Automated Device Enrollment

What is Automated Device Enrollment

Automated Device Enrollment provides an automated approach to enrolling devices owned by the school or district the moment they are unboxed. In order to enroll using Automated Device Enrollment, devices must exist in an Apple School Manager account and be assigned to the Mosyle MDM server. Devices purchased from Apple or an Apple Authorized Reseller or carrier can be automatically added to the Apple School Manager account. Other devices can be manually added to Apple School Manager using Apple Configurator 2 (certain restrictions apply). Click here for more information on manually adding devices to Apple School Manager.

Devices assigned to the Mosyle MDM server from Apple School Manager can be assigned to an Automated Device Enrollment profile created in Mosyle to be synced with Apple's Cloud Configuration servers. Doing this will ensure devices automatically download the enrollment profile when the devices are powered on for the first time, or erased and the OS reinstalled, and connected to the network. Different settings can be configured in the Automated Device Enrollment profile to dictate the Setup Assistant steps that will be presented when enrolling devices.

In addition to the benefit of over-the-air hands off deployment and enrollment of devices, enrolling devices using Automated Device Enrollment provides:

• Supervision of devices;
• Ability to lock the MDM profile on the device so it cannot be manually removed;
• Ability to block users from enabling User-Initiated Activation Lock;
• Ability to automatically advance through Setup Assistant steps for Mac computers and Apple TVs connected to Ethernet;
• Ability to customize Setup Assistant screens;
• Ability to enroll iPadOS devices as Shared iPad

During Automated Device Enrollment, devices will attempt to retrieve/download the cloud configuration profile that is synced with Apple servers. In order to successfully retrieve the profile and complete enrollment it's critical the network allows for proper communication, including access to all Mosyle and Apple domains. Click here for information on which hosts and ports are required for Apple products.

Enrolling devices using Automated Device Enrollment

The first steps to enrolling devices into Mosyle using Automated Device Enrollment include:

1. Integrating the Apple School Manager account with Mosyle
2. Assigning devices in Apple School Manager to the Mosyle MDM Server
3. Creating and syncing an Automated Enrollment profile

Steps 1 and 2 have been reviewed in previous lessons. In the next sections we'll review the many configuration options available in the Mosyle Automated Device Enrollment profile.

All Mosyle accounts include a Default enrollment profile which has basic enrollment settings configured. All devices assigned to the Mosyle MDM server will be assigned to the Default profile unless they are manually assigned to a different enrollment profile. Modify the Default profile at any time to meet the needs of the school or district.

View devices assigned to the Mosyle MDM server and their current status by going to My School > Apple Basic Setup > Enrollment > Automated Device Enrollment > View devices. The following statuses are retrieved from Apple servers and will be listed for each device:

• Associated with the ASM: Date and time the device was assigned to the Mosyle MDM from ASM
• Profile associated: Date and time the Automated Device Enrollment profile was assigned to the device and synced with Apple servers
• Profile installed: Date and time Apple servers recognize the device retrieved and installed the Automated Device Enrollment profile

Each status is color-coded to assist with quick identification. If needed, the devices and their current status can be exported from this screen using the “Download devices” option at the bottom of the list.

Update the list of devices and their status by clicking the “Update” button in this screen.

Tip: It's recommended to work within your Mosyle Education account while going through this section to configure the Automated Device Enrollment profiles to meet your school or district's needs.

Automated Device Enrollment configurations for iOS/iPadOS

Use the Automated Device Enrollment profile(s) to specify how the devices will behave after they're unboxed, or after Erasing all Content and Settings. Multiple enrollment profiles can be created if needed.

To start, go to My School > Apple Basic Setup > Enrollment > Automated Device Enrollment. Choose the iOS/iPadOS platform from the dropdown menu at the top. Click the Default profile to make any changes or adjustments, or create a new profile by clicking “New profile”. The Automated Device Enrollment profiles are separated into different sections. Each is addressed below.

Profile Name

Enter a name for the enrollment profile. Only Mosyle Administrators will see this information, so feel free to use a name that will help organize and identify the enrollment settings configured.

The default enrollment profile will be named the same as the Mosyle account. You can update the name at any time by clicking the profile and editing this field.

Check the options you want to activate on the device

• Allow devices to connect to a Mac: Unchecking this option will prevent iOS/iPadOS devices from pairing with a computer. This option is deprecated on devices running iOS/iPadOS 13 and later. For those devices you can use the restriction “Do not allow host pairing” to prevent users from being able to connect and pair the device with a computer.
• Install MDM Profile (mandatory): It is required for devices assigned to the Automated Device Enrollment profile to automatically download and install the Mosyle MDM enrollment profile.
• Supervise the devices (mandatory): By default, all devices enrolled using Automated Device Enrollment will be supervised. Supervision typically indicates the device is owned by the school/district and provides access to more management functionality.
• Do not allow manual removal of the MDM: When enrolling devices using Automated Device Enrollment you have the ability to lock the MDM enrollment profile on the device, preventing users from being able to manually remove the profile. This is recommended.
• Multi-user (Apple Shared iPad): Check the box to configure devices as Apple Shared iPad devices. Click here for more information about Apple Shared iPad. When configuring devices as Shared iPad devices, you can configure additional settings such as user storage space and session timeout by clicking the button to “Configure Shared iPad”. When configuring the maximum number of shared users, keep iPad storage and partitioning in consideration.
• Allow User-Initiated Activation Lock: By default, devices enrolled using Automated Device Enrollment will block the ability for end users to enable Activation Lock with their personal Apple ID. If you wish to allow end users to enable Activation Lock with their personal Apple ID, check this box.

Each new enrollment profile created in Mosyle will automatically have the default settings configured. Feel free to check any new options or uncheck options as needed.

Supervision Identity

The Supervision Identity is required in order to pair a device with a computer when the restriction “Do not allow host pairing” is applied. When the restriction is applied, devices will not be able to connect or pair with computers. By installing the Supervision Identity on the Mac, you grant permission for the device to pair with the computer. Devices will only be able to pair with computers that have the Supervision Identity certificate installed.

The options that can be configured in Mosyle include:

• No Supervision Identity: If the restriction “Do not allow host pairing” is applied, the device will not be able to pair or connect to any computer.
• Upload your own Supervision Identity: With this option, you'll need to generate the Supervision Identity using Apple Configurator 2 on a Mac and upload it to the Automated Device Enrollment profile in Mosyle. The Supervision Identity must be uploaded and the profile saved and synced prior to the device enrollment in order to be properly applied. Devices enrolled with the enrollment profile will automatically understand to trust devices with the uploaded Supervision Identity installed.
• Download and use a Mosyle Supervision Identity: With this option selected, devices enrolled with the enrollment profile will automatically understand to trust devices that have the Mosyle Supervision Identity installed. This option must be selected and the profile saved and synced prior to the device enrollment in order to be properly applied. When you need to pair a device with a computer, you can download the Supervision Identity from within Mosyle to install it on the device.

In most cases when pairing is required, a command from Mosyle MDM can be sent to the device to remove the restriction profile and allow host pairing. If the device loses network connectivity and is unable to receive commands from the MDM to remove the restriction profile, the Supervision Identity is useful to allow pairing access.

Devices will be used in which model?

• Devices on Limbo: Devices enrolled in Limbo will not be assigned to a specific user or Shared Device Group.
• Devices for 1:1 users: Devices enrolled for 1:1 users can be assigned to specific users during the enrollment process.
  • After the enrollment allow device usage - devices will be placed in limbo until the user logs in: This option will allow the device use immediately after enrollment. Select this option if you are planning to assign the devices using Custom Setup Assistant, pre-assign using a spreadsheet, or if the device was previously enrolled and assigned to a user.
  • Require user authentication: This option will allow you to force users to authenticate with Active Directory during the enrollment, or force users to login to the Mosyle Manager application after the device is enrolled. Do not use this option if using the Custom Setup Assistant for user authentication.
• Devices for Shared Device Groups: Devices enrolled for Shared Device Groups can be assigned to a specific group during the enrollment process.

If you choose to enroll devices to limbo and they are assigned after the enrollment, if the device is ever wiped it will automatically re-enroll in Mosyle and will automatically be reassigned to the user. If you do not want this to happen, please check the option to Return devices to assignment model selected above after wipe.

Select the location responsible for the devices

Here you can choose which of the locations in Mosyle the device should be assigned after it is enrolled. If the device will be assigned 1:1 to a user or to a Shared Device Group, the device will assume the location of the user or shared group.

Customize Setup Assistant (Available only for iOS 13+)

The options available allow you to customize the end user experience during the enrollment process. Include items such as a welcome message, an End User License Agreement Screen, and/or authentication. Each option is described in more detail below. As items are added, they can be rearranged by dragging and dropping the tile in any order desired.

• Welcome: Customize a welcome message for end users during the enrollment. Use the Personalize area to change the font and color scheme. Users will remain on this screen for 8 seconds before being redirected to any other screens or proceeding through the Setup Assistant.
  
• Set Enrollment Passcode: Configure a predefined enrollment passcode that must be entered in order to proceed through the Setup Assistant and Automated Device Enrollment. This option can be used as an alternative to having users authenticate during the enrollment while still securing which devices can be enrolled.
  
• End User License Agreement Screen (EULA): Customize an End User License Agreement (EULA), Acceptable Use Policy, or any other text that must be accepted in order to proceed through Automated Device Enrollment. If users do not agree, they will be unable to proceed through Automated Device Enrollment and the device will not be enrolled in the Mosyle MDM.
  
• Add to a Shared Device Group: Prompt users to enter the Access Code for a Shared Device Group during the enrollment to assign the device to the Shared Device Group immediately after enrollment. To find the Shared Device Group access code, go to My School > Hierarchy > Shared Device Groups > Select the shared device group. Once the device is assigned to the Shared Device Group, it will receive any and all management profiles and configurations assigned to the group.
  
• Mosyle User Authentication*: Prompt users to enter their unique user Access Code during the enrollment to assign the device to the user. This option should not be used in conjunction with any other Single Sign-On options or with the above option to Require user authentication. When using this option to complete the device assignment, the user must exist in Mosyle. To find the user's Access Code, go to My School > Users > Search for the user > Click the user's name > The user's unique Access Code will be displayed.
  
• Single Sign-On Authentication*: Prompt users to authenticate with their school or district Google, Microsoft, or Active Directory (LDAP or ADFS) credentials during the enrollment to assign the device to the user. This option should not be used in conjunction with the Mosyle User Authentication option or with the above option to Require user authentication. When using this option to complete the device assignment, the user must exist in Mosyle. If users are authenticating with Google or Microsoft, the email address in Mosyle must match the email address used to authenticate. If users are authenticating with Active Directory (LDAP or ADFS), the User ID in Mosyle must match the Active Directory query attribute (ex: samaccountname).
  
• Set device attribute: Prompt users to enter any device information during enrollment that will be available in Mosyle as the device Tag or Asset Tag. If you are using this option, you can then use the %Tags% or %AssetTag% variables to rename devices in the Automated Enrollment profile. A common use case for this option is to have users enter a device asset number so that it is available in Mosyle for inventory purposes. Tags and Asset Tags can be added after devices are enrolled under the Management tab.
  

*When using the options in the Custom Setup Assistant to complete device assignment (Mosyle User Authentication and Single Sign-On Authentication), be sure the Device Assignment options configured in your account are correct. To confirm, go to My School > Users > Device Assignment > User Authentication Assignment. Be sure the option under the heading 'Assignment through SSO Authentication during Automated Device Enrollment' is configured with the selection Auto-assign the device to the Authenticated user during the SSO Sign In.

Select the iOS/iPadOS devices that will receive this profile

Choose the device serial numbers to receive the enrollment profile. Assign all devices or specific devices to the enrollment profiles as needed to meet the needs of your school or district.

By default, devices that are erased and re-enrolled in Mosyle will automatically keep the user assignment. Therefore, if you wish to always enroll devices as freshly unassigned devices check the box for “Enroll devices as unassigned devices”.

Select the options that will not be presented to the user in Setup Assistant

Check any of the Setup Assistant steps you wish to skip during the enrollment. Uncheck any steps you wish to present to the user during the enrollment. Anything skipped during the enrollment can always be configured at a later time through the device Settings unless it is configured to be restricted.

It's recommended to not skip the Location Services prompt so that users will be prompted to enable Location Services during enrollment, which will ensure the device date and time is correct.

Phone & Email Support (optional)

These fields are optional. If information is entered here it will be displayed on the Remote Management screen during the enrollment as the School/District Support Email and Phone Number.

Rename devices after enrollment

Automatically rename devices during the enrollment flow using device or user variables. If users are authenticating during the enrollment and completing the device assignment, any available 1:1 variables can be used for the renaming. If prompting users to enter Tag or Asset Tag information with the Custom Setup Assistant, use the corresponding variables to rename the devices.

After configuring the Automated Device Enrollment profile for iOS/iPadOS devices, click Save. View the device list to ensure the devices show a “Profile Associated” (Enrollment > Automated Device Enrollment > View Devices). Once the devices show a “Profile Associated” they are ready to be enrolled.

iOS and iPadOS devices will prompt the enrollment process in one of two ways:

• Brand new devices can simply be unboxed and turned on. Select the Language, Region, and connect to Wifi. Once connected to Wifi the device will prompt to proceed with the Remote Management.
• Devices that have already been setup or have been in use can be erased using Erase all Content and Settings either from the device Settings or through Apple Configurator 2. Once the device is erased, it will prompt to select the Language, Region, and connect to Wifi. Once connected to Wifi the device will prompt to proceed with the Remote Management.

Automated Device Enrollment configurations for macOS

Use the Automated Device Enrollment profile(s) to specify how the devices will behave after they're unboxed, or after erasing and reinstalling the macOS. Multiple enrollment profiles can be created if needed.

To start, go to My School > Apple Basic Setup > Enrollment > Automated Device Enrollment. Choose the macOS platform from the dropdown menu at the top. Click the Default profile to make any changes or adjustments, or create a new profile by clicking “New profile”. The Automated Device Enrollment profiles are separated into different sections. Each is addressed below.

Profile Name

Enter a name for the enrollment profile. Only Mosyle Administrators will see this information, so feel free to use a name that will help organize and identify the enrollment settings configured.

The default enrollment profile will be named the same as the Mosyle account. You can update the name at any time by clicking the profile and editing this field.

Check the options you want to activate on the device

• If enabled, macOS will automatically advance through all Setup Assistant screens: Using this option will enable the Auto Advance functionality provided by Apple which allows you to skip all Setup Assistant screens by connecting a macOS device running macOS 11 or later to Ethernet during enrollment. Since all Setup Assistant steps will be skipped when using this option, it's required to choose the Language and Region that will be configured on the Mac. Check out Apple's documentation for more information about Auto Advance.
• Install MDM Profile (mandatory): It is required for devices assigned to the Automated Device Enrollment profile to automatically download and install the Mosyle MDM enrollment profile.
• Do not allow manual removal of the MDM: When enrolling devices using Automated Device Enrollment you have the ability to lock the MDM enrollment profile on the device, preventing users from being able to manually remove the profile. This is recommended.
• Install Rosetta 2: In order for Intel versions of applications to run on Apple silicon Macs, Rosetta 2 will need to be installed. Configure this option to automatically install Rosetta 2 during enrollment. If this option is selected and the enrollment profile is assigned to Intel devices, the installation of Rosetta 2 will fail as it is not supported, but it will not have any impact on the enrollment.
• Allow User-Initiated Activation Lock: By default, devices enrolled using Automated Device Enrollment will block the ability for end users to enable Activation Lock with their personal Apple ID. If you wish to allow end users to enable Activation Lock with their personal Apple ID, check this box.
• Allow Bootstrap Token: It is recommended to check this option so the bootstrap token is configured to be allowed and will be escrowed to Mosyle. Starting with macOS 10.15, the bootstrap token is used to grant a secure token to mobile accounts as well as to the additional admin account created during Automated Device Enrollment. On devices running macOS 11 and later, the bootstrap token is used to grant a secure token to any user logging into the Mac. Mac computers with Apple silicon, enrolled via Automated Device Enrollment, require the bootstrap token to authorize the installation of kernel extensions and software updates via the MDM. Additionally, the bootstrap token is used to authorize the Erase All Content and Settings (EACS) command on Mac computers with the T2 security chip or Apple silicon running macOS 12.0.1 or later.

The following options are the same as the iOS/iPadOS configuration. Please see “Automated Device Enrollment configurations for iOS/iPadOS” for additional information.

• Devices of this profile will be used in which model
• Select location responsible for the device

Each new enrollment profile created in Mosyle will automatically have the default settings configured. Feel free to check any new options or uncheck options as needed.

Customize Setup Assistant (Available only for macOS 10.15+)

The options available in the Custom Setup Assistant for macOS are the same as the options for iOS/iPadOS, allowing the possibility to provide a consistent enrollment experience across all devices in the fleet. Please see “Automated Device Enrollment configurations for iOS/iPadOS” for additional information.

If using the Auto-Advance enrollment options, it's recommended to skip as many Setup Assistant steps as possible to fully leverage the Auto-Advance enrollment process.

Select the Macs that will receive this profile

Choose the device serial numbers to receive the enrollment profile. Assign all devices or specific devices to the enrollment profiles as needed to meet your organization needs.

Select the options that will not be presented to the user in Setup Assistant

Check any of the Setup Assistant steps you wish to skip during the enrollment. Uncheck any steps you wish to present to the user during the enrollment. Anything skipped during the enrollment can always be configured at a later time through the device System Settings unless it is configured to be restricted.

It's recommended to not skip the Location Services prompt so that users will be prompted to enable Location Services during enrollment, which will ensure the device date and time is correct.

Account Configuration

Define whether or not the user will be prompted to create a local user account during the Setup Assistant, and/or configure a local administrator account on the Mac using the options below.

To prompt the creation of a local user account on the Mac during the Setup Assistant, check the box for “Prompt user to create an account”. After checking the box, you'll have additional option available:

• Choose the user type: Administrator or Standard user. When creating a Standard user account, you must also create a managed administrator account using the option “Create additional local admin during Setup Assistant”.
• Choose whether or not to pre-fill account information: Enter the full name and/or username for the user account created. If users will be authenticating with the Custom Setup Assistant to complete the device assignment, variables within Mosyle can be used for these fields. If the account information isn't pre-filled, the end user will be able to enter their own values for the Full Name and Username to be used when creating the local user account on the Mac.
• Check the box “Do not allow the user to modify the pre-filled information above” to prevent the user from changing the Full Name and Username when creating the local user account on the Mac.

If you plan to use Mosyle Auth 2 to create user accounts, or users will be logging in using a network/mobile account or another account created outside of Setup Assistant, uncheck the box for “Prompt user to create an account”. In doing so, after downloading and installing the enrollment profile it will boot to the Login Window without requiring the user to manually create a local user account.

Since the Mac requires at least one Admin account during setup, when skipping the manual creation of a local user account you'll be required to create a managed administrator account using the option “Create additional local admin during Setup Assistant”. When creating the managed administrator account:

• Enter the Full Name for the administrator account on the Mac
• Enter the Username for the administrator account on the Mac
• Password: Choose to use either a single password for the administrator account on all devices, or automatically create a randomized password for the administrator account on each device. When using the randomized password, the password can be viewed in the Device Information and can be rotated as needed.
• Hide account: Choose if the account will be hidden from other users when accessing Users & Groups in System Preferences or when accessing the Login Window.
• Set this account as managed: Choose if the account will be considered a “managed” account on the Mac and eligible for user channel profiles.

Phone & Email Support (optional)

These fields are optional. If information is entered here it will be displayed on the Remote Management screen during the enrollment as the School/District Support Email and Phone Number.

Rename devices after enrollment

Automatically rename devices during the enrollment flow using device or user variables. If users are authenticating during the enrollment and completing the device assignment, any available 1:1 variables can be used for the renaming. If prompting users to enter Tag or Asset Tag information with the Custom Setup Assistant, use the corresponding variables to rename the devices.

After configuring the Automated Device Enrollment profile for macOS devices, click Save. View the device list to ensure the devices show a “Profile Associated” (Enrollment > Automated Device Enrollment > View Devices). Once the devices show a “Profile Associated” they are ready to be enrolled.

macOS devices can be enrolled in the following ways:

• Brand new devices can simply be unboxed and turned on. Select the Language, Region, and connect to Wifi. Once connected to Wifi the device will prompt to proceed with the Remote Management.
• Brand new devices can be unboxed, connected to Ethernet and turned on. If Auto-Advance options are selected, the device will skip all Setup Assistant options and land at the prompt to create a local user account, or at the Login Window if skipping the local user account creation.
• Devices that have already been setup or have been in use can be erased via Recovery Mode, using Erase all Content and Settings in System Preferences, or restored using Apple Configurator 2. Once the device is erased and the macOS reinstalled, it will prompt to select the Language, Region, and connect to Wifi. Once connected to Wifi the device will prompt to proceed with the Remote Management. If connected to the network using Ethernet and Auto-Advance options are selected, the device will skip all Setup Assistant options and land at the prompt to create a local user account, or at the Login Window if skipping the local user account creation.
• Devices that have already been setup or have been in use and cannot be erased can be enrolled using Automated Device Enrolment with the following Terminal command: sudo profiles renew -type enrollment
  • Note: This enrollment option does not support the Account Configuration settings configured in the enrollment profile.

Automated Device Enrollment configurations for tvOS

Use the Automated Device Enrollment profile(s) to specify how the devices will behave after they're unboxed, or after Erasing all Content and Settings on the Apple TV. Multiple enrollment profiles can be created if needed.

To start, go to My School > Apple Basic Setup > Enrollment > Automated Device Enrollment. Choose the tvOS platform from the dropdown menu at the top. Click the Default profile to make any changes or adjustments, or create a new profile by clicking “New profile”. The Automated Device Enrollment profiles are separated into different sections. Each is addressed below.

Profile Name

Enter a name for the enrollment profile. Only Mosyle Administrators will see this information, so feel free to use a name that will help organize and identify the enrollment settings configured.

The default enrollment profile will be named the same as the Mosyle account. You can update the name at any time by clicking the profile and editing this field.

Check the options you want to activate on the device

• If enabled, the device will tell tvOS Setup Assistant to automatically advance through its screens: Using this option will enable the Auto Advance functionality provided by Apple which allows you to skip all Setup Assistant screens by connecting a tvOS device running tvOS 10.2 or later to Ethernet when enrolling. Since all Setup Assistant steps will be skipped when using this option, it's required to choose the Language and Region that will be configured on the Apple TV. Check out Apple's documentation for more information about Auto Advance.
• Install MDM Profile (mandatory): It is required for devices assigned to the Automated Device Enrollment profile to automatically download and install the Mosyle MDM enrollment profile.
• Supervise the devices (mandatory): By default, all devices enrolled using Automated Device Enrollment will be supervised. Supervision typically indicates the device is owned by the school or district and provides access to more management functionality.
• Do not allow manual removal of the MDM: When enrolling devices using Automated Device Enrollment you have the ability to lock the MDM enrollment profile on the device, preventing users from being able to manually remove the profile. This is recommended.

Devices will be used in which model?

Apple TVs can only be enrolled as Limbo devices.

Select the location responsible for the devices

Here you can choose which of the locations in Mosyle the device should be assigned after it is enrolled.

Select the Apple TVs that will receive this profile

Choose the device serial numbers to receive the enrollment profile. Assign all devices or specific devices to the enrollment profiles as needed to meet the needs of your school/district.

Select the options that will not be presented to the user in Setup Assistant

Check any of the Setup Assistant steps you wish to skip during the enrollment. Uncheck any steps you wish to present to the user during the enrollment. Anything skipped during the enrollment can always be configured at a later time through the device Settings unless it is configured to be restricted.

If using the Auto-Advance enrollment options, it's recommended to skip as many Setup Assistant steps as possible to fully leverage the Auto-Advance enrollment process.

Phone & Email Support (optional)

These fields are optional. If information is entered here it will be displayed on the Remote Management screen during the enrollment as the School/District Support Email and Phone Number.

Rename devices after enrollment

Automatically rename devices during the enrollment flow using device variables.

After configuring the Automated Device Enrollment profile for tvOS devices, click Save. View the device list to ensure the devices show a “Profile Associated” (Enrollment > Automated Device Enrollment > View Devices). Once the devices show a “Profile Associated” they are ready to be enrolled.

Apple TVs can be enrolled in the following ways:

• Brand new devices can simply be unboxed and turned on. Select the Language, Region, and connect to Wifi. Once connected to Wifi the device will prompt to proceed with the Remote Management.
• Brand new devices can be unboxed, connected to Ethernet and turned on. If Auto-Advance options are selected, the device will skip all Setup Assistant options and land at the homescreen.
• Devices that have already been setup or have been in use can be erased using Erase all Content and Settings either from the device Settings or through Apple Configurator 2. Once the device is erased, it will prompt to select the Language, Region, and connect to Wifi (If Auto-Advance is not configured). Once connected to Wifi the device will prompt to proceed with the Remote Management.

After enrollment

Once devices are enrolled in the Mosyle account, they can be fully managed by all available and compatible configuration profiles and commands. Enrolled devices can be found under the Management tab > Devices Overview. Click the device name to bring up the Device Info window.