Most organizations prefer enrolling corporate devices into their organization using Apple Device Enrollment Program (Apple DEP), due to the following benefits
But, due to the pre-requisite of purchasing devices directly from Apple or authorised resellers, many organizations are unable to enroll devices using DEP. To allow the enrollment of devices that are not purchased from authorised resellers, Apple has now allow organizations to enroll any device that meets the following criteria into DEP using Apple Configurator.
Device Enrollment Program (DEP) has now been upgraded to Apple Business Manager (ABM). You can find the steps to enroll any iOS 11 device into ABM, here.
Enrolling any device into ABM using Apple Configurator involves the following steps:
On Apple Configurator, create a new profile and add it to a Blueprint as explained here. Control-click the Blueprint and click on Prepare after which the following screen is shown.
After a few steps, you will be prompted to enter your Apple DEP credentials as shown below. Enter your corporate DEP account credentials to ensure the devices are added to the DEP portal.
Once the Blueprint is prepared and applied to the device, activate the device to complete the enrollment process.
By default the devices are added to server automatically created by Apple Configurator named Devices Added by Apple Configurator 2 as shown below.
Based on whether you have already integrated the required server with Mobile Device Manager Plus or not, follow the steps given below:
Integrate Apple DEP with MDM
On the MDM server, navigate to Enrollment and then select Apple Enrollment (ABM/ASM).
Click on Download to download the public key certificate. This is to be uploaded in Apple DEP portal.
On the Apple DEP portal, click on the server titled Devices Added by Apple Configurator 2 and select Add Key as seen below:
Upload the Public Key certificate downloaded from MDM, when prompted.
Click on Next and select Your Server Token, to download Apple DEP token which is to be uploaded back on the MDM server. You can optionally change the name of the DEP server. You can also regenerate the DEP token any time by clicking on the server and selecting Generate Token.
Upload the token back into MDM server as shown and follow the on-screen instructions to complete configuring Apple DEP.
Already integrated with MDM
On the Apple DEP portal, click on Manage Devices from the left pane.
Under Choose devices by, specify whether you want the devices to be added using Serial Number, Order Number or CSV file. Provide the required details.
Under Choose Action, select Assign to Server and select your existing DEP server from the dropdown. Click on OK to complete the device re-assignment.
Once the re-assignment is complete, go back to MDM server, navigate to the Enrollment tab and select Apple Enrollment(ABM/ASM) and click on Sync devices. The re-assigned devices be listed on the MDM server.
Now assign users on the MDM server to these devices, to complete enrollment.
NOTE: The devices are added to provisional DEP and can be removed by the user within 30 days of adding to the server. To remove the device from management navigate to Settings -> General -> Device Management -> Remove Device Management. This is important if the wrong devices have been added to the portal.