How to setp up Device Activation Settings in MDM?

Category Filter

Introduction to Mobile Device Manager Plus(MDM)
- MDM Architecture
Setting up MDM
- Cloud
  - Create MDM Account
  - Personalize MDM
- On-Premises
User Administration
- User Management
- Roles & Permissions
- Scope
- Roles Matrix
Integrate Directory Services
- Entra ID with MDM On-Premise
- Entra ID with MDM Cloud
- Active Directory with MDM On-Premise
- Active Directory with MDM Cloud
- Okta
- G Suite (Google Workspace)
- SAML based generic IdPs
- Verify Domain
Enrolling devices
- Enrollment settings
  - Device Authentication
- Invite enrollment
- Self enrollment
- OS independent enrollment invites
- Customize ME MDM App
- Apple Enrollment
- Android Enrollment
- Windows Enrollment
- Chrome OS Enrollment
  - Integrating G Suite
- Deprovision devices
Group Management
Shared Device Management
Device restrictions and configurations
- Create Profiles
- Create Groups
- Associate Profiles to Devices
- Associate Profiles to Groups
- Verify Profile Deployment Status
- iOS/iPadOS profiles
- macOS Profiles
- tvOS Profiles
- Android Profiles
- Android Device Profiles
- Knox Profiles
- Chrome Device Profiles
- Windows Profiles
  - Passcode
  - Hello for Business
  - Restrictions
  - Wi-Fi
  - VPN
  - Kiosk
  - Email
  - Exchange ActiveSync
  - SCEP
  - Certificate
  - Shared PC
  - Custom Configuration
- Dynamic Variables
Conditional Access
- Exchange
- Office 365
- Office 365 MAM policy
- Azure AD CBA
- Configure Okta Device Trust with MDM
App Management
- MDM App Repository
- Associate apps to Groups
- Associate apps to devices
- Verify App Deployment Status
- Multiple Enterprise App Version Management
- Apple App Management
- Android App Management
- Chrome App Management
- Windows App Management
- App blocklisting
App Update Management
- App Update Policies
- Schedule Enterprise app updates
- Manage app update policies
Telecom Expense Management
Content Management
OS Update Management
- iOS/iPadOS/tvOS Update Management
- Android OS Update Management
- Custom Firmware Update Management
Certificate Management
- Generic SCEP CA integration
- ACME CA integration
- DigiCert integration
- Microsoft AD CS integration
- EJBCA CA integration
- Internal PKI
Asset Management
- Scan devices
- Inventory Details
- Alerts
- Device Attestation
- Announcements
- Bulk Actions
- Battery level tracking
- Audit Log
Remote Commands
Geo-tracking
Lost Device Management
Geofencing
Remote troubleshoot
- Android
- iOS
Reports
- Schedule reports
- Custom query reports
MDM Privacy and Security
- Server Security Settings
- Server Privacy Settings
- Device Privacy Settings
- Terms of Use
MDM Integrations
- ManageEngine Service Desk Plus
- ManageEngine Asset Explorer
- ManageEngine Analytics Plus
- Jira service desk
- Zoho CRM
- Zoho Creator
- ServiceNow
- Zendesk
FAQs
How-Tos
Knowledge Base
MDM Release Notes

Device Activation Settings

When enrolling new or factory-reset devices through Apple Business Manager (ABM), the settings that have been configured in the MDM console are automatically applied as soon as the device is activated. This automation significantly simplifies the device setup process, allowing for a quick and efficient rollout of devices across the organization. By ensuring that each device is provisioned according to your organization's specific policies and requirements, this feature not only saves time but also enhances compliance and security. As a result, IT administrators can ensure a consistent experience for users while effectively managing device configurations and settings from a centralized platform.

Below is a detailed breakdown of the different sections within the Device Activation Settings:

Basic Settings

Device to be Activated by User or Admin: Choose whether the device activation process will be performed by the end-user or by an administrator. If the administrator is selected, the admin will need to manually assign users to devices from the MDM server, ensuring proper user-device association before the device is deployed. If the end-user is selected, they will be prompted to enter credentials, such as their Active Directory username and password, during the activation process. Refer the Configure Device Activation for Userssections to learn more.
Note: A directory service must be integrated with MDM if you choose user activation.
Assign to Group: Automatically assign the device to a specific group during activation. This can help in categorizing devices based on their role, location, or department, allowing for the automatic deployment of apps, configurations, and policies tailored to that group.
Note: To distribute specific profiles and apps to a group of devices, make sure to assign all devices registered with an MDM server in ABM to a group in the MDM. Then, distribute the required profiles and apps to that group.

Setup Assistant:

Configure the steps that users will encounter during the initial setup of their devices. You can customize the setup experience based on the type of device being enrolled. Admin can skip specific steps or choose "Skip All Steps" to ensure the device is ready to use immediately upon activation. The available configurations include:

All Devices: This section applies universal settings to all devices, such as skipping specific steps like Siri, iMessage, FaceTime, or other configurations that you may not want users to set up initially.
iPhone and iPad: Customize the Setup Assistant experience for iPhones and iPads. For example, disable setup screens for specific services like Apple ID, Touch ID/Face ID, or Apple Pay to simplify the user onboarding process.
Mac: Define settings specific to macOS devices. You can skip initial setup steps, such as the iCloud login or enabling Siri, to ensure that Macs are ready for use as quickly as possible.
Apple TV: Configure Apple TV devices by bypassing unnecessary setup screens like Siri, location services, or single sign-on.

Note: skipping "Sign in with Apple ID and iCloud" will prevent users from restoring devices via iTunes and iCloud.

All devices

CONFIGURATION	DESCRIPTION
Sign in with Apple ID and iCloud	Select to skip Apple ID and iCloud sign in by the user during setup. This does not restrict the user from signing in once the device setup is completed.
Touch ID Setup	Select to skip Touch ID configuration during setup. The user can, later on, configure the Touch ID after completing the device setup.
Diagnostics	Select to omit a user prompt to send diagnostic data to Apple during device setup.
Display Tone	Select to skip the Display Tone setup assistant screen during device setup.
Location Services	Select to disable Location Services during setup. If disabled, Location Services are turned off. The user can modify the location settings after completing the device setup.
Passcode	Select to prevent users from setting up a Passcode during the setup assistant process. This can be skipped if a passcode profile is distributed through MDM.
Payment	Select to prevent users from setting up an Apple Pay account in the setup assistant. This does not restrict the user from configuring it once the device setup is completed.
Privacy	Select to omit the Privacy screen during the setup assistant process.
Restore backup from old device	Select to restrict user from restoring iCloud / iTunes backup to device.
Terms and Conditions	Select to disable the Terms and Conditions step during device setup. If disabled, the Terms and Conditions are accepted by default.
Siri	Select to restrict the user from configuring Siri during device setup. If restricted, Siri is turned off. This does not restrict the user from configuring it once the device setup is completed.
Zoom	Select to omit the Zoom functionality step during device setup.

iOS

CONFIGURATION	DESCRIPTION
Restore from Android device	Select to prevent users from restoring back up from an Android device.
Keyboard Selection	Select to prevent users from choosing a keyboard type during device setup.
App Store pane	Select to prevent the App Store setup from appearing during device setup.
Home Button Sensitivity	Select to allow users to enroll devices without configuring the Home button sensitivity during setup.
iMessage and FaceTime	Select to skip the iMessage and FaceTime prompt during the setup assistant process. This does not restrict the user from configuring the same once the device setup is completed.
New feature highlights	Select to skip on-boarding informational screens for user education during the setup assistant process (“Cover Sheet, Multitasking & Control Center”, for example).
Screen Time	Select to prevent informing users about Screen Time during device setup.
Mandatory software updates	Select to skip the Mandatory software update screen during the setup assistant process.
Watch Migration	Select to prevent users from viewing options for Watch Migration during the device setup.
Appearance	Select to skip the Choose your Look screen during iOS setup.

macOS

CONFIGURATION	DESCRIPTION
FileVault	Select to prevent users from configuring a FileVault account during device setup. It is recommended to configure and distribute a FileVault Encryption profile through MDM.
iCloud diagnostics	Select to omit a user prompt to send diagnostics to iCloud during device setup.
iCloud storage	Select to skip iCloud Documents and Desktop screen during device setup.
Apple Registration	Select to restrict user from registering the device with Apple during setup.
App Store pane	Select to prevent App Store setup from appearing during the device setup.
Unlock with Apple Watch	Select to restrict users from unlocking devices with Apple Watch

tvOS

CONFIGURATION	DESCRIPTION
Screensaver	Select to allow users to enroll a tvOS device without configuring a screensaver. This does not restrict the user from configuring the same once the device setup is completed.
Tap to Setup	Select to skip the option of setting up Apple TV using an associated iOS device (user needs to enter the account information and setting choices separately).
Home screen layout sync	Select to prevent users from toggling the TV home screen layout during device setup.
TV Provider SignIn	Select to prevent users from signing in to a TV provider during setup.
Where is this Apple TV? Screen	Select to omit the Where is this Apple TV step on tvOS devices during setup.

Shared Devices:

For organizations that utilize shared devices, such as shared iPads or Macs in educational or corporate environments, you can configure settings to optimize the shared usage experience:

User-Controlled: Determine if the device will allow multiple user accounts. This is useful in environments where devices are shared among several users.

Maximum Number of User Accounts: Set a limit on the number of user accounts that can be created on each shared device to manage storage and ensure optimal performance.

Storage Limit per User: Allocate a specific amount of storage space per user on shared devices to prevent a single user from consuming excessive storage resources.

Mac Account Settings

To configure user accounts on devices enrolling through Automated Device Enrollment (ABM/ASM), check the option Create Mac Accounts under the Mac subsection within the Device Activation Settings section.

Here, you will see options to set up Mac accounts during the initial setup of the device:

1.Managed Administrator Account

Configure this section to create a common service account on all your macOS devices enrolling through Automated Device Enrollment (ABM/ASM). This account will have administrator privileges by default, allowing the sysadmin to install software, make changes to system settings, and manage other user accounts.

Full Name: Enter the full name of the user or administrator for this account.
Account Name: This is the short name that will be used for the user account, often used as the username.
Password: Enter a secure password that will be required to log in to the account.
Hide from Login Window: You can choose to hide this account from appearing in the login window by selecting "Yes." If "No" is selected, the account will be visible at the login screen.

2. Local User Account:

When you enable the "Local user account" option, it allows the creation of a local user account during the Mac device setup process. The account is configured through the Setup Assistant, guiding the user to complete the setup based on the predefined settings.

- Admin Account: If this option is selected, the additional account created will have administrative privileges. An administrator account can make system-wide changes, install software, and manage other user accounts.

- Standard Account: Selecting this option will create a standard user account with limited permissions. A standard account can perform most tasks like using applications and saving files but cannot modify system settings or install software.

Full Name:

This field allows you to define the full name for the additional account.

You can also use dynamic variables such as %username% to define the pattern for the FullName, though using dynamic variables is not mandatory.

Account Name:

You can use dynamic Variables like %username% and %organization_name% to create unique patterns for the Account name . For instance, %firstname% and %organization_name% can generate names like "John's ABC Corp."
Another example is %devicenumber%, which adds a sequential number to device names (e.g., "iPhone 1", "iPhone 2") during enrollment for unique identification. For more information on Dynamic Variables, refer to this guide.

ManageEngine MDM automatically uses the configured naming pattern to populate account details, ensuring that the username is unique and aligned with the user assigned to the device.

Note: To use dynamic variable like %username% populating the Full Name and Account Name fields, ensure that either Device Activated by is set to User or the user is assigned prior to initiating device enrollment. This allows the system to fetch the necessary user details from Active Directory (AD) during the enrollment process.

Lock Account details:

If "Lock Account details" is set to Yes, it prevents the user from editing the account.

Local user account creation in Mac will appear as follows:

If "Local account details" is set to "Yes", the "Full Name" and "Account Name" fields will be greyed out and pre-filled. You will only need to enter and verify the password, and optionally provide a password hint, before clicking "Continue" to complete the setup.

Editing Device Activation Settings in MDM

Editing the Device Activation Settings of an existing server in MDM enables administrators to customize how devices are activated during enrollment. These changes will take effect the next time the devices are booted or activated. Follow the steps below to edit an existing server.

Login to MDM Console and navigate to Enrollment > Apple > Apple Enrollment (ABM/ASM).
Click on the "Server" tab and select the server you want to modify for user-activated devices.
Click the ellipsis icon under the Action column next to the server you wish to modify. Select "Modify Settings" from the drop-down.

Configure Device Activation for User

Under Basic Settings, select "User" for the "Device to be activated by" option. This setting ensures that users will activate their devices by entering their credentials (e.g., Active Directory username and password).

Note: This option is not available in the Cloud-MSP version where the Admin method is set as the default.

Directory Service Integration: If user activation is selected, ensure a directory service is integrated with MDM. Specify the Authentication Mode for Self Enrollment to allow users to activate their devices using their directory credentials.
Configure Self Enrollment (If Not Set Up Already): Navigate to the Self Enrollment option on the page to configure it. Provide the Authentication Mode and other required settings, and click Save. For more details, refer to the Self Enrollment Guide.
Assign to Groups During Activation: Navigate to the Device Activation Settings page. Use the "Assign to Group" option to categorize devices during activation, helping to organize them based on roles, locations, or departments. This feature also enables the automatic deployment of apps, configurations, and policies based on group assignment.
Save the Changes: Once you have completed the necessary modifications, click "Modify" to save your changes.

What's Next?

Device Activation by Admin and End User

Find out how administrators and end users can activate devices after enrollment by checking out the Device Activation Guide.

Enroll Device through ABM

Learn how to enroll your devices in the MDM system through Apple Business Manager by visiting our ABM/ASM Device Enrollment Help Guide.

Create and Manage Groups

To create groups for effective device management, please navigate to our detailed Creating Groups Guide.

Jump To

Device Activation Settings
Mac Account Settings
Editing Device Activation Settings in MDM
Configure Device Activation for User
What's Next?

< Previous

Next >

Identity and access management

Unified service management

Unified endpoint management and security

IT operations management and observability

Security information and event management

Advanced IT analytics

Low-code app development

Cloud solutions for enterprise IT

IT management for MSPs

Active Directory management Manage, track, and secure Active Directory

Identity governance and administrationOrchestrate user identity management and access controls for Zero Trust

Privileged access managementControl and secure privileged access to critical enterprise systems

Enterprise and IT service managementDeliver a consistent employee experience across business functions

Customer service managementBuild a one-stop portal for customers with efficient account management

IT asset managementCentralize and automate the complete IT asset life cycle

SIEM Spot, investigate, and neutralize security threats

Log and compliance managementGain deeper visibility into security events and ensure compliance

Security auditingAudit Active Directory, cloud platforms and files to enhance your security posture

Endpoint management and protection platform (UEM and EPP)Secure and manage endpoints to protect your IT assets effectively

Endpoint managementAchieve intelligent IT device management with zero user intervention

Endpoint securityDefend against threat actors with proactive and reactive measures

Full-stack observability and digital experience monitoringAchieve end-to-end visibility, proactive issue resolution, and enhanced security

Network and server performance monitoringEnsure network, server, and storage reliability with AI-powered insights

IT incident managementEfficiently manage and resolve IT incidents while ensuring transparency

DNS and DHCP managementOptimize IP address and domain management

Cloud cost managementRight-size and take control of your cloud costs

IT analyticsConnect to your IT applications and visualize all facets of your IT

Cloud-native solutions for IT managementMonitor, manage, audit, and secure your multi-cloudand hybrid infrastructure

Business applications for ITBoost productivity and improve team collaboration

Custom solution builderBuild tailor-made apps to automate operations at your organization

Solutions for MSPsGrow your MSP business with scalable and secure IT management solutions

Device Activation Settings

Basic Settings

Setup Assistant:

Shared Devices:

Mac Account Settings

1.Managed Administrator Account

2. Local User Account:

Editing Device Activation Settings in MDM

Configure Device Activation for User

What's Next?

Device Activation by Admin and End User

Enroll Device through ABM

Create and Manage Groups

Active Directory
management Manage, track, and secure Active Directory

Identity governance
and administrationOrchestrate user identity management and access controls for Zero Trust

Privileged access
managementControl and secure privileged access to critical enterprise systems

Enterprise and IT service
managementDeliver a consistent employee experience across business functions

Customer service
managementBuild a one-stop portal for customers with efficient account management

IT asset
managementCentralize and automate the complete IT asset life cycle

Network and server
performance monitoringEnsure network, server, and storage reliability with AI-powered insights

IT incident
managementEfficiently manage and resolve IT incidents while ensuring transparency

Cloud-native solutions for IT managementMonitor, manage, audit, and secure your multi-cloud
and hybrid infrastructure