Register an iOS Device Through a Generic MDM System
A generic Mobile Device Management (MDM) system is any MDM that is not Meraki, MobileIron, Workspace ONE, or Apple. By downloading an XML file from Umbrella and updating it to support your iOS device's serial number, then adding this XML file to your “generic” MDM system, your MDM system is able to push configuration information to both Cisco Security Connector (CSC) and Umbrella so that your iOS device is registered with Umbrella. The result is that your iOS device is protected by Umbrella.
For information about configuring your specific MDM system, see your MDM system’s documentation.
Table of Contents
- Anonymization
- Prerequisites
- Procedure
- Verify Umbrella on Your iOS Device
- Install Umbrella Root Certificate
Anonymization
Umbrella provides you with the option of anonymizing mobile devices for reporting and administration purposes. When you anonymize a mobile device, its label is hidden and replaced by your device's serial number. The label name is anonymized in both the Umbrella dashboard and in the CSC app UI. For information about how to anonymize your device, see Anonymize Devices.
Prerequisites
- The Cisco Security Connector requirements
- Configure your MDM system as required so that it is able to push configuration information to both CSC and Umbrella. For information about configuring your specific MDM system, see your MDM documentation. For support, contact your MDM's support. For support, contact your MDM's support on deploying the Apple DNS Proxy Provider profile.
- Full admin access to the Umbrella dashboard. See Manage User Roles.
Procedure
Step 1: Add an Organization Administrator’s Email Address
The administrator email address is the email address that your end-user can use to send diagnostic reports from the app by clicking the I (vertical line) icon from within the iOS device. These reports can then be passed onto Cisco support. Once set, this email address is automatically added when managing an MDM.
- Navigate to Deployments > Core Identities > Mobile Devices and click Settings.
- In Mobile Device Settings, add an email address, select operation mode (fail open or fail closed), select a notifications level (Protection failure notifications only or notify on all state changes), choose a device identification method, and click Save.
Step 2: Add a Mobile Device
- In Umbrella, navigate to Deployments > Core Identities > Mobile Devices and click Manage.
- Under Deployment Type, click the Managed by MDM radio button, and then click Next.
- In the Managed Mobile Clients modal, click iOS.
- Click iOS Config.
- In the opened dialog, click Download.
This email address is where diagnostic reports are sent when a user clicks the I (vertical line) icon from within the iOS device. Once set, this email address is automatically added when managing an MDM.
- In the downloaded XML file, update the line {SERIAL_NUMBER} with the iOS device's serial number. This can be achieved in one of two ways:
- Automatically—If your MDM system has its own variable and syntax for the variable {SERIAL_NUMBER}, replace this variable with your MDM's variable.
- Manually—Open the downloaded XML file and update the line {SERIAL_NUMBER} with the device's serial number. For example, 1234567890.
Repeat this process for each iOS device—you must download and manually update an XML file for each device you want to register.
- Add this updated XML file to your MDM.
For information about configuring your specific MDM system, see your MDM system’s documentation.
If successful, your mobile device registers with Umbrella and is listed at Deployments > Core Identities > Manage MDMs. CSC on your mobile device updates to connect to Umbrella so that your iOS device is protected by Umbrella.
If you have anonymized your device (see Anonymize Devices), Umbrella hides the device's true label name by replacing it with the device's serial number. Existing active devices anonymize with 24 hours. New devices anonymize immediately.
As no changes can be made in Umbrella to the actual provisioned device, these mobile devices are simply listed in Umbrella as identities; however, you can now use Umbrella to apply policies to these mobile device identities. For more information, see Apply a DNS Policy to Your Mobile Device.
Verify Umbrella on Your iOS Device
- On your mobile device, in the Cisco Security Connector app, tap the Status icon and confirm that it shows Protected by Umbrella.
- For protection details, tap Protected by Umbrella.
Install Umbrella Root Certificate
The intelligent proxy can inspect web traffic sent from a mobile device to Umbrella. If you enable the intelligent proxy with SSL decryption in your DNS policy and apply the policy to your mobile device, you must install the Umbrella Root Certificate Authority (CA) certificate on the mobile device. Download the Umbrella Root CA certificate from the DNS policy or from Deployments > Configuration > Root Certificate.
- For information about configuring the intelligent proxy in the DNS policy, see Enable the Intelligent Proxy.
- For information about how to install the Umbrella Root CA certificate on iOS devices, see Push the Umbrella Certificate to Devices.
Workspace ONE Registration < Register an iOS Device Through a Generic MDM System > Apply a DNS Policy to Your Mobile Device
Updated 11 months ago