Pair Fleetsmith with Apple Push Notification service
To manage devices remotely, you must pair Fleetsmith with Apple Push Notification service (APNs). This allows Fleetsmith to send MDM commands and queries to enrolled devices.
Apple devices learn of updates, MDM policies, and incoming messages through Apple Push Notification service (APNs). For your Apple devices to work with APNs, you must allow network traffic from the devices to Apple’s network (17.0.0.0/8). Apple devices must be able to connect to specific ports on specific hosts:
TCP port 443 is used during device activation, and afterwards for fallback if devices can’t reach APNs on port 5223.
TCP port 5223 to communicate with APNs.
TCP port 443 or 2197 to send notifications to APNs.
You may also need to configure your web proxy or firewall ports to allow all network traffic from Apple devices to Apple’s network. In iOS 13.4, iPadOS 13.4, macOS 10.15.4, and tvOS 13.4, APNs can use a web proxy when it is specified in a PAC file.
No confidential or proprietary information is transmitted through APNs. The traffic is a secured, binary protocol specific to APNs, and it can’t go through a proxy. Attempts to inspect the traffic or reroute it result in the client, APNs, and the push provider servers marking the network conversation as compromised and invalid. Multiple layers of security are applied to APNs at the endpoints and the servers.
On the Set up MDM page in the Fleetsmith Admin Console, click Getting Started in the sidebar, then click Set up MDM.
Download the Certificate Signing Request (CSR) to your Mac.
Sign in to the Apple Push Certificates portal with a Managed Apple ID or Apple ID to create a certificate.
Upload the Fleetsmith CSR, then download the APNs certificate.
In the Fleetsmith Admin Console > Set up MDM page, upload the APNs certificate by dragging the file into the upload box or clicking Browse to upload.