By downloading an XML file from Umbrella, optionally updating it, and then pasting part of its contents into your Jamf system, Jamf is able to push configuration information to both the Cisco Security Connector (CSC) and Umbrella so that your iOS device is registered with Umbrella. The result is that your iOS device is protected by Umbrella.
For information about configuring Jamf, see Jamf's documentation.
- Verify Umbrella on Your iOS Device
- Install Umbrella Root Certificate
- The Cisco Security Connector requirements.
- Jamf Pro 10.2.0 or higher.
- You must first configure your Jamf MDM system. Configure Jamf as required so that it is able to push configuration information to both CSC and Umbrella. For information about configuring Jamf, see Jamf documentation. For support, contact Jamf support.
Note: You must log into your Umbrella dashboard as an administrator.
The administrator email address is the email address that your end-user can use to send diagnostic reports from the app by clicking the I (vertical line) icon from within the iOS device. These reports can then be passed onto Cisco support. Once set, this email address is automatically added when managing an MDM.
- Navigate to Deployments > Core Identities > Mobile Devices and click Settings.
- In Mobile Device Settings, add an email address, select operation mode (fail open or fail closed), select a notifications level (Protection failure notifications only or notify on all state changes), choose a device identification method, and click Save.
- In Umbrella, navigate to Deployments > Core Identities > Mobile Devices and click Manage.
- Under Deployment Type, click the Managed by MDM radio button, and then click Next.
- In the Managed Mobile Clients modal, click iOS.
- Click Jamf Config.
- In the opened dialog, click Download.
This email address is where diagnostic reports are sent when a user clicks the I (vertical line) icon from within the iOS device. Once set, this email address is automatically added when managing an MDM.
- Copy and paste the XML code between the comments into your MDM profile.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <!-- Jamf - copy from here to paste into the Jamf UI to provision a DNS proxy --> <dict> ..... </dict> <!-- Jamf - end copy -->
Note: If you are using Jamf School, then update the XML code to:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <!-- Jamf - copy from here to paste into the Jamf School UI to provision a DNS proxy --> <dict> <key>serialNumber</key> <string>%SerialNumber%</string> </dict> <!-- Jamf - end copy -->
- In your new profile, applied for the CSC group, choose Custom Settings, and then Configure. Paste the edited XML here.
If successful, your mobile device registers with Umbrella and is listed at Deployments > Core Identities > Mobile Devices. CSC on your mobile device updates to connect to Umbrella so that your iOS device is protected by Umbrella.
Alternatively, instead of copying and pasting the XML code (as in steps 4 and 5 above), you can upload the config file directly to JAMF. In JAMF, navigate to Devices > Configuration Profiles > Upload and upload the .mobileconfig file.
Umbrella provides you with the option of anonymizing mobile devices for reporting and administration purposes. When you anonymize a mobile device, its label is hidden and replaced by your device's serial number. The label name is anonymized in both the Umbrella dashboard and in the CSC app UI. For information about how to anonymize your device, see Anonymize Devices.
Existing active devices anonymize with 24 hours. New devices anonymize immediately.
As no changes can be made in Umbrella to the actual provisioned device, these mobile devices are simply listed in Umbrella as identities; however, you can now use Umbrella to apply policies to these mobile device identities. For more information, see Apply a DNS Policy to Your Mobile Device.
- In the CSC app, tap the Status icon and confirm that it shows Protected by Umbrella.
- For protection details, tap Protected by Umbrella.
The intelligent proxy can inspect web traffic sent from a mobile device to Umbrella. If you enable the intelligent proxy with SSL decryption in your DNS policy and apply the policy to your mobile device, you must install the Umbrella Root Certificate Authority (CA) certificate on the mobile device. Download the Umbrella Root CA certificate from the DNS policy or from Deployments > Configuration > Root Certificate.
- For information about configuring the intelligent proxy in the DNS policy, see Enable the Intelligent Proxy.
- For information about how to install the Umbrella Root CA certificate on iOS devices, see Push the Umbrella Certificate to Devices.
Updated about 1 month ago