Articles in this section

See more

Use Apple Configurator 2.5 to enroll iOS devices in DEP

Avatar
Garrett Denney
Updated

With a new update to Apple Configurator (v2.5 and later), you can now add iOS devices to your Apple Device Enrollment Program (DEP) account regardless of where they were purchased.

If you already use DEP and want to Supervise iOS devices that were purchased outside the DEP program, this workflow allows you to enroll any iOS device into DEP and then into Jamf Now.

 

Setup

  • You will need to register via Apple's DEP portal. You will also need to link your DEP account with your Jamf Now account. For details on that process, click here.
  • Adding a device to DEP requires that you wipe and reset the device. Be sure to backup the device prior to adding it to DEP by using iCloud or iTunes.
  • Before starting this process, turn off Find My iPhone from the Settings app to disable Activation Lock. This will save you a step when it comes to activating the iOS device.
  • Finally, make sure you are connected to Wi-Fi before beginning this tutorial.

 

Tutorial

Please note: This guide assumes that your iOS devices are running iOS 11 or later and that you are using Apple Configurator v2.5 or later.

1. Connect your iOS device to a Mac by using a Lightning-to-USB cable.

2. If prompted, tell the device to trust the computer.

tutorial_1.jpg

3. Open Apple Configurator:

  • Verify that the device is displayed and that it is not currently Supervised.
  • Make a note of the device's serial number (available from the Info view in Apple Configurator). This will come in handy later.

4. Select the device and click Prepare.

5. In the Prepare Devices dialogue:

  • Select "Prepare with Manual Configuration."
  • Select "Add to Device Enrollment Program."
  • Do not select "Activate and Complete Enrollment."
  • "Supervise Device" will automatically be selected. Leave it selected.
  • Select "Allow devices to pair with other computers." (This setting is optional, but recommended)
  • Do not select "Enable Shared iPad."
  • Then click Next.

tutorial_2.png

6. In the Enroll in MDM Server dialogue box:

  • If this is your first time using Apple Configurator, select New Server.
  • If you have previously used Apple Configurator, select your MDM server from the list.
  • Then click Next.

7. In the Define an MDM Server dialogue box:

  • Enter a display name for your server (ex: "Acme MDM").
  • Enter your Jamf Now Enrollment URL.
    • You can verify your Enrollment URL by logging into Jamf Now, clicking on Open Enrollment and verifying the URL under the Open Enrollment Link section.
    • This URL is unique to your account.
  • Your MDM URL will be https://OpenEnrollmentDomainHere-mdm.jamfcloud.com/mdm/ (domain can  be found under Open Enrollment Settings page)

OpenEnrollmentDomain.png

  • When you next use Apple Configurator, your unique URL will be available from a selectable list.
  • Click Next.

8. You will be prompted to Add trust anchor certificates for the MDM server. To do so:

  • Confirm that you see the following: *.jamfcloud.com
  • Select it, then click Next.

9. Sign into Apple's DEP portal.

  • Be sure to use the same Apple ID that you used to enroll in DEP.
  • You may be prompted to verify your identity with two-factor authentication.

10. Generate or choose a Supervision Identity:

  • If this is your first time using Apple Configurator, select Generate a new supervision identity.

11. Select which setup steps you want to show on the device.

  • Be sure to test this workflow with a few users to make sure that your current configuration is correct.

12. Connect to Wi-Fi.

  • If you have not connected to Wi-Fi yet, do so now. Wi-Fi is required to complete the following steps.

13. Press Prepare.

  • If your device is already set up, you will be prompted to erase the device.
  • You may be prompted to enter your Apple ID password for the DEP account you used in Step #9.
  • The device will reboot and be added to your DEP account. This may take several minutes.
  • Once the "Hello" screen is displayed, it can be left as is for now.

14. Login to https://deploy.apple.com and assign the DEP device to the MDM server that's synced with Jamf Now.

  • * You can skip this step if you set up your MDM server in DEP with the option to Automatically Assign New Devices selected.
  • Search the device serial number in the DEP portal.
  • Select the MDM server in the Assigned To box.

15. Confirm that the device appears under the DEP > Devices tab in Jamf Now.

  • In the case that the device does not appear under DEP > Devices immediately, the "Sync DEP Devices with Apple" button can be used to sync with deploy.apple.com

16. On the device, go through the iOS setup steps.

  • When you see Remote Management displayed, you'll know that DEP enrollment is working. Congrats!

Finish the enrollment steps and your iOS device will be enrolled in Jamf Now as a Supervised DEP device. Happy managing!

 

 

Pro Tip: Provisional Management

banner.png

When you add an iOS device to DEP using Apple Configurator, the device is provisionally managed.

Provisional management means that the device will give the user the ability to leave remote management for the first 30 days of management. During that period, a user will see a banner notifying them of the updated management state and will be able to remove MDM management in the Settings menu.

After 30 days, provisional management will end, the banner will disappear, and the user will no longer be able to opt out of MDM management.

Related articles