Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 33 replies
  • Subscribers 11 subscribers
  • Views 64323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMC 6: Auto-enrolled iPads and Control App

Detlef

Last posting this year:

My iPads get the auto-enrollment-Link from the Apple configurator 2. Then after 4-5 times tipping on the touch-screen (next, next, yes, confirm, ... boring stuff) and the final "here we go" the iPads are in the SMC (with those weird naming convention iPad5,3 DAVCDEGGGVJ). I made a compliance-rule to install the Control-App when it's not installed. Works fine, Control-App ("bought" via VPP) comes to the iPad and asks whether it's allowed to send sounds and so on, the usual stuff. When I open the app, it crashes.
BUT: when I do not install the control-app via the compliance-policy but with the same task-bundle assigned to that iPad, everything is fine, control-app does not crash and can be opened.


The control-app comes from the app-store via VPP.


Merry X-mas and a happy new year

/Detlef



This thread was automatically locked due to age.
Parents
  • 0

    Hi All,

    at the moment it is not possible to automatically configure the SMC app when it is distributed to an iOS device. The developmen team currently looks into that and check if that can be realized somehow.

    However, within the Apple DEP profile, you have the option "Install SMC Client" option to directly install the SMC app during enrollment.
    See attached Screenshot.

    If you enable this option, the SMC app should be installed directly during the enrollment.

    Best regards
    Stefan

  • 0 in reply to SDU

    Hi,

    well, it's not the point to get the SMC app installed, that can be done there or with a compliance triggered task. The next step - configuring the SMC app - is the point. An automated configuration of the SMC app during the installation process of the iPad would be a really hot feature and save me some hours of work when I have to reconfigure my pool-iPads.

    Cheers

    /Detlef

  • 0 in reply to Detlef

    Hi Detlef

    if you use the above mentioned "Install Client" option, the SMC app should be already configured.

    Best regards
    Stefan

Reply Children
  • 0 in reply to SDU

    Stefan,

    just tried this way again and realized that I am still waiting for iOS 9.3.3 because when I try to push the control app via DEP, I get this error in the SMC-Server

    InstallApplication Error [12023][MCMDMErrorDomain]The iTunes Store ID of the application could not be validated. 07.06.2016 14:55

    That's as far as I know a known bug in iOS 9.3.1 and 9.3.2 (which should have fixed this bug).


    Cheers

    /Detlef

  • 0 in reply to Detlef

    It's fixed in the new release of Sophos 6.1.8

  • 0 in reply to MatthiasPauli

    OK, just installed 6.1.8 and now I get two tasks for the new iPad in my SMC:

    		 MIRZ155 App installieren Sophos Mobile Control MDM Client (AppStore) system 07.06.2016 15:51 07.06.2016 15:51 Befehle gesendet
    		MIRZ155 App installieren Sophos Mobile Control MDM Client (AppStore) system 07.06.2016 15:51 07.06.2016 15:51 Endgültig fehlgeschlagen
    		MIRZ155 App installieren Sophos Mobile Control MDM Client (AppStore) system 07.06.2016 15:51 07.06.2016 15:51 Endgültig fehlgeschlagen

    They seem to be identical and the error is:

    iOS-MDM-Befehle
    NameStatusFehlerbeschreibungEinfügedatum
    InstallApplication NotNow 07.06.2016 15:51
    pp1ppZeige 1 bis 1 von 1 Einträgen
    EinfügedatumFehlerbeschreibungFehlercodeStatus
    07.06.2016 15:51 0 Benachrichtigt
    07.06.2016 15:51 0 Befehle gesendet
    07.06.2016 15:51 0 Ergebnisauswertung gestartet
    07.06.2016 15:51 Ein MDM-Befehl konnte nicht ausgeführt werden. -45 Endgültig fehlgeschlagen

    The iPad wants me to logon to the iTunes-Store.

    I purchased the SMC-App from the App store.

    Cheers

    /Detlef

  • 0 in reply to Detlef

    Hey,

    a valid itunes account must be logged in on the Device. Otherwise try to link the VPP to the dedicated device and try again. The SMC Apps is for free and it should be working without linking the VPP. 

    But a valid Login in the Appstore is a must have!

    Cheers

    -schön das wir alle englisch schreiben- :D

  • 0 in reply to MatthiasPauli

    Ja Gott, is halt International hier ;-). Also ohne VPP geht ja bei Apple bald nix mehr im MDM-Umfeld und ich habe hier 200 Pool-iPads, auf denen keine User angemeldet werden sollen. Das ging im übrigen auch alles wunderbar bis iOS 9.3, glaube ich. Ab da hat Apple einiges geändert, glaube ich. Dann kam noch der Wechsel von Apple Configurator auf den Apple Configurator 2 vorher, dieses ganze MDM-Thema ist ein furchtbares Kuddelmuddel.

    Schönen Feierabend


    /Detlef

  • 0 in reply to Detlef

    Good Morning,

    well, everything's working fine now after I deleted some old attempts to get everything up and running. My actual setup:


    - 30 Tablets are in 1 Tablet-Carts connected to my MacBook with Apple Configurator 2

    - Preconfiguration of tablets with most actual iOS (9.3.2), Certificate-Profile and WiFi-Profile

    - Setting of iPad-Names with AC2

    - Taking the iPads out of the cart 1 by 1 and then slide, Germany, German, confirm Wifi, Get Configuration OTA, Control App appears (it's magic)

    - Open Control-App on the iPad, it's linked to the SMC, yes! Then some yes, allow, yes, ... and some minutes later I do have 3 blue check marks for the iPad in my SMC.

    This requires the engineers victory dance!

    Ich habe fertig.

    Cheers

    /Detlef

  • 0 in reply to Detlef

    Well ok, 

    I was trying to test your *plan with native options via the sophos mdm. It means without Apple Configurator, cause we do not have any mac pc :D

    I was trying and trying but without doing any action on the iPad itself , no automatic enrollment was possible. I read an articel that this would be possible with the AC2 but like I said, we do not have any MAC so I was not possible to test this as well. 

    But nice to hear that it now works!

    -franz

  • 0 in reply to Detlef

    There is still one last thing that does not work for me: When I take a new iPad that has never been rolled out to the SMC via the DEP of apple, the installation of the control-app fails because a license for the control-app can only be checked out for managed devices. So I have to install the new iPad without assigning the control-app. Then it's managed and I can go to the app, edit, VPP-Licenses and here i can give a license to this new iPad. This license is persistent. Now I can delete the iPad and reattach it to the SMC-Server. Meanwhile I changed to DEP-Profile to install the control-app and NOW it works without problems.


    So in short words:

    I need to assign a license for the control app to the new iPad before it get's contact to the smc-server with a DEP-Profile that tries to install the control app. How-to?

    Cheers

    /Detlef (who had a long day configuring iPads and understanding this problem)

  • 0 in reply to Detlef

    Please vote for:

    http://feature.astaro.com/forums/143212-sophos-mobile-solutions/suggestions/14819568-implement-automatic-license-checkout-from-vpp-for

    Sophos Support wants this to be a feature-request, well, here it is. So if YOU want to use automated iPad-Rollout with automated Control-App-configuration, give me your votes.


    Cheers

    /Detlef

  • 0 in reply to Detlef

    Hi All,

    there soon will be a patch available introducing some improvements regarding the DEP enrollment and VPP license assignment.
    With this patch, the SMC server will automatically assign a VPP license to a VPP user or an iOS device if an installation task for a VPP app is sent to a device.

    There will be an option within the VPP tab where you can decide if you want to use the automatic license assignment based on the VPP user or on a device base.

    This will hopefully solve SMC client installation and configuration issue.

    It is planned to release the patch within the upcoming weeks.

    Best regards
    Stefan

Unfiltered HTML