Apple device enrollment with Apple Configurator
What is Apple Configurator ?
Apple Configurator is a free device enrollment and provisioning utility application that allows IT admins to enroll and configure Apple devices through a USB connection. Using Apple Configurator, admins can simply connect iPhones, iPads, and Apple TVs to a Mac device to pre-load these devices with iOS, iPadOS, and tvOS device management profiles respectively, and have the required apps distributed to them before assigning them to users.
Apple Configurator 2 is the latest version of this tool available that makes the deployment process of corporate iOS devices easier and more efficient. You can also assign users to devices and supervise them, exercising additional control. Administrators can enforce mobile security on managed devices by importing existing profiles or creating new configuration profiles using Apple Configurator 2. You can use Apple Configurator 2 to enroll devices not purchased directly from Apple or its reseller with ABM as explained here.
Similarly, Mobile Device Manager Plus also supports enrollment of Apple TV using Apple Configurator 2. Follow the steps given here to learn how to use Apple Configurator 2 to enroll Apple TV.
Benefits of integrating MDM with Apple Configurator 2
The benefits of using Apple Configurator 2 are:
- Push predefined configurations for corporate iOS devices.
- Automatic enrollment with Mobile Device Manager Plus.
- Enroll devices in bulk.
- Advanced control over the Supervised devices. For more details on Supervised devices and their benefits, refer this.
Check out this video for a detailed walkthrough about Apple Configurator
How to enroll iOS devices using Apple Configurator?
Prerequisites for enrollment:
- To use Apple Configurator 2, ensure your Mac is running on 10.7 or later versions of operating systems.
- It is recommended to update your iTunes before installing the Apple Configurator Utility.
- Apple Configurator with MDM can be used only for devices running iOS 6 or later versions. If any device with lower versions is used, then the Operating System of the devices are automatically upgraded to the latest.
You can use Apple Configurator to enroll multiple devices at the same time. Follow the steps mentioned below to enroll multiple devices using Apple Configurator.
Prepare Apple Configurator 2.0
After installing the Apple Configurator 2, you have to follow the steps mentioned below to Prepare Apple Configurator 2.0:
- On Apple Configurator 2, click File, select New Profile and then select Wi-Fi. Do not modify any other profiles as this might affect the profiles distributed using MDM.
- Create a Wi-Fi profile and save it.
- Click File and choose New Blueprint and name it.
- Open the newly created Blueprint and click Profiles, you have to add the newly created Wi-Fi profile (which was created in step #2).
- Right-click and choose Prepare as shown in the below image.
- Specify the Configuration Type as Manual. If you wish to add mobile devices into your Apple Business Manager (ABM) portal from Apple Configurator 2, enable the Add to Apple School Manager or Apple Business Manager option. Learn how, from this document.
- Add the new server details by specifying the Server Name and Enrollment URL. Enrollment URL, which is configured in the MDM server.
- Trust anchor certificates are automatically added. If Apple Configurator takes too long to fetch anchor certificates, skip and proceed directly to the Assign to organization step by clicking on Next.
- Specify the name and details of the organization by creating a new organization on Apple Configurator 2.
- Choose Generate a new supervision identity to create a new Supervision identity on Apple Configurator 2.
- If you had enabled the option to add devices to DEP using Apple Configurator, enter your ABM account credentials
- Configure iOS setup assistant by clicking Prepare.
- Once the configuration on Apple Configurator 2 is done, connect the devices to a Mac through USB. Now in Apple Configurator, select the device, choose the created blueprint and add it to the device to be enrolled. Once this is done, the device restarts and the process is completed by accepting the created profile in the device. After completion, the device gets added to the MDM Server from where the device can be assigned to the user.
Enroll Devices to the MDM server from Apple Configurator
In order to enroll devices, you have to specify the ME MDM server URL on Apple Configurator 2. You can find the URL, in the below-mentioned location:
- On the MDM Product server console, choose Enrollment
- Under iOS choose Apple Configurator
- Select Configuration Steps, navigate to the fifth slide and copy the URL.
- On Apple Configurator 2, provide the URL which you have copied from the MDM server.
You can see all the devices are listed in the MDM server, under Apple Configurator. You can assign the devices to appropriate users. Once the users are assigned, you can see the devices listed under Managed devices view on the MDM server.
Apple Configurator vs Apple Configurator 2
Apple Configurator was released in 2012 which was later replaced by Apple Configurator 2, the latest version of the application.
- During device activation, you encounter the error A cloud configuration is already present on this device [mctunnelerrordomain – 0x36b2 (14002)].
Connect the device back to Apple Configurator. Right-click the device and select Restore. This re-downloads configurations into the device and fixes the problem.
- While configuring the Blueprint on Apple Configurator, you are prompted to enter the Apple ID and password and you are unable to skip this step.
This is a default screen which appears while configuring a Blueprint. You cannot skip this step if you have enabled the option to Add device to DEP portal in the first step. If you do not want to add the devices to ABM, uncheck the option and skip the step requesting for Apple credentials. Else, enter the ABM portal details and click on Next.
- When you choose Apply Configuration on Apple Configurator, you encounter a Session Time Out error.
In this case, verify the Internet connectivity and retry applying configuration on Apple Configurator.
- While configuring the Blueprint, the screen gets stuck on Fetching Anchor Certificates or if the Certificates are not fetched
You can safely click on Next as this step does not affect the blueprint creation.
- You are trying to enroll a device and get an unexpected error with Failed to retrieve IMEI.
This error occurs when the device is already enrolled with Apple Configurator or when you enroll different types of devices like iPhones and iPads consecutively using Apple Configurator. Since an iPhone has an IMEI number (which is required for enrollment in some cases), it is automatically detected and the enrollment is completed. Since an iPad does not have an IMEI number this error is shown. Restore the device and try enrolling it again.
NOTE: Certain iPads do have the IMEI number while enrolling which this error does not occur.
- You are trying to enroll a device and encounter the error The device does not recognize the host.
This error occurs when the restriction Allow iTunes pairing and other USB connections have been applied to the device. This restriction prevents the connection with all other devices except the one used for Supervising it. Remove the restriction from the device or enroll using the machine previously used for Supervising the device.
- If you are trying to enroll devices not purchased from Apple or authorized resellers.
Apple now allows adding ios 11 devices not purchased directly from Apple or authorized resellers into ABM. Follow the steps given here to use Apple Configurator to add devices to ABM.
- While enrolling a device you encounter an error "An unexpected error has occurred. Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ]
This error on Apple Configurator 2 Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ] occurs if the device is currently enrolled in a different MDM solution. Remove the device from the MDM solution, factory reset, and try enrolling the device again to resolve the error Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ].
- If you're trying to add a device to DEP/ABM/ASM via Apple Configurator and receive the error An unexpected error has occurred: The device returned an unexpected status. (CommandFormatError) [com.apple.configurator.MobileDeviceKit.error – 0xfffffffff8028014...]
You might encounter the error 'The device returned an unexpected status.' (CommandFormatError) [com.apple.configurator.MobileDeviceKit.error – 0xfffffffff8028014...] This happens
only if the device cannot be upgraded to iOS 11 (refer this to know the list of iOS devices supporting iOS 11), or the device needs to be upgraded to iOS 11 manually and then added to DEP/ABM/ASM via Apple Configurator.
- Unable to verify the server’s enrollment URL. A server with the specified hostname could not be found.
This message is shown on Apple Configurator when the MDM server is not reachable or the correct host URL is not entered. Verify if the MDM server, the Mac machine running Apple Configurator, and the devices to be enrolled are in the same network. Also, ensure that the host URL which is available on the MDM server, is entered correctly.
- While performing provisional enrollment of devices not purchased from authorised resellers, you receive the error Provisional enrollment failed: device is already in Device Enrollment Program.
This error on Apple Configurator Provisional enrollment failed: device is already in Device Enrollment Program occurs when the device you are trying to enroll is already available in the ABM portal. Check if the device is available in the server titled Devices Added by Apple Configurator 2or is assigned to a different server in the ABM portal.
- While performing provisional enrollment of devices not purchased from authorised resellers, you receive the error Provisional enrollment failed: Network error.
This error on Apple Configurator, Provisional enrollment failed: Network error occurs when the device you are trying to enroll is already available in the ABM portal. Check if the device is available in the server titled Devices Added by Apple Configurator 2 or is assigned to a different server in the ABM portal. If you are unable to find the device, try connecting to a different network to enroll the device.
- While adding devices to the ABM portal via Apple Configurator you encounter the error 'Provisional enrollment failed... The Cloud configuration server is unavailable or busy [MCCloudConfigurationErrorDomain - 0x80EF (33007)]'.
This error Provisional enrollment failed... The Cloud configuration server is unavailable or busy [MCCloudConfigurationErrorDomain - 0x80EF (33007)] is shown if the device is unable to contact the ABM server. Factory reset the device and proceed until the Wi-Fi configuration step. Prepare the device using Apple Configurator and follow the steps for adding it to ABM.
- Why are my devices not listed under ABM tab when I add the devices to ABM using Apple Configurator?
When devices are enrolled to ABM using Apple Configurator, the devices will be initially listed under Apple Configurator tab even though they are added to the ABM portal. When the user assignment is complete, these devices will be moved to Managed devices tab.
- While enrolling devices to the Device Enrollment Program or Apple Business Manager, you encounter an error Apple Configurator 2 cannot access the Device Enrollment Program
You may encounter this error Apple Configurator 2 cannot access the Device Enrollment Program if there are network issues due to which https://mdmenrollment.apple.com is not reachable or when the Apple servers are down. Verify your network connectivity and try again after sometime