You must configure iOS devices in supervised mode and using MDM solutions to leverage the URL filtering capabilities provided by Panda Adaptive Defense 360.
Placing a device in supervised mode resets the device to its factory-default settings. All data, programs, and settings will be deleted. To remove the supervised state, reset the device to factory-default settings again. |
Requirements
- A macOS computer with macOS 10.15.6 or higher.
- The Apple Configurator 2 app. You can download it for free at
https://apps.apple.com/es/app/apple-configurator-2/id1037126344?mt=12 - A USB cable to attach the iOS device to the macOS computer.
- To enable web filtering on supervised iOS devices enrolled into a third-party MDM solution, the MDM solution must allow import of external profiles. Verify whether your MDM solution supports this feature before you begin the procedure described in this section.
The process to configure an iOS device in supervised mode is carried out independently from the process to enroll it into the MDM solution. When you configure an iOS device in supervised mode, all data and apps on the device delete. To create a backup of the data and restore it after the procedure has been completed, see Configuring an iOS device in supervised mode without loss of data.
- Create the Blueprint
- On the macOS computer, open the Apple Configurator 2 app. Select File, New Blueprint. The All Blueprints window opens, showing all Blueprints created so far. The newly created Blueprint is automatically selected.
- the Apple Configurator 2 app, select File, New Blueprint. Type in the name of the new Blueprint and press Enter.
- Select the created Blueprint. Click Add in the top bar. A pop-up menu appears.
- Select Profiles from the menu. A list appears that shows all profiles created so far. Select the Wi-Fi profile you created earlier and click Add. The profile is added to the Blueprint.
- Install the client software for iOS using the Panda MDM.
- Verify you have a valid Apple certificate uploaded to the Panda Adaptive Defense 360 management console. To generate or renew a certificate, see this KB article.
- Make sure your company's iOS devices do not have a third-party MDM profile already installed. If they do, delete the profile from your devices.
- To add the iOS device to a group created in the management console, select Add computers to this group. From the drop-down list, select a folder.
- Click the Send URL by email button. The email program installed on the computer opens.
- Enter the email address of the user that will use the iOS device you want to enroll. Click Send.
- Prepare the device.
- In the Apple Configurator 2 app, select the created Blueprint and click Prepare in the top bar. The Prepare Devices window opens.
- In Prepare with, select Manual configuration, Supervise devices, and Allow devices to pair with other computers. Click Next. The Enroll in MDM Server window opens.
- In Server, select Do not enroll in MDM. Click Next. The Sign in to the Device Enrollment Program window opens.
- Click Skip. The Create an Organization window opens.
- Enter your company’s details. Click Next.
- Select Create a new supervision identity. Click Next. The Configure iOS Setup Assistant window opens.
- Choose which steps will be presented to the user in the Setup Assistant the first time the user turns on the iOS device. Click Prepare. A window opens that prompts for the macOS computer administrator credentials.
- Click Update Settings. A pop-up window opens that shows the status of the configuration process.
- After the procedure is complete, the Blueprint is created and ready to be applied to all relevant iOS devices.
- Applying the Blueprint to iOS devices
- Before enrolling a supervised iOS device into an MDM solution, make sure the Find My iPhone option is disabled
- Tap Settings.
- Tap the user’s name. Tap Find My.
- Tap Find My iPhone, then tap to disable it.
- Enter the Apple ID password.
- Tap Turn off.
- Connect the iOS device to the macOS computer with a USB cable. The Apple Configurator 2 app must be open during the process. The message Trust This Computer? appears on the mobile device.
- Tap Trust.
- In the Apple Configurator 2 app, click All devices in the top bar. After connecting, you can see your device in the Apple Configurator window.
- Right-click the device. A drop-down menu appears.
- Click Apply. Select the created Blueprint. A window opens for you to confirm you want to apply the Blueprint.
- When you click Apply, the following actions are taken on the iOS device:
- The device is reset to its factory-default settings.
- All data and apps are deleted from the device.
- The device is placed in supervised mode.
- Before enrolling a supervised iOS device into an MDM solution, make sure the Find My iPhone option is disabled
- Verify that the device is supervised
- In the Apple Configurator 2 app, click Supervised in the top bar. The new supervised device is shown.
- Tap Settings on the iOS device. In the upper-left corner, under the phone name, the message “This iPhone is supervised and managed by (company name)” is shown.
- Click Supervised in the top bar. The new supervised device is shown.
- Enroll the supervised device into the Panda MDM solution.
- Configure the email app on the supervised iOS device. Download the message that contains the MDM enrollment URL. This message was sent earlier from the Panda Adaptive Defense 360 console.
- Tap the link. A window opens that shows the message This website is trying to download a configuration profile. Do you want to allow this?
- Tap Allow. After the profile has been downloaded to the iOS device, the message Profile Downloaded appears.
- Open the Settings app on the iOS device. The Settings window opens.
- Tap General. The General window opens.
- Tap VPN and device management. The WatchGuard MDM Service downloaded profile is shown.
- Tap WatchGuard MDM Service. The Install profile window opens with information about the security of the downloaded file.
- Tap Install in the upper-right corner. You are asked to enter the phone password.
- Enter the password. A Warning message appears, indicating that the device will be managed remotely.
- Tap Install in the upper-right corner. The Remote Management window opens.
- Tap Trust. The profile is installed. After a few minutes, the Panda Adaptive Defense 360 agent is downloaded and installed automatically.
- After the app is downloaded and installed, tap it to run it for the first time. The message WatchGuard Mobile Security Would Like to Send You Notifications appears.
- Tap the Allow button. The device is added to the Panda Adaptive Defense 360 console and the configuration process is complete.
Steps to enable supervised mode and to deploy the iOS agent from a third-party MDM solution
The various MDM solutions available on the market support different methods to enable supervised mode on iOS devices. See the documentation to enable supervised mode on the iOS devices enrolled into your MDM solution. To set WatchGuard Mobile Security as the app in charge of filtering web traffic on iOS devices, the MDM solution that you use must allow import of external configuration profiles. Verify whether your MDM solution supports this feature before you begin the procedure.
- Select the Computers menu at the top of the management console. Click the Add computers button. A window opens that shows all platforms supported by Panda Adaptive. Click the iOS icon. The iOS window opens.
- Click the Installation using another MDM solution link. The iOS - Another MDM solution window opens with the information the MDM solution needs to integrate the device.
- Click the Download link to get the profile that will set WatchGuard Mobile Security as the app configured to filter web traffic on the target iOS devices. An XML file with the .mobileconfig extension downloads to your computer.
- Import the .mobileconfig file into the third-party MDM solution and push it to the iOS devices where you want to enable URL filtering.
- In the third-party MDM solution, import the WatchGuard Mobile Security app directly from the Apple Store. To do this, use the iTunes Store Id, Bundle Id, or App Name fields or the search features included in the MDM solution.
- Associate and define the parameters x_wg_device_name, x_wg_integration_url, and x_wg_is_supervised in the WatchGuard Mobile Security app imported into the third-party MDM solution repository. The information contained in these parameters is sent along with the WatchGuard Mobile Security app when you push the app to the devices managed with the MDM solution.
- x_wg_device_name: Contains the device name that will be shown in the PandaAdaptive Defense 360 console.
In the x_wg_device_name parameter, enter the variable used by the MDM solution to represent the name of the device that will receive the WatchGuard Mobile Security app. - x_ wg_ integration_ url: Contains the URL that points to the information that WatchGuard Mobile Security needs to integrate into the group chosen by the Panda Adaptive Defense 360 administrator.
Copy the content of the x_wg_integration_url attribute shown in the Panda Adaptive Defense 360 console to the parameter defined in the MDM solution. - x_wg_is_supervised: Tells WatchGuard Mobile Security whether the device where it is going to be installed is supervised or not.
If your MDM solution has a variable that enables you to dynamically set the content of this parameter, add it. Otherwise, do not add the parameter. WatchGuard Mobile Security will try to determine on its own whether it is running on a managed device or not.
- x_wg_device_name: Contains the device name that will be shown in the PandaAdaptive Defense 360 console.
- Push the WatchGuard Mobile Security app from the MDM solution to the devices that you want to protect. After a few minutes, the app is installed silently.
- After the app is installed, tap it to run it for the first time. The message WatchGuard Mobile Security Would Like to Send You Notifications appears.
- Tap the Allow button. The device is added to the Panda Adaptive Defense 360 console and the configuration process is complete.
- How to install Aether products on iOS devices with Panda MDM integrated solution
- How to install Aether products on iOS devices with third-party MDM solutions