With the Apple Device Enrollment Program (DEP), company-owned Apple iOS devices can be automatically enrolled to Miradore Online when performing the initial setup.
Before iOS 11, Apple allowed only the devices purchased from Apple or Apple authorized resellers to be added in Apple Device Enrollment Program (DEP). In iOS 11 that restriction has been lifted and now it's possible to add any Apple devices running iOS 11 or later to Apple DEP using Apple Configurator 2.5, no matter where the devices have been purchased.
The configurator enrollment has a grace period of 30 days. During this time, the device user will see an option for removing the device both from the mobile device management as well as from the Apple DEP. Once the grace period has passed, the option disappears from the device end and the device becomes locked to the DEP. After that, only administrators can remove the device from the DEP.
Before you start
- You need a Mac with Apple Configurator 2.5 or newer and an USB connection to the iOS 11 device
- Make sure your device runs iOS 11 or later
Steps for enrolling an iOS 11 device to Apple DEP with Apple Configurator 2.5
This webinar walks you through the entire enrollment process, but if you prefer written instructions, you can find them below.
- Connect the device to the Mac with an USB cable.
- Prepare a Wi-Fi profile, which will be pushed to the device later. Start doing this by choosing File > New Profile. Then select Wi-Fi and configure the settings.
- Right-click on the device on and click Prepare.
- In the wizard, select Manual configuration and Add to Device Enrollment Program. Also uncheck Activate and complete enrollment.
- When asked to choose an MDM server, define one by giving the name Miradore Online and using the URL https://gateway.miradore.com. After hitting next, you'll see the certificates fetched from that site. Continue by hitting Next again.
- Next you're asked to sign in to the Device Enrollment Program with an Apple ID that has access to the DEP portal.
- Choose to generate a new supervision identity.
- Next you'll be asked to configure the iOS Setup Assistant, but you can skip this step and proceed with next, because you can later set these settings in Miradore Online after which they will become effective through Apple DEP.
- Choose the Wi-Fi profile that you created before in the second step, and click Prepare. Before doing that, however, make sure that you don't have any Apple ID defined in the device, because if there is, the preparation will fail, and the device gets locked down.
- The iPad preparation takes a few minutes after which the device should appear into the DEP portal, so wait until the iPad preparation is complete.
- Once ready, navigate to https://deploy.apple.com/ and sign in.
- In the portal, go to the Device Enrollment Program tab. There you should see the device that you just added.
All the devices added to DEP with Apple Configurator will automatically appear under MDM server "Devices Added by Apple Configurator 2". There is no way you can make them assigned automatically to any other MDM server you have there in the DEP portal. So you need to assign those devices manually to the correct MDM server. One way to do this is to download the serial number CSV and then under "Manage devices" upload that CSV and select "Assign to Server" for all of those at once.
- Download the serial numbers using the link and copy the device's serial number from the csv file to the clipboard.
- Then navigate to the Manage Devices tab where you need to paste the serial number to the Serial Number field, choose your MDM server to the Choose MDM Server selector and click OK to assign the device to the selected MDM server.
- Next, login to your Miradore Online site at: https://login.online.miradore.com/Login and go to the Enrollment > Apple DEP view. Click the Update button and choose whether you want to update all devices or just the new and changes ones. After that, you should be able to see the device listed in the view.
- Select the new device from the view and assign an enrollment profile to the device by choosing Actions > Assign enrollment profile. When doing this, you can add tags for the device if you want to. Dep tag is added automatically.
- If you want, you can check the enrollment profile settings by using the Enrollment profile settings action. There, you can choose how the device is configured during the DEP enrollment. For example, you can enable Supervised mode and deny the MDM profile removal.
- At last, factory reset the device and enroll it to Miradore Online using the setup wizard as follows: Select language > Select your country or region > Set up manually > Choose a WiFi network > Next (in the Remote Management screen).
Soon, you should be taken to the home screen and you can start to use the device. Of course, it still may take some minutes before the device finishes up all the assigned installations. In Miradore Online, you should be able to see the device in the Devices view. One thing that you still might need to do, is to assing a user for the device on the Device page.
Please send comments to firstname.lastname@example.org.