The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installing an iOS MDM profile

This section describes the methods of deploying iOS MDM profiles on a corporate network.

Before deploying an iOS MDM profile, you must deploy a mobile device management system.

For details on deploying an iOS MDM profile in Kaspersky Endpoint Security Cloud, please refer to Kaspersky Endpoint Security Cloud help.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

About iOS device management modes

You can deploy an iOS device management system in several different ways. The management mode depends on the owner of the mobile device (personal or corporate) and corporate security requirements. You can choose the management mode that is most suitable for the company, and use several modes at the same time.

Unsupervised devices

Unsupervised iOS devices are employees' personal devices that are connected to Kaspersky Security Center. In this mode, the user is allowed to use a personal Apple ID, work with any apps, and store personal data on the device. You can use a Kaspersky Device Management for iOS group policy to configure access to corporate resources, security settings, and other settings. By default, all iOS devices are unsupervised.

Supervised devices

Supervised iOS devices are corporate devices that are connected to Kaspersky Security Center. Initial configuration of the mobile device is performed in Apple Configurator. Apple Configurator is an application designed to prepare and configure iOS devices. Apple Configurator is installed on a computer running OS X. For more details about working with Apple Configurator, please refer to the Apple Technical Support website. You can use a Kaspersky Device Management for iOS group policy for further configuration. On supervised devices, you can access an extended selection of settings. For example, you can configure Global HTTP Proxy and additional restrictions (for example, blocked use of iMessage and Game Center), and you can block user account modifications.

To work with supervised and unsupervised iOS devices, the iOS MDM Server must have an APNs certificate installed, and an iOS MDM profile must be installed on the mobile devices of users.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installing via Kaspersky Security Center

The iOS MDM profile is installed to the mobile devices of users whose user accounts have been added in Kaspersky Security Center. For more details about user accounts in Kaspersky Security Center, please refer to Kaspersky Security Center Help.

To install an iOS MDM profile:

1. In the console tree, select the Mobile Device Management → Mobile devices folder.
2. In the workspace of the Mobile devices folder, click the Add mobile device button.

   This starts the New Mobile Device Connection Wizard. Follow the instructions of the Wizard.

3. In the Operating system section, select iOS.
4. In the Selecting iOS MDM Server window of the Wizard, select an iOS MDM Server from the list.
5. In the Select users window of the Wizard, select one or several users for installation of the iOS MDM profile to their mobile devices.

   If the user is not in the list, you can add a new user account without exiting the New Mobile Device Connection Wizard.

6. In the Certificate source window of the Wizard, select the source of the certificate for protection of data transfer between the mobile device and Kaspersky Security Center:
   • Issue certificate through Administration Server tools. In this case, the certificate will be created automatically.
   • Specify certificate file. In this case, your own certificate must be prepared ahead of time and then selected in the window of the Wizard. This option cannot be used if you want to install the iOS MDM profile to several mobile devices. A separate certificate must be created for each user.
7. In the User notification method window of the Wizard, select the channel used to forward the app installation link:
   • To send the link by email, select Send link to iOS MDM profile and configure the settings in the By email section. Make sure that the email address is specified in the settings of user accounts.
   • To install the iOS MDM profile using a QR code, select Show link to installation package and scan the QR code using the camera of the mobile device.
   • If none of the listed methods are suitable for you, select Show link to installation package → Copy to copy the iOS MDM profile installation link to the clipboard. Use any available method to deliver the app installation link.
8. Finish the New Mobile Device Connection Wizard.

After installing the iOS MDM profile to users' mobile devices, you will be able to configure the app settings by using group policies. You will also be able to send commands to mobile devices for data protection in case devices are lost or stolen.

On mobile devices running iOS 12.1 or later, you must manually confirm installation of an iOS MDM profile on the mobile device. You must also grant permission for remote management of the device.