Enrolling Devices

Enrollment is the process of adding devices to Jamf School to establish a connection between the devices and the Jamf School server. This allows you to perform inventory, configuration, security management, and distribution tasks on the devices. When mobile devices are enrolled, inventory information for the devices is submitted to Jamf School. If you are changing from another MDM provider to Jamf School and the device is not enrolled via automated enrollment (formerly DEP), or if you want to remove the MDM profile from a device enrolled in Jamf School through on-device enrollment, you must remove the MDM profile from your devices manually before enrolling them.

Note: To access all management features, it is recommend you use supervised devices with iOS 9.3.5 or later.

There are three ways to enroll devices with Jamf School:

  • Apple School ManagerEnrolling devices with Jamf School by using Apple School Manager allows you to automate enrollment and prevent users from removing the MDM Profile from the devices. This is the enrollment method recommended by Apple. For more information, see the following article from Apple's support website: https://support.apple.com/HT204142

  • Apple Configurator 2 (iOS and tvOS only)If you want to use automated enrollment but your devices are not in Apple School Manager, you can use Apple Configurator 2 to add them to Apple School Manager.

  • On-device enrollmentOn-device enrollment allows you to manually enroll a device in Jamf School. Enrolling devices with on-device enrollment results in an unsupervised device state. Users can remove the MDM profile on devices enrolled via on-device enrollment, and you cannot use all management capabilities on them. As a result of this, it is recommended that you only enroll devices with on-device enrollment if you cannot enroll them with Apple School Manager or Apple Configurator 2.

Note: If Jamf School is integrated with Microsoft Azure, you can require enrollment authentication when enrolling devices via automated enrollment.

Apple School Manager

To add a device to Apple School Manager, you must first download the public key before adding the Jamf School server to Apple School Manager.

Downloading a Public Key from Jamf School

You can download a public key (.pem) from Jamf School to obtain a server token file from Apple School Manager.

  1. Log in to Jamf School.

  2. Click Organization in the sidebar.

  3. Click Settings.

  4. Select the Devices (DEP) payload, and then click Device Enrollment Program.

  5. At the bottom of the Device Enrollment Program pop-up dialog, click Download your Public Key.

The public key (.pem) is downloaded.

Obtaining the Server Token File

You can obtain the server token file from Apple School Manager by uploading the Jamf School public key (.pem) certificate file. Apple School Manager also allows you to select which devices you want Jamf School to manage.

  1. Sign in to Apple School Manager:
    https://school.apple.com

  2. Click Settings.

  3. Select the Device Management Settings payload, and then click Add MDM Server.

  4. Enter a name for the server.

  5. Upload the public key (.pem) you downloaded from Jamf School.

  6. Click Save.

  7. Select the Jamf School server you just added.

  8. Click Edit.

  9. In the Default Server settings, select the checkboxes next to the devices you want Jamf School to manage.

    Note: It is important that you do this step before adding devices to Apple School Manager.

  10. Click Download Token to download the server token file.

Uploading the Server Token File to Jamf School

  1. Log in to Jamf School.

  2. Click Organization in the sidebar.

  3. Click Settings.

  4. Select the Devices (DEP) payload, and then click Device Enrollment Program.

  5. At the bottom of the Device Enrollment Program pop-up dialog, drag and drop the server token file you downloaded into the Upload DEP token field.

  6. Click Apply.

After linking the Jamf School MDM server with your Apple School Manager account, you can configure and deploy an automated enrollment profile to enroll your devices in Jamf School. For more information, see Configure and Deploy a DEP Profile in Jamf School for iOS, macOS, and tvOS.

Apple Configurator

Apple Configurator allows you to enroll devices in Jamf School if the devices are not eligible for Device Enrollment or if you cannot use Apple School Manager. This will allow devices to be supervised. If you are using mobile devices with iOS 11 or later, you can use Apple Configurator 2.5 to add devices to Device Enrollment. For more information, see Add an iOS 11 or Later Device to Device Enrollment Program with Apple Configurator.

If you have mobile devices with iOS 10.3 or earlier, you can use Apple Configurator to enroll devices in Jamf School in a supervised state. For more information, see Enroll Your Devices Using Apple Configurator.

On-Device Enrollment

You can manually enroll devices in Jamf School by using on-device enrollment. Enrolling devices with on-device enrollment results in an unsupervised device state.

  1. Log in to Jamf School.

  2. Click Devices in the sidebar.

  3. Click Enroll Device(s).

  4. For Enrollment Options, click On-device enrollment (iOS & macOS).

  5. Do one of the following:

    • (iOS only) On the device you want to enroll, open the Camera app and scan the QR code.

    • On the device you want to enroll, navigate to: https://instancename.jamfcloud.com/enroll

  6. Enter your network ID in the Network ID field.

    Note: Your network ID is listed under On-device enrollment (iOS & macOS) in Jamf School.

  7. Click or tap Enroll.

  8. Click or tap Install on the Install Profile screen.

  9. (iOS only) If the device has a passcode, enter the device passcode.

  10. Click or tap Install.

  11. Click or tap Trust to allow remote management.

The device is now enrolled in Jamf School.

Removing an MDM Profile Manually

You can remove the MDM profile from your devices manually if you are changing from another MDM provider to Jamf School and the device is not enrolled via automated enrollment, or if you want to remove the MDM profile from a device enrolled in Jamf School through on-device enrollment. If you want to re-enroll the device, you can use on-device enrollment.

  1. On the device, open System Preferences.

  2. Click Profiles.

  3. Click MDM Profile.

  4. Click Remove, then click Remove again to confirm.

The MDM profile is now removed from the device.

Deployment Guide: Next Steps

If you are completing this workflow as part of your initial setup of Jamf School, see Creating Device Groups for information on the recommended next steps in the setup workflow.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.