Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. visionOS

Category filter

visionOS Device Enrollment in Hexnode UEM

Jump To

This comprehensive guide details the necessary steps and prerequisites for IT Administrators looking to enroll visionOS devices into Hexnode Unified Endpoint Management (UEM). By following these instructions, organizations can achieve centralized device management, enforce security policies, deploy configurations, and utilize key features like Account Driven Enrollment and Automated Device Enrollment (ADE) to effectively oversee their Apple spatial computing devices.

Prerequisites & System Requirements

Before initiating any enrollment, ensure the following foundational steps are complete:

  1. APNs Certificate: You must have the Apple Push Notification Service (APNs) certificate configured in your Hexnode UEM portal. This is mandatory for all Apple device management.
  2. visionOS Version:
    • For Account Driven Enrollment: visionOS 1.1 or later is supported.
    • For Automated Device Enrollment (ADE): visionOS 2.0 or higher is required.

Account Driven Enrollment Method

Account Driven Enrollment is a highly flexible method for enrolling visionOS devices, offering support for both corporate-owned and personally-owned devices (BYOD). This process relies on the user signing into their device using a Managed Apple ID for authentication.

JSON Configuration Requirement

For the user’s Managed Apple ID to successfully connect the device to your organization’s Hexnode portal, you must host a specific JSON file on your company’s domain.

Component Detail
File Location https://yourcompany.com/.well-known/com.apple.remotemanagement
Server Requirement Must support HTTPS GET requests.

Replace yourcompany.com with your organization’s actual domain.

Sample JSON Structures (Replace PortalName with your Hexnode portal name):

Enrollment Type JSON Snippet (Key Difference) Purpose
User Enrollment (BYOD) “Version”:”mdm-byod” For managing personal devices.
Device Enrollment (Corporate) “Version”:”mdm-adde” For managing company-owned devices.

Example JSON for User Enrollment (mdm-byod):

Example JSON for Device Enrollment (mdm-adde):

There are two available methods based on whether the device should authenticate during the process:

  1. Open Enrollment (Without Secondary Authentication)

    Enroll visionOS devices using open enrollment method

    This method allows users to enroll their visionOS device simply by signing in with their Managed Apple ID, bypassing a secondary Hexnode login prompt.

    Steps in Hexnode UEM Portal:

    1. Navigate to Enroll > Platform Specific > visionOS > Account Driven Enrollment.
    2. Select Switch to Open Enrollment > Open Enrollment.
    3. Choose the user Domain and a Default User.
    4. Set the Ownership (Personal or Corporate).
    5. Click Next.

    Steps on the visionOS Device (User Action):

    1. Open the Settings app.
    2. Go to General > VPN & Device Management.
    3. Sign in to the Work or School Account using the Managed Apple ID.
    4. Review and Agree to the Hexnode EULA.
    5. Enter the Managed Apple ID password to sign into iCloud.
  2. Authenticated Enrollment (With Secondary Authentication)

    Enroll visionOS devices using authenticated enrollment method

    This method requires users to authenticate using local or directory credentials (in addition to the Managed Apple ID) after being redirected to the Hexnode portal.

    Steps in Hexnode UEM Portal:

    1. Navigate to Enroll > Platform Specific > visionOS > Account Driven Enrollment.
    2. Select Switch to Authenticated Enrollment > Authenticated Enrollment.
    3. Select the User Types and set Ownership.
    4. Click Next.
    5. Select Email or SMS to send the enrollment request link.

      Options for selecting the method of sending enrollment requests in authenticated enrollment

    6. Select the correct Domain and User(s), then click Send.

    Steps on the visionOS Device (User Action):

    1. Follow steps 1-5 from the Open Enrollment process (Settings > VPN & Device Management > Sign in).
    2. After agreeing to the EULA, the Hexnode authentication screen will appear. The user must enter their Hexnode/directory credentials.
    3. Continue the sign-in with the Managed Apple ID password for iCloud.
    4. Tap Allow Remote Management to complete the enrollment.

Automated Device Enrollment (ADE)

Automated Device Enrollment (ADE), formerly known as DEP (Device Enrollment Program), is a highly efficient method for large-scale, corporate-owned deployments.

Key Benefits of ADE:

  • Zero-Touch Deployment: Devices automatically enroll upon first power-on/activation.
  • Mandatory Enrollment: Users cannot remove the MDM profile without organizational intervention.
  • Supervision: Devices are placed into Supervision mode, granting Hexnode UEM the highest level of administrative control and management capabilities.

Prerequisites:

  • The organization must be registered with Apple Business Manager (ABM).
  • The visionOS device must be running visionOS 2.0 or higher.
  • The Hexnode UEM portal must be linked to your ABM account.

This method eliminates manual configuration on the device and is often the preferred approach for true enterprise deployment. For detailed, step-by-step instructions on setting up and enrolling your Apple devices via ADE, please refer to the dedicated Hexnode help documentation: Enrollment of Apple Devices Through ADE.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Enrolling Devices
Managing visionOS Devices