Supervised method for enrolling iOS devices in Moki Total Control
Supervising your devices has many distinct advantages. For starters, you'll be able to do remote app updates without any user interaction. Also, you'll be able to remotely put the device in and out of Single App mode remotely. When the app is locked in Single App mode or App Lock, the device won't be able to power off without booting back directly into the app. Essentially, it makes it so the app cannot be exited without it crashing several times. Many of the steps in this setup will only apply to the first device added through Configurator. Subsequent device enrolls will be shorter, and you should refer to the article about enrolling additional iOS devices for the remainder of your fleet deployment.
Step 1 - Download and Install Apple Configurator 2
To Supervise devices, you'll need a Mac running OS X El Capitan or later, the latest version of iTunes and Apple Configurator 2. If you have Find My iPhone on you'll need to disable it.
- Download Apple Configurator 2 from the Mac app store
- Open Apple Configurator 2 from your Application menu in the Finder
- Make sure iTunes is closed as they cannot run side by side for this process
Step 2 - Prepare Your Device
- Open Apple Configurator 2 (hereafter referred to as Configurator) and plug in your device. Give the device a name by right clicking on the device, by selecting "Modify" and then by selecting "Device Name." Type in your entry, then click "Rename" to save.
- Click File > New Blueprint
- Give it the name of "Step 2 - Prepare."
- Click the Prepare icon at the top
- Select Manual and click Next
- Select Do not enroll in MDM and click Next
- Click Supervise devices and Allow devices to pair with other computers, then click Next
- Select your organization, or create one if you haven't already, and click Next
- Choose to Generate a new Supervision identity (This option only appears if you have used Apple Configurator 1 on this computer. It is okay if this step doesn't show up)
- Change the Setup Assistant to display Show only some steps and select Location Services then click Prepare
- Click Done
- With your device selected, click the Blueprints icon and select the Blueprint you just created called Step 2 - Prepare.
After the device returns to the Hello screen, go through the setup process and connect your device to WiFi, enable location and setup as a new iPad.
Step 3 - Device Setup
All the device settings we configure here will be burned to an image, called a backup, that we'll use to image all future iOS devices with so make sure you get this one exactly as you want all of them.
- Open the Settings app and click on iTunes and App Store and log in.
- (Optional) You can disable Auto-Brightness. Click Auto-Brightness on the left and then turn it to Off
- Modify any other settings you can't do through a profile
Step 4 - Enroll in Moki
- Click File > New Blueprint
- Give it the name of Step 3 - Enroll
- To add the Moki Configuration Profile to the device, click the Add icon and click Profiles
Note: The Enrollment Configuration file is found in Moki by selecting the "Enroll" tab > by selecting your enrollment code (please create one if you haven't already done so) > then by selecting "Settings" toward the upper right-hand side of the screen > Lastly, click the grey "Download" button under the "Configuration Profile" section. The file will then download to your computer.
- Look for and select the Moki Configuration Profile you downloaded earlier and click Add.
- To have devices enroll in Moki with unique names, an identifier needs to be added. Click Actions > Modify > Device Name…
- Enter the text for the main name of the device and click the + dropdown at the bottom left of the box. Select Serial and hit Rename.
- Click Done
- With your device selected, click the Blueprints icon and select the Blueprint you just created called Step 3 - Enroll. Note: The installation of your profile will fail if your device is not connected to the internet.
- After the MDM profile is installed, all apps assigned to the enrollment template will be installed on the device. If installing an app from the App Store, you will be prompted to enter your AppleID password since this is the first time using the device
- If you go to Moki Management and click on the Devices tab your device will be listed
Step 5 - Configure the Remaining Blueprint
Your device is enrolled in Moki and has MokiTouch, 2, but there is still a step to get you ready to configure the rest of your devices with Blueprints. As a side note, you'll need to create a new backup whenever there is a new iOS version.
- Go back to Configurator, select your device and click the Back-Up icon
- Once this is finished saving click File > New Blueprint
- Give it a name such as Step 1 - Restore from Backup. There will be 3 Blueprints, so it is important to label them so you know the order that needs to be followed.
- Double-click the blue icon above the name. Change the Target to iPad, iPhone and iPod Touch (this covers any situation, but you could choose iPad if that was all you were using)
- Click Actions > Restore from Backup… and select the Backup you made and click Restore
- Click Done
- This Blueprint won't be applied until you enroll additional devices
Step 6 - Sending Devices to their Locations
If you know the WiFi credentials of the network(s), these devices will be on at their final destination we can create the WiFi profiles for them now and place them on the device. If you don’t know the WiFi credentials, you come back to this when you do, even if it is after the devices have reached their destination. We recommend shipping devices in a powered-off state.
Saving Individual WiFi Credentials to Devices
- Click Change App and select Moki Management then click the iOS Profiles tab
- Then click the New Profile button and select WiFi from the drop-down list
- Enter a name for this profile, input the WiFi credentials and hit Save and refresh your browser
- To apply this profile go back to the Devices tab and select the device(s) that will use this profile. Click the Apps drop-down located on the right, select the profile you just created and click the Apply to Selected button
- Repeat this process if additional WiFi networks need to be saved on this, or other devices. You will want to power down the devices before shipping them to their locations.
Step 7 - Lock Down the Device
There are a few options for locking down the device. Choose the scenario that best suits your needs.
- App Lock - Locks the device down to one app through the use of a profile installed on the device. This works with any app, be it store, enterprise or B2B. The profile will launch the app and cause it to be launched whenever the device restarts. Removal of the profile is only possible with a command sent from Moki, inconvenient if the network connection is lost with the device. For this reason, we recommend a backup WiFi profile placed on the device that you can connect a hotspot to. By default your account comes preloaded with an App Lock profile for MokiTouch 2 so, you can skip to Step 6 below. If you are not using MokiTouch, 2, then learn how to setup and apply an App Lock profile.
- SAM - Once an app is open, lock and unlock the device to that app through a command from Moki or by an action from within the app. To use this feature, the app has to have the SAM code integrated and a custom action created in Moki. See here for documentation on SAM integration. MokiTouch 2 is already configured for SAM. The biggest advantage of SAM is that it allows you to remove it locally on the device, convenient if the network connection is lost. Learn how to enter and exit SAM.
- Whitelist/Blacklist certain apps - Allow or disallow specific apps on the home screen. This works for all apps except the Settings app, it stays. Set these apps in the Restrictions profile and apply it to your device. Learn how to setup a whitelist or blacklist
Congratulations on setting up your devices. If you have any questions, please see our troubleshooting guides at support.moki.com or contact your Customer Success Manager.
Step 8 - Supervise Additional Devices
Fortunately, the process for Supervising and configuring your remaining devices is exceptionally shorter because of all the work you just put in. Click the link to whether you want to Supervise more devices now or continue and set up your app and Supervise more devices later. If you continue with app setup, then you'll want to save the link for Supervising additional devices.
Choose your next step