Using Apple Configurator to add devices to DEP

Follow

Prior to iOS 11, only devices purchased directly from Apple or specific resellers could be used with the Apple Device Enrollment Program (DEP).  With the release of iOS 11, it's possible to use Apple Configurator to add almost any device to your DEP account and then take advantage of DEP enrollment.

Requirements

  • A device running iOS 11 or higher or capable of accepting the upgrade
  • Apple Configurator 2.5 or higher
  • Administrative login to your institution's deployment account (DEP) or Apple School Manager (ASM).  Your account should have permissions to manage devices.

Steps

  1. Create a Wi-Fi profile in Apple Configurator
  2. Create an organization and supervision identity in Configurator
  3. Create an entry for Securly MDM server in Configurator
  4. Prepare the iPad using Configurator, which also adds it to DEP
  5. Assign the device to the TechPilot MDM server in ASM
  6. Resync DEP in Control Tower
  7. Enroll the device into TechPilot via DEP

1. Create a Wi-Fi profile

From Apple Configurator 2.5 or greater, choose New Profile from the File menu.

Chose Wi-Fi from the list of profile types on the left, then click the Configure button on the right.

 

Enter the SSID for your Wi-fi, choose the appropriate security type and password as well as any other relevant settings to connect to your Wi-Fi.

 

 Choose Save from the File menu

    Give the Wi-Fi profile a name that's easy to recognize, choose a location, and click Save.

 

2. Create an organization and generate (or choose) a supervision identity

Choose Preferences... from the Apple Configurator 2 menu.

Click the Organizations icon at the top of the window, then click the + button to add a new one

 

Click Next

Sign in to the Apple School Manager using an account assigned to a role that has privileges to manage devices.

Select the option to generate a new supervision identity, then click Done.

You should now see an entry for your organization in the column on the left.  You can now close the Organizations window. Note that you will see your own organization name rather than "TabPilot" as shown in the screenshot below.

 

3. Create an entry for Securly MDM Server

Choose Preferences... from the Apple Configurator 2 menu.

Click the Servers icon at the top of the window, then click the + button to add a new one

Click Next.

Enter a name for the server.  We recommend "Securly MDM Server".  For the host name, enter ct.techpilot.com.  (note, the screenshot below shows our old name of "tabpilot" instead of "securly", but they both work.  Click Next.

You should now see the new server entry in the column on the left.  Close the Servers window.

 

4. Prepare the iPad using Configurator

This step prepares the iPad and also adds the device.

Connect the iPad to your computer. If prompted, choose "Trust" on the iPad.

In Configurator, right click on the iPad and choose Prepare or choose Prepare from Actions menu.

 

Use "Manual Configuration" and check only the boxes for "Add to Device Enrollment Program" and "Allow devices to pair with other computers." Click Next.

For server, the name of the server you created in the earlier step should already be selected. Click Next.

For Organization, the name of the organization you created in the earlier step should already be selected.  Click Next.

Configure iOS Setup Assistant. For this step, there's no need to select options because the setup assistant options configured in the DEP setup area of Control Tower will be used instead.  Click Next

Choose the network profile that you created and saved in the earlier step.  Click Prepare.

If your device was previously supervised through Apple Configurator, you might receive a warning that that the device has already been prepared.  If so, click Erase.

During preparation, Configurator will check that the version of iOS is at least iOS 11.  If it's not, you'll be prompted to update it.  You can click the Update button to have Configurator install the iOS update.

During step 2 of 2: activating iOS on the device, the device will reboot and display the Hello screen.  At this point,  DO NOT press home to unlock yet!  After a moment, the device will reboot again.

4. Assign the device to the TechPilot MDM server in ASM

At this point, the device should now be available in your DEP account.  To verify, login to ASM and choose MDM Servers from the menu.  Notice that a new serve was automatically added called "Devices Added by Apple Configurator 2"  which should now show at least 1 Device.  Click on this server entry to see the details.  You might wish to download the CSV file with the serial number(s) of the device(s) to make device assignment easier in the next step.

Choose Device Assignments from the menu.  Enter the serial number of the new device.  Set the action to "Assign to Server" and choose your Securly MDM server from the selector.  Click Done.

If successful, the Assignment Complete window will display.

Resync DEP in Control Tower

 

In Securly Device Console, go to the Apple DEP tab in Settings.  Click to select your ASM DEP account. 

Force your DEP account to re-sync so that it recognizes the newly added DEP device(s) by clicking the Save button at the bottom of the DEP configuration screen.

Optionally, you can check to be sure that the device will enroll into Securly MDM by using the DEP Lookup button at the top of the DEP accounts list.

 

Enroll the device into Securly MDM via DEP

Now that the device is in your DEP account and Securly MDM recognizes that it will enroll, you begin the normal DEP enrollment process.  However, since we already have a Wi-Fi profile for the device that was used earlier to get the system to add the device to DEP, we recommend that you install that same profile onto the device while it's still connected to Apple Configurator to automatically configure Wi-Fi on the device and save the step of manually connecting to Wi-Fi during enrollment.

 

To do this, simply drag the Wi-Fi profile you created earlier onto the device in Configurator. 

After a few moments, the top bar of the iPad should show the Wi-Fi connection symbol.

 

Press Home button on the Hello screen and select a country.

You'll see the message "Retrieving configuration" for a moment.

The Remote Management screen will appear.  Choose Next.

You will see a message that your organization will automatically configure your iPad. Choose Next.

Only setup assistant options enabled through DEP settings in CT will display.

When the process is finished, your iPad is enrolled!

Have more questions? Submit a request

Comments