Now that you created an MDM server in Apple School Manager (ASM), exchange keys to allow for mutual authentication between Workspace ONE UEM and Apple so that you can sync devices and class information later.


  1. In the UEM console, navigate to Groups & Settings > All Settings > Devices & Users > Apple > Device Enrollment Program and select Configure.
    A Device Enrollment Program window appears.
  2. Download the public key by selecting the MDM_DEP_PublicKey.pem file and save the public key.
    Leave this window and the browser session open.
  3. Navigate back to the Apple School Manager window you left open.
  4. Select Upload File and Upload your Public Key in Apple School Manager.
  5. Navigate to the MDM_DEP_PublicKey.pem that you downloaded from the UEM console and upload it. Select Next.
  6. Select Your Server Token to receive an encrypted Apple Server Token file (.p7m) and save it in a convenient location.
  7. Navigate back to the Device Enrollment Program window of the UEM console.
  8. Select Upload and select Apple Server Token File (.p7m). Select Next.
    Device Enrollment Program


Now, Workspace ONE UEM and Apple can authenticate each other.