Configuring Remote Management and Supervision Settings During Automated Device Enrollment

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0

PreStage enrollments allow you to configure common remote management and security settings to devices during Automated Device Enrollment.

Note:

Mobile devices with iOS 13 or later and Apple Vision Pro devices with visionOS 2 or later are automatically supervised and require users to install the MDM profile when enrolled via Automated Device Enrollment. For more information about supervision, see About Apple device supervision in Apple Platform Deployment.

Requirements

To require LDAP authentication to complete enrollment, integration with LDAP is required. For more information, see LDAP Directory Service Integration.

  1. On the PreStage Enrollments page, do one of the following:

    • Click New to create a new PreStage enrollment.

    • Select an existing PreStage enrollment and click Edit .

  2. Select the Require Credentials for Enrollment checkbox to require users to enter an LDAP username or password.

    LDAP authentication during enrollment also automatically populates user and location information in the device's inventory information.

    Note:If you add an Enrollment Customization configuration to the PreStage enrollment, this setting is ignored for devices with iOS 13 or later, and iPadOS 13 or later.
  3. (iOS 12 or earlier only) Make sure the Supervise Devices with iOS 12.x or earlier checkbox is selected if your environment includes devices with this OS version.
  4. (iOS 12 or earlier only) Make sure the Make MDM Profile Mandatory for devices with iOS 12.x or earlier checkbox is selected if your environment includes devices with this OS version.
  5. Select any of the following settings for supervised devices:
    • Pairing

      Allow a mobile device to connect to Mac computers via USB

    • Prevent unenrollmentDisallow users from removing the MDM profile
    • Install configuration profiles before Setup AssistantBegin installing configuration profiles that include the device in its scope after the user completes enrollment and connects to Wi-Fi but before Setup Assistant displays.
  6. Make sure the Prevent user from enabling Activation Lock checkbox is selected.

    This ensures users cannot enable Activation Lock. For more information, see the Leveraging Apple's Activation Lock Feature with Jamf Pro article.

  7. Click Save .