NinjaOne MDM – Setup and first impressions

Hi!
Since i have gotten the opportunity to try out NinjaONE’s MDM Solution i thought that i might as well write something about it. Thanks to NinjaOne for the opportunity!

The MDM solution itself is in a early stage and NinjaOne seems to be working hard to getting new features out. As far as this review goes the big comparison will be compared to Microsoft Intune’s iOS and Android management.

Setup

To start managing your devices, you first have to sign in to your organizations Ninja web interface and then navigate to “Administration”, “Apps” and then “Installed”. NinjaOne MDM should be visible and enabled for you to continue the follow along. Otherwise, contact your NinjaOne representative to be given a Demo and access.

Once in, you will be met with a simple interface divided in Apple and Android, and the only real alternative is to set up for either one or both OS’s.

Setup – Apple

Apple Push Notifications Service

To be able to set up Apple device management, you first need to have access to Apple Business/School Manager (ABM). This can be done here. This might take a couple of work days to be approved by apple and your usage needs to be assigned to an organization.

If you already have Apple Business Manager set up, you should just click “Enroll” and this pop up should show.

1. Firstly, download your CSR to your local device.
2. Then log onto the Apple certification portal by click the link.
3. Once signed in, click on “Create a Certificate”. If you already have certificates active, do not touch them. Revoking or renewing them might cause issues with you current MDM provider.
4. Approve the Terms of Use.
5. Upload the .csr-file you got from NinjaOne.
6. Download the .pem-file by clicking the download button.
7. You are now done with the Apple certification portal. Go back to Ninja and upload the .pem-file just downloaded. Also enter the Apple-ID used to create the certificate in the fourth point and then press “Save”.

Now you have managed to enroll your NinjaOne MDM to Apple Push Notifications service (APNs) and the enrollment for Automated Device Enrollment (ADE) is now available.

Automated Device Enrollment (ADE)

After you are done with APNs enrollment the enrollment button for ADE should be available. Click on it and below pop up window should appear.

1. Follow the steps in the pop up by starting off with downloading the public key, provided by your NinjaOne MDM.
2. Continue by opening a new tab and go to https://business.apple.com and sign in with your administrator Apple ID.
3. Once signed in, click to bottom left where it should state the name of your organization and then “Preferences.
4. Under the title “Your MDM Servers” click on “Add”.
5. Give your MDM server a fitting name and upload the .pem-file you just downloaded from NinjaOne.
6. Once saved, it should be visible in the list of MDM servers. Click on it again and click on “Download MDM Server Token” and save the file.
7. Back to NinjaOne and upload the file and then click “Upload” to finalize the ADE enrollment.

Content token

Last but not least we need to create a content token. The content token is used to centrally buy licenses to distribute applications to your Apple devices.

1. Head back to ABM once again and sign in with a administrative account.
2. Once signed in, click to bottom left where it should state the name of your organization and then “Preferences.
3. Now go to “Payments and Billing”.
4. Under the tab “Apps and Books” you should have your content tokens available.
5. Download the token to your local device.
6. Now, we should go back to NinjaOne MDM and click “edit” in the last box labeled “Apps and Books”.
7. Give your token a good name, in my case i named it “NinjaOne VPP” (VPP stands for Volume Purchasing Program).

If you already have another MDM set up and have purchased apps before, all those apps should be available in NinjaOne as well and will be found under “Assets”.

Note that all above certificates will need to be renewed in a years time. If they are not renewed in time some managed devices might need to be reinstalled to be continually managed.

Enrollment profile

This part is only needed for those who are planning to use pre registered devices from Apple Business Manager. It is a way to automatically enroll your devices when the end user receives it. The registration can be done from the majority of bigger phone sellers. Devices are then assigned

To start managing your enrollment profile you will have to start out in NinjaOne once more.

1. Go to Apps, Installed and then NinjaOne MDM.
2. In the “Automated Device Enrollment (ADE)” box, click on “Actions” and then “Edit profile & devices”.
3. The first page you land on is the configuration of your Enrollment profile. Fill in the Profile name, Support Email Adress and their Support Phone number.
4. After that it mostly up to you as an administrator to customize your end users enrollment experience.
5. Don’t forget to save your enrollment profile when you are done in the bottom right corner while scrolled down to the bottom of the page.

Setup – Android

To set up the Android part of NinjaOne MDM, switch to the upper tab that says Android and simply press Enroll. This will lead you to a Google Enterprise setup form. Enter a e-mail address of your choice. A personal recommendation is to handle this part with a shared mailbox if you are working in a team with your device management.

By the last page you have the choice to pick manage more than Android Enterprise with your account, that will not be necessary for NinjaOne. When you have gone through the enrollment form, you should be all enrolled to Android Enterprise.

Personal thoughts (so far)

• The setup process was very straight forward and easily understood.
• The interface is clean.
• Troubleshooting is hard, since you do not get a feeling for what could be wrong when all configuration (and apps) are pushed through one huge profile.

Managing policies will follow in the next post.

Thank you for reading!