Hexnode’s global user conference is set to raise the roof.

Register Now
30 DAY FREE TRIAL

No Search Results

No Search Results

30 DAY FREE TRIAL
  1. Help Center
  2. Hexnode Integrations
  3. Apple Business Manager

Category filter

Add iOS 11+ Devices to DEP Using Apple Configurator 2.5

Prior to iOS 11, Apple allowed only the devices purchased directly from Apple or authorized resellers to be enrolled in Apple’s Device Enrollment Program (DEP). But now you can add any Apple devices running iOS 11 or later using Apple Configurator (v2.5 or later) to your DEP account and then take advantage of Apple Business/School Manager enrollment.

Pre-requisites:

  1. Ensure that you are already registered in Apple Business Manager (ABM) / Apple School Manager (ASM). Make sure to link this account with Hexnode UEM.
    • You should have at least one device purchased directly from Apple / participating Apple Authorized Resellers or carriers.
  2. A subscription to either of the Hexnode MDM pricing plans, Pro, Enterprise, Ultimate or Ultra pricing plan.
  3. While adding the device to DEP, it requires to be wiped and reset. So, ensure that you back up the device via iTunes or iCloud.
  4. You need to turn off Find my iPhone from the device to disable Activation Lock.
  5. Ensure that the device is running iOS 11 or later, and the Apple Configurator is v2.5 or later.

Jump To

Create a Wi-Fi profile

Follow the below steps to create a Wi-Fi profile in Apple Configurator:

  1. Open Apple Configurator.
  2. From File → New Profile → Wi-Fi, select Configure.
  3. Enter the SSID, security type, password, and any other relevant settings required to connect to your Wi-Fi network.
  4. Click Save from the File menu.

Create a Blueprint

Blueprints are templates used for configuring profiles and applications and assigning them quickly to devices. To create a blueprint,

  1. Open Apple Configurator, go to BlueprintsEdit BlueprintsNew. Provide a suitable name for the blueprint.
  2. Select the newly created blueprint, click Add > Profiles. Select the Wi-Fi profile created earlier and click Add.

Prepare the Blueprint

  1. Select the blueprint and then click on Prepare.
  2. Use Manual configuration.
  3. Make sure to check the option ‘Add to Device Enrollment Program’. Then, choose from the following options:
    • Activate and complete enrollment: Uncheck this setting if you have a new or existing device that requires unique user authentication to enroll in MDM and the user must complete the device enrollment. You can enable this setting to manage all the Setup Assistant panes so that the user gets a device ready for use.
    • Supervise devices: This option will be automatically selected when the option ‘Add to Device Enrollment Program’ is enabled. Supervised devices unlock additional management capabilities, mainly intended for corporate-owned devices.
    • Allow devices to pair with other computers: Enable this option to allow users to sync devices with a Mac or PC using a USB cable.
  4. Click Next. Add a new MDM server or select it from the list if you’ve added it previously in Apple Configurator 2 preferences.
    • To add a new server, select New Server. Click Next.
    • Enter a name for the server. On the ‘Host name or URL’ field, enter the enrollment URL provided in your Hexnode portal at Admin > Configurator Enrollment or Enroll > Platform-Specific > iOS > Apple Configurator.
  5. The required anchor certificates will be automatically added. Click Next.
  6. Next, you can create a new organization or select an already created organization.
    • To add a new organization, select New Organization. Click Next.
    • Sign in to your Apple Business Manager or Apple School Manager account. Note that this account should have administrative permissions to manage devices.
    • Select Generate a new supervision identity and click Next.
  7. From the Setup Assistant screen, select the steps to be shown to the user. In case you need to skip all the steps in Setup Assistant, select the ‘Don’t show any of these steps’ option. Click Prepare.

Apply blueprint to enroll iOS 11+ devices in Apple DEP

The blueprint prepared on Apple Configurator can be pushed to the target devices by following the below steps:

  1. Connect the iOS device to the Mac.
  2. Once connected, the device will appear on Apple Configurator. Highlight the device by clicking on it.
  3. Navigate to Blueprints and select the newly prepared blueprint. Click Apply.
  4. If the device has been previously prepared, you will be prompted to erase the device.

The blueprints will be pushed, and the device will be added to DEP.

Is your iOS device added to DEP?

To verify that your device is added to DEP,

  1. Sign in to Apple Business Manager (ABM) / Apple School Manager (ASM).
  2. Navigate to Devices. Choose the filter type as Source and then select Manually Added > Apple Configurator. From the list of available devices, you can verify whether your iOS device is added to DEP or not.

add iOS devices to Device Enrollment Program (DEP) using Apple configurator

Assign the added DEP devices to the Hexnode MDM server

Perform the following steps to assign the DEP devices to the MDM server:

  1. Log in to your Apple Business Manager or Apple School Manager account.
  2. Select Devices. Search and select the required devices from the list and click on the database icon.
  3. Next, click the Choose device management pop-up menu and select the MDM server to assign the devices with that server.

Assign the added DEP devices to the Hexnode MDM server

On your Hexnode MDM portal, navigate to Enroll > All Enrollments > No-Touch > Apple Business/School Manager. You’ll find the devices under DEP Devices. If the devices do not appear here, click Sync with DEP to sync with Apple Business Manager or Apple School Manager.

Apple Configurator enrollment (DEP) of iOS devices using MDM

30-day Provisional Period

A device added in Apple DEP via Apple Configurator will behave as a provisionally managed device during the initial 30-days of deployment. This means that the device will take 30 days to transform into an actual DEP enrolled device. This enables the users to remove the MDM management from the device during this 30-day period irrespective of the DEP Profile configurations. During this provisional period, the device will show a banner on the lock screen notifying the users that the device is managed and they can leave remote management from the Settings app. After 30 days, both the banner and the option to leave remote management will disappear from the device, and users will no longer be able to remove remote management.

Note:

  • The ‘Remove Management’ option (Settings > General > Device Management > Remove Management), which appears when you try to uninstall the MDM profile from a device, will remain enabled on your device throughout the 30-day provisional period even if the ‘Allow MDM Removal’ option is disabled on the DEP Policy (Enroll > All Enrollments > No-Touch > Apple Business/School Manager > DEP Policies).
  • You can also remove the endpoint management on wiping the device during the provisional period. After the device wipe, click on Leave Remote Management on the Remote Management setup wizard for removing the management.

    • Remove device management from iOS device

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Hexnode Integrations