Endpoint Management | Mobile Device Management

Apple Configurator Complements the DEP

21. January 2021, Avatar of Alexander SpatzigAlexander Spatzig

Apple's DEP (Desktop Enrollment Program) and VPP (Volume Purchase Program) are almost indispensable for companies using Apple systems today. The DEP is an important prerequisite for the operation of the devices in supervised mode, which is necessary for a growing number of functions in iOS. But what can be done if devices are already in the company and DEP is to be used afterwards?

In short

  • Apple's DEP and VPP are critical for companies with Apple devices.
  • Subsequent use of DEP for existing devices with iOS 11+ via Apple Configurator 2 is not a problem.
  • To do it, reset devices to factory settings and update to iOS 11 or higher. Then configure manually with MDM server settings. Use Apple Configurator 2 to subsequently integrate it into the DEP and operate it in supervised mode.


Supervised mode - the jack of all trades

For many of you, Apple devices have been part of your company's endpoint inventory for several years. So it makes sense to manage these devices centrally. In addition to strengthening security, supervised mode plays an important role in making system management much easier to implement. More and more functions in iOS now require this mode. New devices can be smoothly integrated via Apple DEP and managed via the baramundi Management Suite. However, systems that are already in use in the company or are not yet in DEP for other reasons can be operated in supervised mode.

iOS 11 or a newer version of the Apple OS is required for this, and the tool that you should use is Apple Configurator 2. That makes it possible to add Apple endpoints manually into DEP and operated in supervised mode. Once the devices have been configured and registered in Mobile Device Management, they cannot be removed from management at any time, even if they are reset to the factory settings. By the way: If you use one or more MDM servers, these will be displayed in Apple Configurator 2 as part of the setup. Additional MDM servers can also be connected to the environment.

Activate supervised mode via the Apple Configurator

We recommend that you take the following three steps to activate supervised mode:

  1. All devices that are already in use should definitely be reset to their factory settings. It is best to check the OS version at the same time. Older versions must be updated to iOS 11 or higher via Apple's configuration tool. If you don’t, errors will inevitably occur during registration in the DEP. This step is a requirement, not an option.
  2. The devices are then prepared for the MDM server via manual configuration and the corresponding settings. You can easily use the registration settings for your baramundi account. In the following steps (also see KB Article 10505) you can gradually complete the registration of older devices using various methods inputs. The Knowledge Base article explains the individual steps very precisely with screenshots and possible error messages.
  3. When you log in to https://business.apple.com/ you will find a separate field for the Apple Configurator 2 in the MDM server area. All the devices that you added to the desktop enrollment program using the Apple tool will appear there.

These steps ensure permanent and, above all, secure management of devices with the baramundi Management Suite for devices that were not delivered via the Apple DEP program from the outset.

Read more

Entries 1 to 3 of 3