Enrollment of Apple devices through DEP
The Device Enrollment Program (DEP) is a legacy deployment program by Apple. Apple has combined DEP and VPP (Volume Purchase Program) into a single portal known as Apple Business Manager (ABM). Apple also has Apple School Manager (ASM) to manage devices in an educational institution. An organization must upgrade to ABM or ASM to continue using the DEP program. It can be upgraded to ABM by using its existing Apple Deployment Programs Agent account to log in to business.apple.com and then following the on-screen instructions.
ABM helps in deploying devices in bulk by automatically applying settings and configurations upon the initial device start-up, making it ready for use right out of the box. Over-the-air supervision of iOS devices is possible only if these devices are enrolled in ABM. ABM provides a unified interface to enroll and supervise enterprise-owned Apple devices. ABM requires an MDM solution to supervise it remotely.
Configuring DEP with Hexnode
- Log in to your Hexnode portal.
- Go to Enroll > Platform – Specific > iOS/macOS/tvOS >Apple Business/School Manager.
- Click Next.
- Enter a name for the DEP account and download the certificate file.
- Go to Apple Business Manager and sign in to your account.
- Click on the account name at the bottom of the left side panel and navigate to Preferences > MDM Server Assignment.
- Click Add MDM Server.
- Provide an MDM Server Name and upload the Certificate file you downloaded in Step 4.
- Click on Save and then click Download Token to download a new server token. After downloading the token, you’ll need to upload it to the Hexnode server.
- Go back to the MDM DEP settings page and upload the token you have just downloaded. Then, configure the below options:
- Add as Pre-approved device: Enable this option to add the DEP devices as pre-approved devices.
- Default Configuration Profile: Select an already created DEP profile, or you can also create a new DEP configuration profile.
- User authentication: Choose the type of user authentication required. You will have the following options to choose from:
- Use global authentication settings: When this option is selected, the authentication mode as selected under Enroll > Settings > Authentication Modes is considered.
- No authentication: When selected, the admin must choose the Domain and Default user to assign a default user for the devices.
Assign devices to the Hexnode server
Perform the following steps to assign the DEP devices to the MDM server:
- Log in to your Apple Business Manager account.
- Click Devices. Search and select the required devices from the list. You can filter devices based on their source, order numbers, device types, etc. Then, click on Edit MDM Server.
- Next, click on Assign to the following MDM option and select the MDM server to assign the devices to that server.
Once you’ve assigned devices, you can view several device assignment details in ABM such as serial numbers, order numbers, date of assignment, name of the MDM server, the total number of devices, and so on. On your Hexnode UEM portal, the assigned devices will be listed under Enroll > All Enrollments > No-Touch > Apple Business/School Manager > DEP Devices. If the devices do not appear here, click Sync with DEP to sync with Apple Business Manager.
What happens at the device end?
The configuration settings associated with the device are deployed as soon as the device starts up. Once the user turns on the device, the Apple server pushes the DEP configuration profile associated with the device. It initiates device enrollment. For devices already in use, these configurations will be applied after the factory reset. Thus, you have to perform a factory reset on an already activated device to get it enrolled in MDM.