Category Filter

How to Add Devices to Apple DEP?

There are many ways to enroll an iOS device in an MDM. One of the ways is to register the device via the Device Enrollment Program (DEP). For that, you should first enroll your organization in DEP.

To add devices to Apple DEP, make sure that you have:

  1. A device bought directly from Apple or an authorized dealer on or after 1 March 2011 and running at least iOS 7.0.4, OS X 10.9 or tvOS 10.2,
  2. An iOS 11+ device can be directly enrolled in DEP using Apple Configurator 2.5 regardless of where and when the device is purchased.
  3. An iOS device that supports device enrollment.
  4. An APNs certificate setup for the MDM server to communicate with the device.

Steps to Add Devices to DEP

Obtain Server Token

Step 1: Obtain Server Token

To add devices in the DEP program, you need to obtain a server token from Apple.

  1. In the Hexnode MDM portal, go to Enroll > All Enrollments > No-Touch > Apple Business\School Manager to obtain the MDM DEP certificate.
  2. Click on Configure DEP Account.
  3. Provide an Account Name and download the certificate file Hexnode_Apple_DEP_cert.pem.
  4. Sign in to Apple Business Manager account.
  5. Click on Settings at the bottom left corner > Device Management Settings > Add MDM Server.
  6. Name the MDM server and upload the public key (the DEP certificate previously obtained) > Click Save.
  7. Click on Download Token > Download Server Token.

Finally, get back to the Hexnode console and upload the DEP server token.

Add Devices to Apple DEP

Step 2: Add Devices to Apple DEP

To add devices, go to the Apple Business Manager page.

  1. Click on Device Assignments.
  2. Either type in the device serial number or order number or upload a CSV file containing the device details in the Choose Devices section to add those devices in your organization’s DEP portal.
  3. Go to the Choose Action section and select the Assign to MDM Server option from the drop-down. Then choose the MDM server to which you need to assign the devices.

The details of assigned devices can be seen in the device assignment history, including the order number, the MDM server to which the device is assigned, assignment date and the device type.

Configure DEP Profile

Step 3: Configure DEP Configuration Profile

The DEP profile can be configured from the Hexnode console. Go to Enroll > All Enrollments > No-Touch > Apple Business/School Manager > DEP Configuration Profiles > Configure DEP Profiles (or edit existing DEP profiles by clicking on them).
Configuration parameters for the DEP profile:

  • Display name: A friendly name of the policy.
  • Department: Department name to which the devices are assigned.
  • Support Email Address: An email address for the users to request support during setup.
  • Support phone number: Contact number for users if they need help during setup.
  • Enroll Devices in MDM: Enabling this option prevents users from skipping the MDM profile removal during initial device setup screen.
  • Allow MDM Profile Removal: Check this to make the profile removable.
  • Enable Supervision: Check this to make the device supervised upon enrollment.
  • Allow iTunes pairing: Check this option to allow users to sync their devices with iTunes. Disabling this option will prevent every iTunes related actions. To re-enable it, the device will have to be wiped and re-enrolled.
  • Allow Shared Devices: Check this box to enable multiple users to share Apple School Manager deployed devices.
  • Enrollment authentication settings: Choose the authentication method to be used for enrollment. These settings will override the User authentication configured at Enroll > All Enrollments > No-Touch > Apple Business/School Manager. Two options are available:
    1. No authentication – When selected admin must choose the Domain and Default user.
    2. Use Global Authentication Settings – When this option is selected, the authentication mode as selected on Enroll > Settings > Authentication Modes is considered.
  • Configure user accounts: Check this to create an ‘Administrator’ user in Mac devices.
  • Don’t show the selected steps: With Hexnode you can have a customized setup experience for your DEP devices. Check the boxes corresponding to steps that you want to avoid during Apple devices’ setup.
    1. All DEP Devices
    2. iOS Only
    3. macOS Only
    4. tvOS Only

All DEP Devices

  • Apple ID: Hides the screen where an existing or a new Apple ID is required to be entered when the device is first set up.
  • Biometric: Skip the screen where you are asked to provide your biometrics if the device supports it.
  • True Tone Display: Skipping this prevents users from enabling four-channel sensors to adjust the white balance of the display dynamically.
  • Apple Pay: Skip Apple Pay setup screen.
  • Restore: Skipping this option prevents the users from restoring the device during device setup. Backup can be restored later. This option will set up the device as a new device. If this option is configured the device will be set as a new one.
  • Screen Time: Skip setting up screen time in the start-up window. Screen time gives you an insight on how much time you spend on your Apple device.
  • Appearance: This skips the Choose Your Look screen.
  • Diagnostic: Skip sending diagnostic information to Apple.
  • Location Services: This is the first setup screen where you can select the language and country. This step can be skipped by checking Location in Skip Steps.
  • Privacy: Checking this box prevents the user from seeing the privacy consent window.
  • Siri: Check the box to disable users from setting up Siri in the setup assistant screen.
  • Terms and Conditions: Skipping this step prevents users from seeing the Terms and Conditions windows to the user.

iOS Only

  • Move from Android: Skip this step to hide it from the users. Hiding it will prevent users from migrating from their Android devices.
  • Keyboard: When this is skipped, the keyboard setup pane will not get displayed.
  • Watch Migration: Disabling this block the users from migrating Apple Watch data during start-up.
  • iMessage and FaceTime: Skipping this prevents users from setting up iMessage and FaceTime in the Setup Assistant Screen.
  • Passcode: Hides the screen to set up passcode when the device is first set up.
  • SIM Setup: Skipping this disables the user from setting up SIM.
  • Onboarding: Skips on-boarding informational screens for user education.
  • Software Update: Skipping this disables the user from updating their iOS device to the latest version in the setup screen.
  • Home button Sensitivity: Skipping this prevents the user from adjusting the home button sensitivity in the setup screen.
  • Device to Device Migration: Skipping this step disables users from migrating data from their current iPhone to a new iPhone.
  • Zoom: Skip the step to use Zoom which shows larger text and controls. Zoom can be set up from the first setup screen.
  • Welcome/Get Started: Skipping this disables the user from viewing the Get Started screen.

macOS Only

  • FileVault: Checking this box disables the users from setting up FileVault during device startup.
  • iCloud Storage: Skips the iCloud storage setup windows.
  • iCloud Analytics: Skipping this would restrict the user from seeing the iCloud Analytics pane.
  • Registration: Skip the registration screen so that users don’t have to fill out the registration form and send it to Apple.

tvOS Only

  • Screen Saver: Skipping this prevents setting up screen saver in the setup window.
  • TV Home Screen Sync: Skipping this disables the user from syncing their Apple TV Home Screen layout with that of another Apple TVs’.
  • Where is this Apple TV?: Skipping this blocks user from selecting the room for the Apple TV.
  • Set Up your Apple TV: Skipping this step disable users from configuring Apple TV from QuickStart.
  • Sign In to Your TV Provider: Skipping this disables the user from signing into their TV provider.

Once the device is enrolled with DEP you have to reset the device for the DEP settings to pushed to the device from the MDM server. The device will restart and starts the activation process. During this process, iOS activation servers provide the device with the link of the MDM server. This link is provided by the organization through the MDM server DEP portal.

Renew DEP Server Token

The DEP server token is valid for a period of one year. Apple stores the public key permanently, so there is no need to upload a new public key to the Apple DEP website. Just click on Generate new token, and a new server token is created with the same public key.