TRY 14 DAYS FREE

No Search Results

No Search Results

TRY 14 DAYS FREE
subscribe-image

Subscribe to Hexnode Blog

Get fresh insights, pro tips, and thought starters–only the best of posts for you.

Wayne
Thompson

Streamlining Device Management with Apple’s Automated Device Enrollment (ADE)

Wayne Thompson

Feb 15, 2023

10 min read
Table of Contents

What is Apple’s Automated Device Enrollment?

Apple’s Automated Device Enrollment (ADE) formerly known as Device Enrollment Program (DEP), is a powerful tool that allows for easy setup and provisioning of a large number of iOS, iPadOS, tvOS, and macOS devices. This feature is especially beneficial for businesses and schools, as it enables automation of the enrollment process, remote management and monitoring of devices. In this blog post, we will explore the various aspects of ADE and how it can help organizations streamline their device management.

Making it easier for IT admins…

When it comes to managing a fleet of devices, the enrollment process can be a time-consuming task. ADE significantly streamlines the process. It enables pre-configuration of devices with settings, apps, and policies. Furthermore, eliminates the need for manual configuration of each device. This saves time and effort for IT departments. Additionally, it also ensures that all devices are set up consistently and securely.

Click to know more about Apple Business Manager

Features of Automated Device Enrollment

Apple’s Automated Device Enrollment has the following features:

Works with Apple Business Manager and Apple School Manager

ADE works with Apple Business Manager and Apple School Manager, which are designed to help organizations manage their Apple devices.

Enrolls devices with Mobile Device Management (MDM)/Unified Endpoint Management (UEM) automatically

ADE integrates with third-party MDM solutions, allowing organizations to manage their devices. It automatically enrolls devices with an MDM/UEM solution of choice during the setup process, without any user intervention.

Streamlines the setup process for new devices

Once the initial manual setup is completed, ADE simplifies the setup process for new devices by automatically configuring the predefined settings, installing apps and connecting to Wi-Fi, etc.

Let IT administrators pre-configure settings and restrictions

ADE allows IT administrators to pre-configure settings, restrictions and policies on the devices, ensuring that they are compliant with organizational standards.

Facilitates remote management of enrolled devices

ADE enables IT administrators to remotely manage enrolled devices, including the ability to push software updates, monitor device compliance, remotely wipe the device, and so much more.

Supports Supervised mode for additional management capabilities

ADE supports Supervised mode, which provides IT administrators with additional management capabilities, such as the ability to lock down the device, restrict access to certain apps and settings, and track device usage.

Preventing MDM removal

Removing the MDM profile manually from a device can prevent administrators from managing it. Enrolling through ADE allows for locking the profile to the device, making it non-removable and preventing end-users from disabling it. To set this up using Hexnode UEM, for example:
Go to the UEM portal, then navigate to Admin > Apple Business/School Manager > Apple DEP > DEP Configuration Profiles > Configure DEP Profile, and then disable the “Allow MDM Profile Removal” option.
Select this profile as the Default Policy when configuring the DEP account for your devices to prevent MDM profile removal.

Securing activation lock

Apple ADE also simplifies the activation lock process, which is designed to prevent unauthorized use of a device if it is lost or stolen. With ADE, activation lock can be automatically enabled during the enrollment process, and IT teams can easily bypass it if necessary.

Simplifying device replacement

ADE simplifies the process of replacing lost or damaged devices. When you enroll a replacement device in ADE, the system can automatically configure it with the same settings and policies as the original device.

Prerequisites

  • Devices bought from Apple or authorized dealers after March 1st, 2011, and running iOS 7 or later, iPadOS 13.1 or later, OS X 10.9 or later, or tvOS 10.2 or later can only be enrolled in the MDM/UEM solution.
  • For devices purchased directly from Apple, an enrolled and verified customer number from Apple should be used for the purchase.
  • On the other hand, if a device was obtained from an authorized reseller or network provider, it must be linked to the reseller’s Reseller ID and your organization must add this ID to the approved list of suppliers.
  • Additionally, devices running iOS 11 or later, iPadOS 13.1 or later, or tvOS 11 or later can be enrolled in DEP via Apple Configurator 2.5, regardless of the time and place of purchase.
  • For the UEM server to connect with the device, an APNs certificate must be configured.

Automating the enrollment process

One of the key benefits of ADE is that it minimizes the need for manual configuration of each device. This is particularly useful for organizations with a large number of devices, such as businesses and schools. ADE enables pre-configuration of devices with settings, apps, and policies, which can be shipped directly to end-users. The device automatically enrolls in the organization’s Mobile Device Management (MDM) solution when turned on for the first time. Additionally, it also receives the pre-configured settings, apps, and policies.

ADE enables custom configurations for various departments or groups within an organization or educational institution. For example, a school may want to set up different configurations for students and teachers, while a business may want to set up different configurations for employees in different departments. This level of specificity results in improved efficiency and effectiveness in the management of devices.

Employee using an enrolled iPad
Employee using an enrolled iPad
 

Remote management and monitoring

As mentioned before, ADE integrates with other MDM/UEM solutions such as Hexnode, providing various options for remote management and monitoring of devices. The degree of integration facilitates stronger device management and security. Furthermore, it also enables customization of management and monitoring to meet the unique requirements of an organization. Also, using the UEM enables administrators to manage devices remotely. This includes the ability to remotely install apps and updates, lock or wipe a device, and view device information, which streamlines device management and improves efficiency. This allows for greater flexibility and control over a fleet of devices, especially for organizations with employees working remotely or in different locations.

How to enroll your organization in ABM/ASM?

To enroll for the ADE, you need to be an IT administrator with access to an ABM/ASM account. Here’s how you can enroll:

  • Go to the ABM/ASM website then click “Enroll now”.
  • Provide your organisation’s information. Apple will contact your verification representative to verify your information. Once verified, you will receive an email confirming your enrolment approval. Next, Sign in and add your sales information.
    • If you purchased devices from Apple, get your Apple Customer Number from your purchasing agent, finance department or Apple Sales team.
    • If you purchased devices from an authorised reseller or mobile network provider, provide them with your Organisation ID and ask for their Reseller ID.
  • Once you’ve enrolled, you can add devices to your ABM/ASM account and set up automatic device management using MDM/UEM solutions.

Using Hexnode, Apple’s Automated Device Enrollment enables organizations to enroll multiple iOS, iPadOS, macOS, and tvOS devices to their UEM server. This can be done without manual intervention, which saves time and effort. The enrollment process streamlines and enables automatic configuration of devices during the initial setup process.

Now that we know we need a UEM/MDM solution to leverage the best of Automated Device Enrollment, let’s look at how to configure ADE with Hexnode and enroll devices to the Hexnode server.

Steps to enroll devices through Apple ADE
1. Add Devices to Apple Business Manager:
  • Obtain the Apple Customer Number or the Reseller ID from the device supplier.
  • Log in to the ABM account and add the number/ID by going to Preferences > MDM server assignment > Edit next to Customer Number.
2. Configure DEP Profile:
  • Log in to Hexnode portal.
  • Go to Enroll > Apple Business/School Manager.
  • Download the certificate file, then name the DEP account.
  • Go to Apple Business Manager, then sign in, and add the MDM server.
  • Upload the certificate file.
  • Download the server token, then upload it to Hexnode server.
3. Create a DEP Account in Hexnode:
  • Go to Enroll > All Enrollments > No-Touch > Apple Business/School Manager in the Hexnode UEM portal to obtain the MDM DEP certificate.
  • Provide an account name, download the certificate file, then sign into the ABM account.
  • Next, upload the public key and download the server token.
4. Assign Devices to the MDM:
  • Sign into your Apple Business Manager account.
  • Go to the “Devices” section. Find the desired devices by searching or using filters such as source, order numbers, and device type. Then, select “Edit MDM Server.”
  • Choose the “Assign to the following MDM” option and pick an MDM server to assign the devices to.
5. Sync Devices to Hexnode:
  • Go to Enroll > All Enrollments > No Touch > Apple Business/School Manager > DEP Accounts on Hexnode MDM console.
  • Click “Sync all DEP accounts”.
  • Go to DEP Devices to view synced devices.

In ABM, once you assign a device, you can view its details such as serial numbers, order numbers, assignment date, MDM server name, total device count, etc. Furthermore, the system deploys the device configuration settings immediately upon startup, and the Apple server pushes the configuration profile to trigger device enrollment. If the device is already in use, performing a factory reset will apply the configurations.

Adding devices to ADE using Apple Configurator

You can also enroll devices running iOS 11 or later, iPadOS 13.1 or later, or tvOS 11 or later in ADE via Apple Configurator 2.5. In this case, the devices need not be purchased from an authorized reseller. The steps are as follows:

A: Create Wi-Fi profile in Apple Configurator
  • Open Apple Configurator
  • Click File > New Profile > Wi-Fi > Configure
  • Enter SSID, security type, password, etc., then save the profile.
B: Prepare Blueprint and attach Wi-Fi profile
  • Open Apple Configurator.
  • Go to Blueprints and click Edit Blueprints.
  • Click New, then enter a name for blueprint and set the target device.
  • Add Wi-Fi profile to blueprint, prepare with manual configuration.
  • Choose enrollment server, org, sign in to ABM account.
  • Choose supervision identity, setup assistant steps, select Wi-Fi profile.
  • Prepare the blueprint.
C: Pair devices and apply Blueprint
  • Connect host Mac and the respective Apple device.
  • Select device, then click on Blueprints, choose required blueprint and click Apply.
D: Sync ABM account with Hexnode
  • Create DEP account in Hexnode.
  • Go to Enroll > Platform-Specific > tvOS > ABM/ASM.
  • Download DEP server token, upload to ABM portal, upload to Hexnode MDM.
  • Choose enrollment auth preferences.
  • Save DEP account.
E: Assign devices to Hexnode in ABM
  • List devices under Devices tab in ABM.
  • Select devices, then assign them to MDM server individually or in bulk.

The Hexnode UEM solution integrates with Apple’s enrollment program to automate the onboarding process and streamline the deployment of Apple devices. This helps IT administrators to save time and resources in managing large-scale device deployments, configure device settings, enforce security policies, and perform remote management tasks. Additionally, Hexnode UEM provides features such as inventory management, app management, content management, and reporting and analytics, which helps organizations effectively manage their Apple devices.

Featured resource

Apple Device Management

Get started with Hexnode’s Apple Device Management solution to manage iPhones, iPads, Macs and Apple TVs in enterprises; raise employee productivity, and reduce the chances of security breaches and vulnerabilities.

Download the whitepaper

Conclusion

Overall, ADE is a powerful and flexible solution for businesses and schools that need to deploy and manage a large number of Apple devices. Hexnode helps with Apple’s Automated Device Enrollment by providing a solution that simplifies the setup and management of Apple devices in the enterprise. Additionally, ADE enables easier configuration and security of devices in accordance with company or school policies, thanks to its automation capabilities and remote management features. It also provides greater control over a fleet of devices.

Share
     
Wayne Thompson

Product Evangelist @ Hexnode. Busy doing what looks like fun to me and work to others.

Share your thoughts

You May Also Like

What is Apple device supervision?

The role of UEM in managing app permissions on endpoints

Deployment vs provisioning: Are they the same?

Apple lost mode: Ensuring security on lost or stolen devices

Join readers from 120 countries