Prior to iOS 11, only devices purchased directly from Apple or specific resellers could be used with the Apple Device Enrollment Program (DEP). With the release of iOS 11, it's possible to use Apple Configurator to add almost any device to your DEP account and then take advantage of DEP enrollment.
- A device running iOS 11 or higher or capable of accepting the upgrade
- Apple Configurator 2.5 or higher
- Administrative login to your institution's deployment account (DEP) or Apple School Manager (ASM). Your account should have permissions to manage devices.
- Create a Wi-Fi profile in Apple Configurator
- Create an organization and supervision identity in Configurator
- Create an entry for Securly MDM server in Configurator
- Prepare the iPad using Configurator, which also adds it to DEP
- Assign the device to the TechPilot MDM server in ASM
- Resync DEP in Control Tower
- Enroll the device into TechPilot via DEP
1. Create a Wi-Fi profile
From Apple Configurator 2.5 or greater, choose New Profile from the File menu.
Chose Wi-Fi from the list of profile types on the left, then click the Configure button on the right.
Choose Save from the File menu
Give the Wi-Fi profile a name that's easy to recognize, choose a location, and click Save.
2. Create an organization and generate (or choose) a supervision identity
Choose Preferences... from the Apple Configurator 2 menu.
Click the Organizations icon at the top of the window, then click the + button to add a new one
Sign in to the Apple School Manager using an account assigned to a role that has privileges to manage devices.
Select the option to generate a new supervision identity, then click Done.
You should now see an entry for your organization in the column on the left. You can now close the Organizations window. Note that you will see your own organization name rather than "TabPilot" as shown in the screenshot below.
3. Create an entry for Securly MDM Server
Choose Preferences... from the Apple Configurator 2 menu.
Click the Servers icon at the top of the window, then click the + button to add a new one
Enter a name for the server. We recommend "Securly MDM Server". For the host name, enter ct.techpilotlabs.com. Click Next.
You should now see the new server entry in the column on the left. Close the Servers window.
4. Prepare the iPad using Configurator
This step prepares the iPad and also adds the device.
Connect the iPad to your computer. If prompted, choose "Trust" on the iPad.
In Configurator, right-click on the iPad and choose Prepare or choose Prepare from the Actions menu.
Use "Manual Configuration" and check only the boxes for "Add to Device Enrollment Program" and "Allow devices to pair with other computers." Click Next.
For server, the name of the server you created in the earlier step should already be selected. Click Next.
For Organization, the name of the organization you created in the earlier step should already be selected. Click Next.
Configure iOS Setup Assistant. For this step, there's no need to select options because the setup assistant options configured in the DEP setup area of Control Tower will be used instead. Click Next.
Choose the network profile that you created and saved in the earlier step. Click Prepare.
If your device was previously supervised through Apple Configurator, you might receive a warning that that the device has already been prepared. If so, click Erase.
During preparation, Configurator will check that the version of iOS is at least iOS 11. If it's not, you'll be prompted to update it. You can click the Update button to have Configurator install the iOS update.
During step 2 of 2: activating iOS on the device, the device will reboot and display the Hello screen. At this point, DO NOT press home to unlock yet! After a moment, the device will reboot again.
4. Assign the device to the TechPilot MDM server in ASM
At this point, the device should now be available in your DEP account. To verify, login to ASM and choose MDM Servers from the menu. Notice that a new serve was automatically added called "Devices Added by Apple Configurator 2" which should now show at least 1 Device. Click on this server entry to see the details. You might wish to download the CSV file with the serial number(s) of the device(s) to make device assignment easier in the next step.
Choose Device Assignments from the menu. Enter the serial number of the new device. Set the action to "Assign to Server" and choose your Securly MDM server from the selector. Click Done.
If successful, the Assignment Complete window will display.
Resync DEP in Control Tower
Force your DEP account to re-sync so that it recognizes the newly added DEP device(s) by clicking the Save button at the bottom of the DEP configuration screen.
Enroll the device into Securly MDM via DEP
Now that the device is in your DEP account and Securly MDM recognizes that it will enroll, you begin the normal DEP enrollment process. However, since we already have a Wi-Fi profile for the device that was used earlier to get the system to add the device to DEP, we recommend that you install that same profile onto the device while it's still connected to Apple Configurator to automatically configure Wi-Fi on the device and save the step of manually connecting to Wi-Fi during enrollment.
To do this, simply drag the Wi-Fi profile you created earlier onto the device in Configurator.
After a few moments, the top bar of the iPad should show the Wi-Fi connection symbol.
Press Home button on the Hello screen and select a country.
You'll see the message "Retrieving configuration" for a moment.
The Remote Management screen will appear. Choose Next.
You will see a message that your organization will automatically configure your iPad. Choose Next.
Only setup assistant options enabled through DEP settings in CT will display.
When the process is finished, your iPad is enrolled!