logo
Welcome to Zip
/
Managing your Security Strategy

Setting Up Apple Business Manager

What is Apple Business Manager (ABM)?

ABM is a web-based portal that enables organizations to manage Apple devices efficiently. Some of our customers opt to use ABM to help manage their Apple devices and benefit from zero-touch deployment.

Pre-Requisites

Before follow the instructions below, it’s important to confirm two things:
  1. Please confirm you have an apple business manager account. If you don’t, you can set one up following the instructions here: https://support.apple.com/guide/apple-business-manager/sign-up-axm402206497/web
  1. Make sure you have access to your Jamf instance - email info@zipsecinc.cc if you need this!

Instructions

Please follow the below instructions to set up ABM for your organization:
Where you see the text {{subdomain}} you should replace this with your organizations’ jamf subdomain: e.g. for zipsecurity.jamfcloud.com , {{subdomain}}= zipsecurity.
  1. Confirm the Apple Customer Number is Active
    1. Navigate to https://business.apple.com/#/main/preferences
      1. Alternately, click on your Account Name in the bottom left hand corner and select Preferences.
    2. Under the Device Management Services header, Select Management Assignment.
    3. Under the Customer Numbers header, confirm there’s an 🟢 Active indicator. If not, we can’t proceed! Reach out to info@zipsecinc.cc to explore additional options.
      4. Image without caption
  1. Get the public key from Jamf
    1. Navigate to https://{{subdomain}}.jamfcloud.com/deviceenrollmentprograminstances.html
    2. Press Public Key (This downloads a .pem)
  1. Configure ABM to recognize the Zip-managed Jamf instance
    1. Navigate back to ABM: https://business.apple.com/#/main/preferences
    2. Next to Device Management Services, Select Add +
    3. Service Name = “Zip MDM Server”
    4. Service Settings > Upload Certificate
      1. Upload the .pem we just downloaded from Jamf
    5. Press Save
    6. Press Download Token (up at the top of the page)
    7. Click through Download Server Token (this will download a .p7m)
  1. Upload the ABM token in Jamf
    1. Return to https://{{subdomain}}.jamfcloud.com/deviceenrollmentprograminstances.html
    2. Press + New
      1. Display Name = ABM
      2. Press Upload Server Token File
        1. Upload the .p7m token we just got from ABM
      3. Press Save
    3. Confirm that all of the Apple ID fields have values
  1. Return to https://{{subdomain}}.jamfcloud.com/deviceenrollmentprograminstances.html and confirm that Last Sync exists
  1. Select the MDM Server we just created in ABM as the Default MDM service
    1. Return to ABM: https://business.apple.com/#/main/preferences
    2. Management Assignment > Device Assignment > Edit
    3. For Mac, select “Zip MDM Server” (what we defined above)
    4. Press Done
      5. Image without caption
  1. Configure IdP based SSO during Pre Stage Enrollment
    1. Navigate to https://{{subdomain}}.jamfcloud.com/view/settings/global-management/enrollment-customization
    2. Press + New
      1. Display Name = “SSO Sign in Pane”
      2. Description = “SSO Sign in Pane for Google Workspace”
    3. Under PreStage Panes, Press + Add Pane
      1. Display Name = “SSO Sign in”
      2. Pane Type = “Single Sign-On Authentication”
      3. Configure Enrollment Access For = “Any identity provider user”
      4. Enable Jamf Pro to pass user information to Jamf Connect = “Disabled” / Off
      5. Press Apply
  1. Define what the MDM server will do
    1. Return to https://{{subdomain}}.jamfcloud.com/deviceenrollmentprograminstances.html
    2. Press + New
    3. Within General
      1. Display Name = “Zip MDM Server”
      2. Automated Device Enrollment Instance = ABM
      3. Check Automatically assign new devices
      4. Check Make MDM Profile Mandatory
      5. Check Prevent user from enabling Activation Lock
      6. Enrollment Customization Configuration, select SSO Sign In Pane
      7. Within Setup Assistant Options, check everything but…
        1. Location Services
        2. Terms and Conditions
        3. Touch ID / Face ID
        4. Choose your Look
        5. Accessibility
  1. You’re done!

Renewing ABM Certificate

After setting up your connection between Apple Business Manager and Jamf, you may need to renew the certificate. Please follow these instructions:
  1. Renew the token in Apple Business Manager
    1. Log in to your ABM account navigate to the Preferences page.
    2. Under “Device Management Services”, select “Zip MDM Server”.
        3. Image without caption
    3. At the top of the Screen, click “Download Token”.
      1. This message will pop up: “Downloading a new server token will reset your existing one.” Click Download Server Token to confirm.
          2. Image without caption
      2. A .p7m file will be downloaded to your device.
  1. Upload the AMB token to Jamf Pro
    1. Navigate to https://{{subdomain}}.jamfcloud.com/deviceenrollmentprograminstances.html
    2. Click on the name of the existing token. It should be display name ABM
      1. Click Edit in the bottom right corner
      2. Press Upload Server Token File
        1. Upload the .p7m token we just got from ABM
      3. Press Save
    3. Confirm that all of the Apple ID fields have values
    4. Confirm that the expiration date has been refreshed to a future date.
      1. Please e-mail info@zipsecinc.cc with this expiration date for our records.
👋
Questions? Here’s how to reach us:
  • Email: info@zipsecinc.cc
Managed Detection and Reponse Services
FAQs & Troubleshooting
Powered by Notaku
Share
Content
Setting Up Apple Business Manager
What is Apple Business Manager (ABM)?
Pre-Requisites
Instructions
Renewing ABM Certificate