABM.  When running through the configurator, it asks for the enrollment URL of the MDM solution (in this case, ESET Mobile Device Manager).

When using the enrollment URL for the new device (https://EMDM.xxx.xxx:9980/ebcsw5n7z), we're met with:

Unable to verify the server's enrollment URL.

The question is, is there a different enrollment URL we can use when enrolling unassociated iOS devices with ABM?

Regards,

Chris

Hello,

I believe this is different case, can You elaborate a bit why You need to run Apple Configurator 2 on devices (for supervised mode) ?

Also as far as I know it's impossible to add devices not bough via ABM into ABM.

M.

Edited by Mirek S.
Link to comment
Share on other sites

  • ESET Staff
3 hours ago, Christian Stück said:

Thanks for the info. Support told me ASM and Configurator 2 aren't officially supported but work somehow.

Do you know if thats on the roadmap? Ipads in Schools are getting quite big right now and it would be great if we could cover that with ESET.....

 

Currently no,

And as we now have cloud MDM, there is not much of chance this will ever happen with on premises version.

Link to comment
Share on other sites

Hello Mirek,

Quote

I believe this is different case, can You elaborate a bit why You need to run Apple Configurator 2 on devices (for supervised mode) ?

Also as far as I know it's impossible to add devices not bough via ABM into ABM.

We need to run Apple Configurator 2 on multiple iPads because they were not purchased through ABM authorized resellers.  This appears to be possible, and supported:

https://support.apple.com/hr-hr/guide/apple-configurator-2/cad99bc2a859/mac

Regards,

Chris

Link to comment
Share on other sites

  • ESET Staff

Thanks,

We will definitely checks this. Seems like information on our side is outdated and Apple now supports adding devices not purchased via ABM/ASM into ABM/ASM.

This actually helps us as well as we have multiple devices not purchased via ABM not usable for ABM testing...

Link to comment
Share on other sites

Mirek,

Fantastic news!  This would be really helpful for us as we have a myriad of iOS devices that we'd like to add to ABM as well as ESET MDM.

Could you keep me updated on your progress?  I have opened case number 489959 about this.

Regards,

Chris

Link to comment
Share on other sites

7 hours ago, Mirek S. said:

Thanks,

We will definitely checks this. Seems like information on our side is outdated and Apple now supports adding devices not purchased via ABM/ASM into ABM/ASM.

This actually helps us as well as we have multiple devices not purchased via ABM not usable for ABM testing...

Hello Mirek,

can confirm this is working with ASM so maybe will work with ABM also.
MDM-URL is https://your-emdc:9980/dep

Got some fatal errors in AC2 and on the ipad but in the end the ipad appeared in ASM and PROTECT.

Link to comment
Share on other sites

On 1/27/2021 at 1:31 PM, Mirek S. said:

Currently no,

And as we now have cloud MDM, there is not much of chance this will ever happen with on premises version.

Okay, customer is testing intunes now. 

So you think protect on-prem will be left behind Protect-Cloud over time? 

Link to comment
Share on other sites

  • ESET Staff

@Christian Stück

Nothing is in stone yet, but it's the direction ESET is currently pushing forward. In any case if this happens there would be transitional period and a way to move devices from EP to EPC.

@ChrisC

I will update this thread once we are able to test and figure out how it should work. However it will likely require release. The ASM issue is different as device is already in Apple remote profile (ASM/ABM sync part is similar) - MDM knows it's serial number so it allows enrollment.

Link to comment
Share on other sites

  • 1 month later...
  • ESET Staff
Posted (edited)

@ChrisC Hello, after testing addition to ABM via Apple Configurator 2 we found some quirks in process.

* Device must have internet connectivity during erasure phase (You can't input it manually on device). For devices without data SIM this can be archieved by installation of WiFi profile (including valid authentication) via APC2.

* Checkbox "Activate and complete enrollment" must be disabled in APC2.

* Device must be assigned to MDM server on ABM side before any progress on device is made after reset.

* MDM must synchronize with ABM before any progress on device after reset is made and after it's assigned to MDM on ABM server. This can be archieved by restarting MDM service and waiting 2 minutes.

* URL configured in APC2 seems to be only used to preinstall certificates onto device. You may input any URL or empty field to skip this step and even though APC2 will output error in step directly following this one it's harmless.

We will most likely document some parts or entire process and possibly look into improving ABM synchronization part where MDM restart is currently required to force sync.

HTH,

M.

Edited by Mirek S.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...