How to enroll an Apple device in the Device Enrollment Program using Apple Configurator 2

4 min read

by Mosyle Team

@mosyle_biz

How to enroll an Apple device in the Device Enrollment Program using Apple Configurator 2

Managing a fleet of Apple devices can seem like a daunting process, especially when those devices are not enrolled in the Device Enrollment Program (DEP), which can sometimes be the case for businesses and organizations.

Enrolling your iOS or tvOS devices into DEP, that now is part of Apple Business Manager (ABM), can make your device deployment and management easier for your business, by providing you the zero-touch deployment with the integration with an Apple device management solution.

This workflow is relatively new in the Apple management landscape. Until iOS 11 and tvOS 11, only the devices purchased directly from Apple, a participating Apple Authorized Reseller, or a cellular carrier could be enrolled in DEP. But now, IT administrators are able to add these devices into DEP with Apple Configurator 2 running at least the 2.5 version.

Apple Configurator 2 is a free application available for Mac computers only which gives you several options such as device configurations and operations, the supervision process and enrollment into DEP.

In this article, we’ll tell you more about the enrollment process with Apple Configurator 2 (AC2) and how you can add your iPhone, iPad and Apple TV devices into DEP through ABM. We’ll provide you with the step-by-step process so you can rest assured that your devices are enrolled and assigned properly.

There are two ways in which this enrollment method differs from the usual method. When you enroll the devices into DEP using Apple Configurator 2, there is a 30-day provisional period and the devices are always supervised with mandatory MDM management.

What is the DEP 30-day provisional period?

Once the device is enrolled into DEP using this enrollment method, the 30-day provisional period begins. This means that, any devices added to DEP can be erased from enrollment, supervision, and MDM by the user during this period only. The provisional period is indicated by the lock screen and setup assistant.

After 30 days have gone by since the provisional period originally started, the user can no longer remove the device from the DEP. That’s why it’s important to ensure that the correct devices are enrolled and maintained within DEP.

Enrolling a device into DEP using Apple Configurator 2

When you enroll a device using this method, note that the device is always supervised and MDM management is mandatory - which will require a wipe of the iOS device. Using Apple Configurator 2, you can use the skip keys in the Setup Assistant during DEP configuration.

Step-by-step for enrolling the iOS or tvOS device into DEP using AC2

1. Download and open the most up to date version of Apple Configurator 2 on your Mac device. Plug your iOS device(s) into the Mac, select the device(s) on AC2 and click Prepare from the menu at the top.

2. Choose Manual Configuration, select Add to Device Enrollment Program and then click the Activate and Complete Enrollment option. Remember that with this enrollment method, supervision is mandatory.

Quick tip: when you deselect the option to Allow devices to pair with other computer, users will not be able to connect the device to any other computer aside from the one being used for device preparation. When finished, click Next. Then, select to enroll in a New Server and click next.

3. You will then be prompted to Define an MDM Server, which means you can name the MDM server. Use something simple, such as Mosyle MDM.

4. Next, you will see the trust anchor certificates associated with Mosyle Business. Click next and you’ll be prompted with the option to Supervise Devices, which is required in this case.

5. Enter your DEP Credentials (Apple ID and password) and click Next.

6. Choose to Generate a new supervision identity and click Next.

7. Once the device has restarted, select Setup Assistant, steps you can skip and, from the dropdown menu, choose if you want to “Show all steps,” “Show only some steps,” or “Do not show any steps.” We suggest always showing “Location Services.”

8. Then, choose the Network Profile. After creating the profile, you can download the Wi-Fi payload by navigating to Management > WiFi Authentication within Mosyle Business and downloading the file which you can then upload in AC2.

9. When you’re done, click Prepare.

Once the devices have been prepared using Apple Configurator 2, open your Apple Business Manager account and assign the devices to the MDM server. Learn more about device assignment with Apple Business Manager and Mosyle Business by signing up for a 30-day free trial today!