Enroll a macOS Device

In this exercise, you enroll a macOS device into Workspace ONE UEM. Enrollment is the action that brings a device under management and control by Workspace ONE UEM. There are a number of ways to enroll the various platforms (macOS included), but for this exercise we cover a basic enrollment scenario.  

1. Enroll the macOS Device

This enrollment flow is considered User-Approved per the functionality introduced in macOS High Sierra.

1.1. Begin macOS Enrollment Process

Begin macOS Enrollment Process

The Enrollment Wizard should start automatically. From within the Enrollment wizard window, click Server Detail.

Note: The Enrollment Wizard may take several minutes to launch. If you do not see the Enrollment Wizard immediately, be patient and wait for it to appear.

1.2. Enter Enrollment Server Details

Enter Enrollment Server Details
  1. Enter labs.awmdm.com for your Server URL.
  2. Enter your Group ID. This was documented in the previous steps titled Retrieve Your Group ID.
  3. Click the Continue button. 

1.3. Enter Enrollment Credentials

Enter Enrollment Credentials
  1. Enter testuser for the enrollment staging username.
  2. Enter VMware1! for the password.
  3. Click the Continue button. 

1.4. Enable Device Management

Enable Device Management

Click Enable to enable device management.

1.5. Install Device Manager Profile

Click Install.

1.6. Continue Installing Device Manager Profile

Click Continue.

1.7. Install Profile for User-Approved Enrollment

Click Install.

1.8. Enter Administrative Credentials for Profile Install

Enter Administrative Credentials for Profile Install

When prompted, enter the credentials for the macOS device.

  1. Enter administrator for the username.
  2. Enter VMware1! for the password.
  3. Click OK.

1.9. Quit Profiles Preference Panel

Click the Close button (red dot) to close the Profiles panel.

1.10. Quit the Enrollment Wizard

Quit the Enrollment Wizard

Click Quit when the installation completes.

2. Enable Location Services (If Prompted)

In this exercise, you enable location services on macOS so that the device can report its location to Workspace ONE UEM.

2.1. Open Location Services

Open Location Services

If the location services are not already enabled (under System Preferences > Security & Privacy), the agent should prompt you to enable them.

Click Allow to allow the agent to display the Settings pane for Location Services

2.2. Enable Location Services

Enable Location Services
  1. Click the lock to Unlock the preference pane.
  2. Enter the password for the administrator account VMware1!
  3. Click Unlock.
  4. Select the check box for Enable Location Services.
  5. Select the check box for airwatchd to grant the agent access to Location Services.
  6. Click the red Close button.

3. Validate Mac Enrollment

Follow the next steps to verify that the Mac has been successfully enrolled.

Validate Mac Enrollment

In upper-right corner:

  1. Note the shield icon in the menu bar. Click the AirWatch Agent icon.
  2. Note the menu shows your device as Enrolled.
  3. Click Preferences and review the options available to you in the agent.

Key Takeaways

  • Agent-based macOS enrollment is streamlined and intuitive.
  • Workspace ONE UEM supports a number of enrollment methods for macOS devices: web-based, agent-based, staged (pre-installed agent), enrollment on-behalf, and enrollment using the Apple Device Enrollment Program.
  • Agent logs can be collected directly from the Workspace ONE UEM Agent.  This eases helpdesk troubleshooting by allowing end-user to quickly send diagnostic information to helpdesk and/or administrative users.