Apple Configurator Complements the DEP
Apple's DEP (Desktop Enrollment Program) and VPP (Volume Purchase Program) are almost indispensable for companies using Apple systems today. The DEP is an important prerequisite for the operation of the devices in supervised mode, which is necessary for a growing number of functions in iOS. But what can be done if devices are already in the company and DEP is to be used afterwards?
For many of you, Apple devices have been part of your company's endpoint inventory for several years. So it makes sense to manage these devices centrally. In addition to strengthening security, supervised mode plays an important role in making system management much easier to implement. More and more functions in iOS now require this mode. New devices can be smoothly integrated via Apple DEP and managed via the baramundi Management Suite. However, systems that are already in use in the company or are not yet in DEP for other reasons can be operated in supervised mode.
iOS 11 or a newer version of the Apple OS is required for this, and the tool that you should use is Apple Configurator 2. That makes it possible to add Apple endpoints manually into DEP and operated in supervised mode. Once the devices have been configured and registered in Mobile Device Management, they cannot be removed from management at any time, even if they are reset to the factory settings. By the way: If you use one or more MDM servers, these will be displayed in Apple Configurator 2 as part of the setup. Additional MDM servers can also be connected to the environment.
We recommend that you take the following three steps to activate supervised mode:
- All devices that are already in use should definitely be reset to their factory settings. It is best to check the OS version at the same time. Older versions must be updated to iOS 11 or higher via Apple's configuration tool. If you don’t, errors will inevitably occur during registration in the DEP. This step is a requirement, not an option.
- The devices are then prepared for the MDM server via manual configuration and the corresponding settings. You can easily use the registration settings for your baramundi account. In the following steps (also see KB Article 10505) you can gradually complete the registration of older devices using various methods inputs. The Knowledge Base article explains the individual steps very precisely with screenshots and possible error messages.
- When you log in to https://business.apple.com/ you will find a separate field for the Apple Configurator 2 in the MDM server area. All the devices that you added to the desktop enrollment program using the Apple tool will appear there.
These steps ensure permanent and, above all, secure management of devices with the baramundi Management Suite for devices that were not delivered via the Apple DEP program from the outset.