The process of adding devices to Device Enrollment Program (DEP) is explained here. To add devices to Apple DEP, make sure that you have:
- A device bought from Apple or an authorized dealer, on or after 1 March 2011 and running at least iOS 7.0.4 or OS X 10.10,
- An MDM server supporting iOS devices,
- Enrolled in DEP, and
- Setup APNs certificate (for the MDM server to communicate with the device).
Step 1: Obtain Server Token
Now that you are enrolled in DEP, you can add devices to the program. Before adding devices, you need to obtain a server token from Apple.
- Obtain the DEP certificate from a Mobile Device Management (MDM) console. In the case of Hexnode MDM, a DEP certificate is obtained from Admin tab > DEP > DEP Settings, and click on dep_cert.pem.
- Sign into Apple Deployment Programs account (recommend opening in a new tab).
- Go to Manage Servers > Add MDM Server, provide a name and upload the public key (the DEP certificate previously obtained).
- Download the server token.
Finally, get back to the Hexnode MDM console and upload the DEP server token.
Step 2: Add Devices to Apple DEP
Now, it is time to add devices. In Apple DEP web page, under Manage Devices, there are two steps in which you can enroll devices.
- Choose Devices By: There are three options in this section – Serial Number, Order Number, and Upload CSV File. Devices can be enrolled to this server either by providing the devices’ serial numbers or by providing the purchase order number. A CSV file can also be uploaded containing the list of serial numbers of those devices needed to be enrolled.
- Choose Action: In this section, select Assign to Server option from the first drop-down box, and select the MDM virtual server from the second list, to which you need to add the devices.
After enrolling devices in DEP portal, the details of assigned devices can be seen in the device assignment history, including order number, the MDM server to which the device is assigned, assignment date and the device type.
Step 3: Configure DEP Policy
The DEP policy can be configured from the Hexnode MDM console. Go to Admin tab > DEP > DEP Policy > Add Policy (or edit existing DEP policies by clicking on them). The policy page contains some text boxes and checkboxes. Text boxes includes:
- Display name: Any name that is used to distinguish this DEP policy from other DEP policies.
- Department: Used to mention a group.
- Support phone number: A phone number provided to the users in case they have any doubts regarding DEP enrollment.
Check boxes include the following. The actions performed when checked is explained below:
- Mandatory: Users are required to complete the enrollment before setup.
- Supervised: Make the device a supervised one. Making a device supervised unlocks additional options of device management that cannot be provided by an ordinary MDM server. To know what the additional features are, go to https://www.hexnode.com/mobile-device-management/ios-supervised-mode/.
- Allow Pairing: The device can be paired with a computer to sync content.
- Removable: Determines whether the MDM profile installed on the device can be manually removed.
- Is Multi-User: A multi-user is a user who has more than one device registered with DEP.
- Skip Steps: Skip setup steps of the following
- Location: This is the first setup screen where you can select the language and country. This step can be skipped by checking Location in Skip Steps.
- Restore: When the device is reset, checking this option will skip restoring the device back from backup. Backup can be restored later. This option will set up the device as a new device.
- Apple ID: Hides the screen where an existing or a new Apple ID is required to be entered when the device is first set up.
- TOS: The device agrees to the terms of service and conditions automatically.
- Diagnostic: Skip sending diagnostic information to Apple.
- Siri: This setup step, that can be skipped using DEP, prompts whether to use Siri.
- Passcode: Hides the screen to set up passcode when the device is first set up.
- Registration: Skip registration screen.
- Biometric: Skip the screen where you are asked to provide your biometrics if the device supports it.
- Payment: Skip Apple Pay setup screen.
- Zoom: Skip the step to use Zoom which shows larger text and controls. Needs iOS 6 or above for this feature. Zoom can be setup from the first setup screen.
- FileVault: Skip FileVault setup screen.
Once the devices are enrolled with DEP, DEP settings needs to be pushed to the device from the MDM server. To do this, reset the device. The device will restart and starts the activation process. During this process, iOS activation servers provide the device with the link of MDM server. This link is that provided by the organization through MDM server DEP portal.
Renew DEP Server Token
The DEP server token is valid for a period of one year. Apple stores the public key permanently, so there is no need to upload a new public key to Apple DEP website. Just click on Generate new token, and a new server token is created with the same public key.