WYNTK: iPad Management (Apple Business Manager, JamfNow)

Pre-requisites:

• Apple Business Manager (ABM) account
• JamfNow account
• DNS Filter (Enterprise)
• Threatdown (Malwarebytes)
• Dropbox (Box)

Apple Business Manager (ABM)

• Register, confirm access (2-3 days, DUNS number)
• Add 2nd admin account
• Purchase equipment from Apple under ABM, or manually assign using Apple Configurator (iPhone) - signed into ABM account
• Assign JamfNow as management
• 'Purchase' apps

JamfNow

• Register
• Add ABM to VPP (Automatically assigns Apps)
• Sync apps with ABM (licensing)
• Create blueprints (i.e. default/testing, production)

Ordering Equipment (Auto-Enrollment)

• Provide Customer number to sales rep at Apple Store - or -
• Order online at https://ecommerce.apple.com

New Equipment (Manual Assignment)

• Begin set up of iPad
• Use 'Apple Configurator' app on an iPhone
• Sign into ABM account
• Bring iPhone close to iPad
• Once at network setup, QR code will generate for iPhone to scan
• Confirm device registers in ABM account
• Assign Device Management to JamfNow (in ABM portal)
• Upon reboot, iPad should prompt to download/install config profile
• If not, may need to use Apple Configurator on MacBook to factory reset iPad (make sure OS fully patched)

DNS Filter (Assign iOS App)

• Purchase, assign iPad licenses (Enterprise) to client
• Add 'DNS Filter' to Apps
• Download mobileconfig file
• Use BBEdit (iMazing Configurator doesn't seem to work, as per DNS Filter tech support)
• Copy the Site Secret Key (SSK) for the Site that will host the agent's Filtering Policy
• Edit the file's KEYHERE    field to include the SSK
• Add any organization/MDM-specific information like permissions, groups, or licensing
• In order to add a Client Name from the MDM, edit the .mobileconfig file to include a host_name    key.
• In the example below, the Client Name will be Test SERIALNUMBER in the DNSFilter dashboard. Tags can also be passed with this edit

<key>ProviderConfiguration</key>
  <dict>
    <key>site_key</key>
    <string>YOUR SITE KEY HERE</string>
    <key>host_name</key>
    <string>Test {{serial_number}}</string>
    <key>dashboard_tags</key>
    <string>Tag1, Tag2, Tag3</string>
  </dict>

• Create an Custom profile within a Blueprint to upload the files and push to devices

DNS Filter (SSL Certificate)

• Displays 'block message' on SSL sites
• Download SSL certificate
• Use iMazing Configurator - Profile Editor - Root Certificate - Add Payload - Attach DNS Filter SSL Certificate
• Deploy using JamfNow

DNS Filter (Troubleshooting)

• The DNSFilter iOS "pin" refers to the Mobile Admin Pin, a code used to enable debugging logs within the DNSFilter Roaming Client app on an iOS device
• To get the pin, find the iOS agent in your DNSFilter dashboard under "Deployments" and "Roaming Clients," then copy the Mobile Admin Pin from the "Pins" dropdown.

Malwarebytes (Threat Down)

• Assign iOS subscription in portal
• Add app to ABM, JamfNow blueprint
• Activation is manual (enter key)
• Enable 'Web Protection' and 'Ad Blocking'