Enrolling iOS devices using Apple Configurator

What is Apple Configurator 2?

Apple Configurator 2 is a utility tool designed to configure and enroll corporate-owned iOS, iPadOS and tvOS devices in the enterprise through USB. It aids in automatic enrollment of Apple devices using MDM and pre-loading the devices with the associated profiles and distributed apps before handing them out to users. Apple Configurator 2 makes the deployment process of corporate iOS devices easier and more efficient. You can also assign users to devices and supervise them. Administrators can enforce mobile security by importing existing profiles or creating new configuration profiles which are forced to the managed mobile devices. You can use Apple Configurator 2 to enroll devices not purchased directly from Apple or its reseller with ABM as explained here.

Similarly, Mobile Device Manager Plus MSP also supports enrollment of Apple TV using Apple Configurator 2. Follow the steps given here to enroll Apple TV using Apple Configurator 2.

Benefits of integrating MDM with Apple Configurator 2

The benefits of using Apple Configurator 2 is mentioned below:

  1. Push predefined configurations for corporate iOS devices.

  2. Automatic enrollment with Mobile Device Manager Plus MSP.

  3. Enroll devices in bulk.

  4. Advanced control over the Supervised devices. For more details on Supervised devices and their benefits, refer this.

We have made your job simpler!

Learn how to set up Apple Configurator 2 in just 3 minutes through this demo video.

How to enroll iOS devices using Apple Configurator?

Prerequisites for enrollment:

  1. To use Apple Configurator 2, ensure your Mac is running on 10.7 or later versions of operating systems.

  2. It is recommended to update your iTunes before installing the Apple Configurator Utility.

  3. Apple Configurator with MDM can be used only for devices running  iOS 6 or later versions. If any device with lower versions is used, then the Operating System of the devices are automatically upgraded to the latest.

You can use Apple Configurator to enroll multiple devices at the same time. Follow the steps mentioned below to enroll multiple devices using Apple Configurator.

  1. Prepare Apple Configurator 2.0

  2. Enroll Devices

  3. Assign Users

Prepare Apple Configurator 2.0

After installing the Apple Configurator 2, you have to follow the steps mentioned below to Prepare Apple Configurator 2.0:

  1. On Apple Configurator 2, click File, select New Profile and then select Wi-Fi. Do not modify any other profiles as this might affect the profiles distributed using MDM.

    Creating New Profile on Apple Configurator

  2. Create a Wi-Fi profile and save it.

    Configuring Wi-Fi Profile on Apple Configurator

  3. Click File and choose New Blueprint and name it.

    Creating a Blueprint on Apple Configurator

  4. Open the newly created Blueprint and click Profiles, you have to add the newly created Wi-Fi profile (which was created in step #2).

    Add Wi-Fi profile to the Blueprint created on Apple Configurator

  5. Right-click and choose Prepare as shown in the below image.

    Preparing the Blueprint on Apple Configurator

  6. Specify the Configuration Type as Manual. If you wish to add mobile devices into your Apple Business Manager (ABM) portal from Apple Configurator 2, enable the Enable the Device Enrollment Program option. Learn how, from this document.

    Specify the Configuration Type on Apple Configurator

  7. Add the new server details by specifying the Server Name and Enrollment URL. Enrollment URL, which is configured in the MDM server.

    Creating New MDM Server on Apple Configurator


    Adding MDM Server Details on Apple Configurator

  8. Trust anchor certificates are automatically added. If Apple Configurator takes too long to fetch anchor certificates, skip and proceed directly to the Assign to organization step by clicking on Next.

    Fetching Anchor Certificates on Apple Configurator

  9. Specify the name and details of the organization by creating a new organization on Apple Configurator 2.

    Creating New Organization on Apple Configurator


    Adding Organization on Apple Configurator

  10. Choose Generate a new supervision identity to create a new Supervision identity on Apple Configurator 2.

    Creating a New Supervision Identity on Apple Configurator

  11. If you had enabled the option to add devices to DEP using Apple Configurator, enter your ABM account credentials

    Specifying ABM Account Credentials on Apple Configurator

  12. Configure iOS setup assistant by clicking Prepare.

    Configuring iOS Setup Assistant on Apple Configurator

  13. Once the configuration on Apple Configurator 2 is done, connect the devices to a Mac through USB. Now in Apple Configurator, select the device, choose the created blueprint and add it to the device to be enrolled. Once this is done, the device restarts and the process is completed by accepting the created profile in the device. After completion, the device gets added to the MDM Server from where the device can be assigned to the user.

Enroll Devices to the MDM server from Apple Configurator

In order to enroll devices, you have to specify the ME MDM server URL on Apple Configurator 2. You can find the URL, in the below-mentioned location:

  1. On the MDM Product server console, choose Enrollment
  2. Under iOS choose Apple Configurator
  3. Select Configuration Steps, . Navigate to the fifth slide and copy the URL. This is to be mentioned in Apple Configurator.
  4. On Apple Configurator 2, provide the URL which you have copied from the MDM server.

Assign Users

You can see all the devices are listed in the MDM server, under Apple Configurator. You can assign the devices to appropriate users. Once the users are assigned, you can see the devices listed under Managed devices view on the MDM server.


Troubleshooting Tips

  1. During device activation, you encounter the error A cloud configuration is already present on this device [mctunnelerrordomain – 0x36b2 (14002)].

    Connect the device back to Apple Configurator. Right-click the device and select Restore. This re-downloads configurations into the device and fixes the problem.

  2. While configuring the Blueprint on Apple Configurator, you are prompted to enter the Apple ID and password and you are unable to skip this step.

    This is a default screen which appears while configuring a Blueprint. You cannot skip this step if you have enabled the option to Add device to DEP portal in the first step. If you do not want to add the devices to ABM, uncheck the option and skip the step requesting for Apple credentials. Else, enter the ABM portal details and click on Next.

  3. When you choose Apply Configuration on Apple Configurator, you encounter a Session Time Out error.

    In this case, verify the Internet connectivity and retry applying configuration on Apple Configurator.

  4. While configuring the Blueprint, the screen gets stuck on Fetching Anchor Certificates or if the Certificates are not fetched

    You can safely click on Next as this step does not affect the blueprint creation.

  5. You are trying to enroll a device and get an unexpected error with Failed to retrieve IMEI.

    This error occurs when the device is already enrolled with Apple Configurator or when you enroll different types of devices like iPhones and iPads consecutively using Apple Configurator. Since an iPhone has an IMEI number (which is required for enrollment in some cases), it is automatically detected and the enrollment is completed. Since an iPad does not have an IMEI number this error is shown. Restore the device and try enrolling it again.
    NOTE: Certain iPads do have the IMEI number while enrolling which this error does not occur.

  6. You are trying to enroll a device and encounter the error The device does not recognize the host.

    This error occurs when the restriction Allow iTunes pairing and other USB connections have been applied to the device. This restriction prevents the connection with all other devices except the one used for Supervising it. Remove the restriction from the device or enroll using the machine previously used for Supervising the device.

  7. If you are trying to enroll devices not purchased from Apple or authorized resellers.

    Apple now allows adding ios 11 devices not purchased directly from Apple or authorized resellers into ABM. Follow the steps given here to use Apple Configurator to add devices to ABM.

  8. While enrolling a device you encounter an error "An unexpected error has occurred. Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ]

    This error on Apple Configurator 2 Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ] occurs if the device is currently enrolled in a different MDM solution. Remove the device from the MDM solution, factory reset, and try enrolling the device again to resolve the error Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ].

  9. This happens only if the device cannot be upgraded to iOS 11 (refer this to know the list of iOS devices supporting iOS 11) or the device needs to be upgraded to iOS 11 manually and then added to DEP/ABM/ASM via Apple Configurator.

  10. If you're trying to add a device to DEP/ABM/ASM via Apple Configurator and receive the error An unexpected error has occurred: The device returned an unexpected status. (CommandFormatError) [com.apple.configurator.MobileDeviceKit.error – 0xfffffffff8028014...]

    You might encounter the error The device returned an unexpected status. (CommandFormatError) [com.apple.configurator.MobileDeviceKit.error – 0xfffffffff8028014...] only if the device cannot be upgraded to iOS 11 (refer this to know the list of iOS devices supporting iOS 11) or the device needs to be upgraded to iOS 11 manually and then added to DEP/ABM/ASM via Apple Configurator.

  11. Unable to verify the server’s enrollment URL. A server with the specified hostname could not be found.

    This message is shown on Apple Configurator when the MDM server is not reachable or the correct host URL is not entered. Verify if the MDM server, the Mac machine running Apple Configurator, and the devices to be enrolled are in the same network. Also, ensure that the host URL which is available on the MDM server, is entered correctly.

  12. While performing provisional enrollment of devices not purchased from authorised resellers, you receive the error Provisional enrollment failed: device is already in Device Enrollment Program.

    This error on Apple Configurator Provisional enrollment failed: device is already in Device Enrollment Program occurs when the device you are trying to enroll is already available in the ABM portal. Check if the device is available in the server titled Devices Added by Apple Configurator 2or is assigned to a different server in the ABM portal.

  13. While performing provisional enrollment of devices not purchased from authorised resellers, you receive the error Provisional enrollment failed: Network error.

    This error on Apple Configurator, Provisional enrollment failed: Network error occurs when the device you are trying to enroll is already available in the ABM portal. Check if the device is available in the server titled Devices Added by Apple Configurator 2 or is assigned to a different server in the ABM portal. If you are unable to find the device, try connecting to a different network to enroll the device.

  14. While adding devices to the ABM portal via Apple Configurator you encounter the error 'Provisional enrollment failed... The Cloud configuration server is unavailable or busy [MCCloudConfigurationErrorDomain - 0x80EF (33007)]'.

    This error Provisional enrollment failed... The Cloud configuration server is unavailable or busy [MCCloudConfigurationErrorDomain - 0x80EF (33007)] is shown if the device is unable to contact the ABM server. Factory reset the device and proceed until the Wi-Fi configuration step. Prepare the device using Apple Configurator and follow the steps for adding it to ABM.

  15. Why are my devices not listed under ABM tab when I add the devices to ABM using Apple Configurator?

    When devices are enrolled to ABM using Apple Configurator, the devices will be initially listed under Apple Configurator tab even though they are added to the ABM portal. When the user assignment is complete, these devices will be moved to Managed devices tab.

  16. While enrolling devices to the Device Enrollment Program or Apple Business Manager, you encounter an error Apple Configurator 2 cannot access the Device Enrollment Program

    You may encounter this error Apple Configurator 2 cannot access the Device Enrollment Program if there are network issues due to which https://mdmenrollment.apple.com is not reachable or when the Apple servers are down. Verify your network connectivity and try again after sometime

See Also: Device Authentication, Enroll iOS Devices, Enroll Android Devices, Enroll Knox Devices, Enroll Windows Devices, Self Enrollment, Customize ME MDM App
Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine