Link to a third-party MDM server in Apple Business Essentials
If your organization uses Apple Business Essentials, you can use the device management provided by Apple Business Essentials or use a third-party MDM solution, or both.
Before you create a third-party MDM server, review the certificate, security, and naming information below.
MDM server security: Every third-party MDM server you create must be known to Apple and must be securely authorized using a two-step verification process. The verification process involves creating and installing a server token on your MDM server. The certificate encrypts the token. For information about how to transfer the token, see your MDM vendor’s documentation.
MDM server names: When you name each third-party MDM server, you don’t need to use the fully qualified domain name. For example, you can choose a name based on a specific building, location, room, or job function (but you can’t use the same name for multiple servers). You also can’t name your MDM servers Unassigned or Reassigned.
MDM server certificates: Before you add a third-party MDM server, get the public key certificate file (ending in .pem or .der) from your MDM vendor for each server you want to add. See the MDM vendor’s documentation for information about getting the server’s public key certificate.
A user with the proper privileges must replace the active token on a third-party MDM server in these situations:
When a new public key is created or if a new token is generated
When the user who downloaded the server token changes their Managed Apple Account password
As a security measure, when the user who downloaded the original token leaves your organization
Important: Third-party server tokens expire after 1 year and must be replaced. Depending on the MDM vendor, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple Business Essentials, generate and download a new token for the MDM server and transfer that token to the MDM server for immediate installation. See your MDM vendor’s documentation for information about how to transfer the token.
Link to a third-party MDM server
In Apple Business Essentials, sign in with a user that has the role of Administrator or Device Enrollment Manager.
Select your name at the bottom of the sidebar, select Preferences
, then select MDM Server Assignment
Select the Add button
, then enter a unique name for the server.
If you don’t want this MDM server to have the ability to release devices, see Release devices.
Upload the public key certificate file, then select Save.
Select the Download button
, then select Download Token.
Next, upload the token to a specific MDM solution. Consult your MDM vendor’s documentation to complete this step.
Repeat steps 3 through 6 for any other MDM servers you want to link to.