The Holy Grail
Zero-touch configuration for IT, the holy grail of device management! This is the promise of a DEP enabled device. Just buy it and turn it on, it’ll pull down your designated management profile once the device has an established Internet connection and all of the associated settings and applications assigned will be deployed to the device.
Easy, right? For the most part, yes it is. All you need to do is make sure your DEP enabled devices, purchased from Apple or from an authorized DEP reseller, are associated with an Apple MDM server. In turn, that Apple MDM server needs to be configured with your MDM management service. To configure LANDESK as your preferred MDM server, see my previous blog post.
Today’s discussion will simply focus on getting those Apple devices enrolled with Apple’s MDM server. While the process only takes a few minutes, it is a required step for that zero-touch configuration; so don’t skip it.
Adding an Apple Device to an Apple MDM Server
- Browse to https://deploy.apple.com from your browser of choice
- Provide your Apple ID associated with your DEP account – enroll with Apple here if you have not yet performed this step
- Provide your two-factor authentication verification code; this is required by Apple for DEP management
- From the menu bar on the left, select Manage Devices
- Select your desired radio button to add devices by Serial Number, Order Number or via a CSV Upload
- Select the action Assign to Server under Step 2 and find your appropriate server from the drop down list and hit OK
And that’s it. Now when you unbox your shiny new Apple device, whether it be an iOS or macOS device, once it has an Internet connection (the touch part in the zero-touch process 🙂 ), it’ll pull down the assigned profile from your MDM server. Then, anytime the device is reset, the process will re-enage, ensuring that device always has your MDM profile assigned.