Learn how to configure iOS Device Enrollment Program (DEP) in Mobile Security (TMMS) for Enterprise.
- Configure the Local Communication Server (LCS) host name and certificate you want to use.
- When using iOS DEP in TMMS, you need to disable Simple Certificate Enrollment Protocol (SCEP). It is because DEP will deploy profile during iOS device activation, and the process cannot be interrupted.
To disable SCEP:
- Log on to the administrator console.
- Go to Administration > Communication Server Settings > iOS Settings.
- Under the Simple Certificate Enrollment Protocol (SCEP) Settings field, make sure that the Enable SCEP checkbox is not ticked.
- Configure DEP and activate your iOS device.
Example of DEP enabled settings:
If you already configured DEP profile, do not change the LCS host name or update the LCS certificate with CertConfigTool.exe because this may cause device failure to enroll to the TMMS server. The DEP profile contains LCS host name and certificate and the profile will not update when you change information related to LCS.
For DEP devices to be able to enroll again, restart the Management Server Windows service and log on to management console to save the DEP profile settings again. When using DEP, the system time of the Management Server should be correct. Otherwise, Management Server won’t be able to communicate with DEP service.The iOS device will automatically enroll to TMMS server after the DEP configuration.