- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Smartphone enrolment (Apple)
Hello,
I get a problem with Meraki Dashboard to enroll an iphone.
I have set up the Apple Business Manager with Azure AD to sync my users (it works I get my users in Apple Business Manager).
In Meraki Dashboard (ADE) I can see my iphone in the console (the sync with Apple Business Manager works correctly).
I enabled these settings regarding the end user enrollment:
I enabled these settings regarding the end user settings:
In Azure I created this :
And the secret :
From the mobile (iphone) I get this screen :
Then when I fill login with the email address and password it does not work (incorrect login or password) :
I used an account synchronized in Apple Business Manager.
Could you help me please ?
Thanks.
- Labels:
-
Enrollment
-
iOS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mimi1255 The account credentials it is asking for at enrolment are for a Meraki administrators account I believe, NOT your Azure AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @BlakeRichardson are you sure? because with an android device it works with the Azure AD account of a user authorized to enroll the mobile.
When I assign a profile in meraki (within Apple ADE menu), is it necessary to specify this URL ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Enrollment redirect URL is just for a custom designed log in page upon Authentication.
The Meraki docs still state, that Azure AD through DEP isn't supported, maybe someone from support can confirm.
https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication
However, if you are using User Enrollment there is currently a known issue I reported a few days ago
I'm referring to "known issue" since it has already been discovered by Microsoft in terms of updating a "user enrolled" device
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply @beks88.
When you say : The Meraki docs still state, that Azure AD through DEP isn't supported, maybe someone from support can confirm.
https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication
In addition they said we can select the authentication mode in the list (Azure AD included) : Apple User Enrollment Deployment Guide - Cisco Meraki
So how can we enroll our iphones from DFU mode ? I understood we have to use the option "Manage : Use Meraki hosted accounts". But do we need to create accounts manually in Meraki ?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to differentiate
To my understanding, federated authentication is only required if you need the usage of managed Apple IDs.
Managed Apple IDs are only required if you want the user to enroll via User Enrollment with his private device or you need to push books and/or apps which are user assigned.
If you only have Azure AD as identity provider and no real access to the Domain Controller server, your only option is Meraki hosted accounts.
The docs haven't changed this "warning" the last 4 years since my first touch with Systems Manager. Maybe you can contact support to be sure if it's finally supported. I personally never tested it.
But if you want to test it, I think you'll currently need a supervised device which is coming from Apple Business Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PaulF can you confirm the docs about Azure AD with DEP are still valid and not supported?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@beks88 I have a real access to the domain controller server. It is the reason I created the link with Azure AD in meraki.
All my mobiles are coming from Apple Business Manager. These mobiles appear in Meraki (the sync between both works correctly).
My unique problem is the authenticiation when the mobile is enrolling when it starts.
I get the organization page so I accept then I get the authentication page.
I would like to enroll my devices in device owner.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With real access I meant, do you have a hybrid version of AD and can remote access to the desired Windows server or only the web page?
If so, you could also try to activate the authentication via SM Agent or MX (if there is one in use)
But as you already mentioned in another reply, there is a newer docu which mentions Azure AD, I would try my luck with support than
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In this procedure they said : Note: If you are using Active Directory, Azure AD, Google Auth, or OpenID Connect then Owners are created automatically at the time of enrollment
Apple User Enrollment Deployment Guide - Cisco Meraki
I think this one is up to date.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Could you help me please ? Because I did not get a reply from the support.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is an issue with iOS 16 enrollments that Engineering is working on. They have a case open with Apple as it *may* be a bug on Apple's side.