Install the WatchGuard Mobile Security iOS App on Supervised Devices (Third-Party MDM Solution)
Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP
To use the URL filtering capabilities provided by WatchGuard Endpoint Security, the iOS devices must be in supervised mode. This topic describes the process to enable supervised mode and then deploy the app from a third-party mobile device management (MDM) solution.
If a device is already in supervised mode, you can proceed to install the WatchGuard Mobile Security app from the MDM solution. For more information, see Install the WatchGuard Mobile Security App on iOS Devices Enrolled in a Third-Party MDM Solution
We recommend installation with a third-party MDM solution only if you already use an MDM solution. For information on the WatchGuard MDM solution, see Mobile Device Management for iOS Devices.
Before You Begin
- Review the Requirements for Supervised Mode.
- If your device uses AuthPoint for multi-factor authentication, you must migrate the WatchGuard tokens from your device before you reset the device and enable supervised mode. For information on how to migrate a token, see Migrate Your Token.
- Verify that your MDM solution can import external configuration files. For more information, see the product documentation for your MDM solution.
Caution: When you configure a device in supervised mode, the device resets to factory-default settings. All data, programs, and settings are deleted. You can restore data stored in iCloud when you sign in with your Apple ID on the reset device. For information on how to back up and restore apps and data when iCloud is not available or sufficient, see the Knowledge Base article, Supervised iOS Devices: Back Up and Restore without Losing Data, before you enable supervised mode.
Enable Supervised Mode
The steps to enable supervised mode on an iOS device vary with each MDM solution. For information on how to enable supervised mode on the iOS devices enrolled in your MDM solution, see the product documentation for your MDM solution.
To determine whether a device is supervised, open Settings. The supervision message shows in the heading of the Settings page.
Install the WatchGuard Mobile Security App
After you enable supervised mode on the iOS device, you can deploy and install the WatchGuard Mobile Security app. In this procedure, steps that relate to the MDM solution can vary for each solution. For more information, see the product documentation for your MDM solution.
To deploy and install the app:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Computers.
- Click Add Computers.
- Click the iOS icon.
- Click Installation Using Another MDM Solution.
The iOS - Another MDM solution dialog box opens and shows information the MDM solution needs to enroll the device.
- Click Download.
An XML file with the .mobileconfig extension downloads to the computer. - In the MDM solution, import the .mobileconfig file.
- In the MDM solution, push the configuration file to the iOS devices you want to enable URL filtering for.
- In the MDM solution, import the WatchGuard Mobile Security app directly from the App Store.
- To find the app in the MDM solution, search the iTunes Store Id, Bundle Id, or App Name fields, or use the general search features included in the solution.
- In the WatchGuard Mobile Security app that you imported, associate and define these parameters:
- x_wg_device_name — The device name that shows in the Endpoint Security management UI. In the x_wg_device_name parameter, enter the variable used by the MDM solution to represent the name of the device that will receive the WatchGuard Mobile Security app. If you do not use a variable, all mobile devices that receive the WatchGuard Mobile Security app show the same name in the management UI. Each MDM solution uses a different variable name and syntax. See your product documentation for more information
- x_wg_is_supervised — A variable from the MDM solution that indicates that the device is supervised. If your MDM solution has a variable that enables you to dynamically set the content of this parameter, add it. If there is no parameter, WatchGuard Mobile Security tries to determine whether the device is supervised or not.
- x_wg_integration_url — The URL that points to the information that the app requires to integrate with the group selected by the administrator in the Endpoint Security management UI. Copy the content of the x_wg_integration_url attribute shown in the management UI and paste it in the parameter defined in the MDM solution.
These parameters are sent with the WatchGuard Mobile Security app when you push it to the devices managed with the MDM solution. Each MDM solution uses different variable names and syntax. For more information, see the product documentation for your MDM solution.
- Push the WatchGuard Mobile Security app from the MDM solution to the devices that you want to protect.
The app installs silently. - After the app downloads and installs, open it for the first time.
The message WatchGuard Mobile Security Would Like to Send You Notifications appears. - Tap Allow.
The device is added to the management UI and the message WatchGuard Mobile Security Would Like To Filter Network Content appears. - Tap Allow.
- Enter the device password.
The OK window opens. The installation is complete. The device appears in the group selected in the folder tree in the management UI.