Apple Configurator 2 Registration

By downloading an XML file from Secure Access, updating it to include your iOS device's serial number, and then adding this XML file to your Apple Configurator system, the Apple Configurator system is able to push configuration information to both Cisco Security Connector (CSC) and Secure Access so that your iOS device is registered with Secure Access. The result is that your iOS device is protected by Secure Access.

For information about configuring your specific Mobile Device Management (MDM) system, see your MDM system’s documentation.

Table of Contents

• Anonymization
• Prerequisites
• Procedure
• Verify Secure Access on Your iOS Device
• Install Umbrella Root Certificate

Anonymization

Secure Access provides you with the option of anonymizing mobile devices for reporting and administration purposes. When you anonymize a mobile device, its label is hidden and replaced by your device's serial number. The label name is anonymized in both the Secure Access dashboard and in the CSC app UI. For information about how to anonymize your device, see Anonymize Devices.

Prerequisites

• The Cisco Security Connector requirements.
• Apple Configurator 2.5 or higher. For information about configuring Apple Configurator, see Configurator documentation. For support, contact Apple support.

Procedure

Note: You must log into your Secure Access dashboard as an administrator.

Step 1: Add an Organization Administrator’s Email Address

The administrator email address is the email address that your end-user can use to send diagnostic reports from the app by clicking the I (vertical line) icon from within the iOS device. These reports can then be passed onto Cisco support. Once set, this email address is automatically added when managing an MDM.

1. Navigate to Resources > Sources and destinations > Mobile Devices and click Settings.

2. In Mobile Device Settings, add an email address, select operation mode (fail open or fail closed), select a notifications level (Protection failure notifications only or notify on all state changes), choose a device identification method, and click Save.

Step 2: Add a Mobile Device

1. In Secure Access, navigate to Resources > Sources and destinations > Mobile Devices and click Manage.

2. Under Deployment Type, click the Managed by MDM radio button, and then click Next.

3. In the Managed Mobile Clients window, click iOS.

4. Click Apple Config.

5. In the Download Apple Mobileconfig dialog box, click Download.
   Your browser downloads a mobileconfigApple.xml file to your computer.
   This email address is where diagnostic reports are sent when a user clicks the I (vertical line) icon from within the iOS device. Once set, this email address is automatically added when managing an MDM.

6. Open the downloaded XML file and update the line {SERIAL_NUMBER} with the device's serial number. For example, 1234567890

7. Change the file extension to .mobileconfig from .xml.

8. Use Apple Configurator 2 to add this profile to your device.

9. Repeat this process for each iOS device. You must download and manually update an XML file for each device you want to register.
   For information about configuring Configurator 2, see Configurator 2's documentation.

   If successful, your mobile device registers with Secure Access and is listed at Resources > Sources and destinations > Mobile Devices. CSC on your mobile device updates to connect to Secure Access so that your iOS device is protected by Secure Access.

If you have anonymized your device, see Anonymize Devices. Secure Access hides the device's true label name by replacing it with the device's serial number. Existing active devices anonymize with 24 hours. New devices anonymize immediately.

As no changes can be made in Secure Access to the actual provisioned device, these mobile devices are simply listed in Secure Access as identities; however, you can now use Secure Access to apply policies to these mobile device identities. For more information, see Apply Secure Access Policies.

Verify Secure Access on Your iOS Device

On your iOS device, verify that Secure Access is operational.

1. In the CSC app, tap the Status icon and confirm that it shows Protected by Umbrella.
2. For protection details, tap Protected by Umbrella.

Install Umbrella Root Certificate

The intelligent proxy can inspect web traffic sent from a mobile device to Secure Access. If you enable the intelligent proxy with SSL decryption in your DNS policy and apply the policy to your mobile device, you must install the Umbrella Root Certificate Authority (CA) certificate on the mobile device. Download the Umbrella Root CA certificate from the DNS policy or from Secure > Settings > Certificates.

• For information about configuring the intelligent proxy in the DNS policy, see Enable the Intelligent Proxy.
• For information about how to install the Umbrella Root CA certificate on iOS devices, see Push the Umbrella Certificate to Devices.

Meraki Documentation < Apple Configurator 2 Registration > IBM MaaS360 Registration