Start Profile Manager in macOS Server
Use the Server app to start Profile Manager service and act as a mobile device management (MDM) service.
In the Server app sidebar, select Profile Manager.
Click the On button, click Next, enter your organization’s information, then click Next.
Select your certificate from the Certificate menu, then click Next.
Enter your Apple ID and password to create an Apple Push Notification service (APNs) certificate.
If you don’t have an Apple ID for this, click Create one now.
Authenticating to Profile Manager management requires the password to be stored in a less secure form. You can decide to change your password or skip this step.
To specify settings and assign them to users, devices, and groups, and to manage enrolled devices, click “Open in Safari” next to Profile Manager at the bottom of the window.
When Profile Manager opens in your web browser, sign in with your administrator account.
If required, make sure your organization’s firewall allows Apple Push Notification service.
Push notification uses TCP ports 443, 2195, 2196, and 5223. The entire 18.104.22.168/8 address block is assigned to Apple, so it’s best to allow this range in your firewall settings.
If you’re unable to use Apple Push Notification service, see the Apple Support article Unable to use Apple Push Notification service (APNs).