With the Apple Device Enrollment Program (DEP), company-owned Apple devices can be automatically enrolled to Miradore when performing the initial setup or after a factory reset.
During the process, the device is connected with the management solution and the device is automatically configured according to the company policy defined by administrators in Miradore. This can include for example the installation of desired apps and the configuration of settings, such as enabling the Supervised mode, enforcing a passcode policy or blocking the removal of the management profile from the device. Thanks to the automation, there's no need for IT to physically handle the devices.
For more information about DEP, check out Apple's web pages.
Also see our webinar recording where our Senior Technical Specialist explains what is Apple Device Enrollment program, how it works, what are the benefits of using it, and of course how would you set it up for your Miradore site.
Apple Device Enrollment Program works on these devices:
- iOS devices with iOS 7 or later
- Mac computers with macOS 10.9 or later
The main steps required for Apple DEP to work are:
1) Enroll your company to Apple Device Enrollment Program.
2) Provide an Apple Authorized Reseller that participates with the program with your DEP Customer ID (a.k.a. organization ID).
3) Add the reseller's ID to your Apple Business Manager. You can add reseller IDs from Settings > Organization settings > Device management settings by editing the Customer numbers field.
See Apple's documentation for more instructions.
4) Configure DEP in Miradore.
5) Purchase new devices from the Apple Authorized Reseller or directly from Apple and assign the purchased devices to your Miradore site.
How to enroll your company to the Apple Device Enrollment Program
To enroll your company to Apple DEP, follow the instructions in the Apple DEP Guide chapter Enroll in Apple Deployment Programs.
An Apple ID is needed for enrolling to DEP and configuring it requires:
- An email address not previously registered to an Apple ID
- An Apple Customer Number or a DEP Reseller ID
- DUNS number of your company
In return for enrolling your company to Apple DEP, you will receive a DEP Customer ID. An Apple Authorized Reseller that participates in the program must be provided with the DEP Customer ID. New devices must be purchased either directly from Apple or through one of the Apple Authorized Resellers.
How to set up DEP in Miradore
In Miradore, the configuration is done using a DEP configuration wizard. Go to System > Infrastructure diagram and from Apple Device Enrollment Program, select Configure. Follow the instructions in the wizard. When you are using Apple Business Manager, please check these instructions.
Note! Apple Push Notification Service needs to be configured prior to configuring DEP.
Summary of steps in the DEP configuration wizard:
1) Download the public key certificate of your Miradore site.
2) Upload the public key certificate to Apple's DEP service.
3) Download the DEP authentication token from Apple's DEP service.
4) Upload the DEP authentication token to Miradore.
5) Set up the desired enrollment settings. The settings can be modified later.
Also, check our webinar video which demonstrates how to configure and use the Apple Device Enrollment Program with Miradore.
How to assign devices to DEP
After Apple DEP has been configured successfully, devices need to be assigned to DEP.
First, assign devices to an MDM server in the Apple DEP/Business Apple Manager web service. If you have set one as the default server, the assignment will be done automatically for new devices.
Then, assign an enrollment profile to the devices in Miradore.
When a new device is purchased, Apple DEP web service administrators will get an email of the new device from Apple. After the device has been assigned to the Miradore MDM server, it will be shown on Enrollment > Apple DEP page in Miradore.
From the Apple DEP page, you can select which devices will be enrolled to your Miradore site. Select the devices and click Actions > Assign enrollment profile.
Enrollment tags can be defined when assigning enrollment profile to devices. The assigned tags will be used for devices that will be enrolled via DEP.
Devices will be enrolled using DEP during the initial device setup. The device can be re-enrolled by wiping the device and running the initial setup again.
Note: If DEP enrollment profile settings are modified, the enrollment profile is updated to all devices to which the enrollment profile has been earlier assigned.