Device Enrollment iOS with DEP

The Apple Device Enrollment Program (DEP) is Apple's new method for enrolling corporate iOS devices. With DEP you can enroll the iOS devices without any direct contact with the device and also with minimal interaction from the user. The Apple DEP enrollment provides administrators the option to customize the complete device setup process. It also provides the option to prevent users from removing the MDM profile from the device. You can enroll your existing iOS devices (if they meet the iOS devices DEP requirements) and all iOS devices that you will buy in the future. For further information about Apple DEP see the Apple DEP Guide and Apple DEP Documentation.

Connect your ERA MDM Server with Apple DEP server:

1.Verify that all Apple DEP Requirements are met for both account requirements and device requirements.

DEP Account:

oThe program is only available in certain countries. Visit the Apple DEP webpage to see if DEP is available in your country.

oApple DEP Account requirements can be found on these websites: Apple deployment program requirements and Apple Device Enrollment Program requirements.

oDetailed DEP device requirements can be found here.

2.Log in to your Apple DEP Account (If you do not have an Apple DEP account you can create one here).

3.From the Device Enrollment Program section on the left side select Manage Servers.

MDM_DEP_add

4.Click Add MDM Server to open the Add MDM Server window.

5.Enter your MDM Server Name, for example: "ERA MDM Server," and then click Next.

MDM_DEP_add02

6.Upload your public key into the DEP portal. Click Choose File and select the public key file (this is the APNS certificate you downloaded from Apple Push Certificate Portal) and click Next.

MDM_DEP_addPK

7.Now you can download your Apple DEP Token. This file will be uploaded into the ERA MDC policy under Apple Device Enrollment Program (DEP) -> Upload authorization token.

MDM_DEP_tokenD

Add iOS Device into Apple DEP:

The next step is to assign iOS devices to your virtual MDM Server inside Apple DEP portal. You can assign your iOS devices by serial number, order number or by uploading a list of Serial numbers for target devices in CSV format. Either way, you must Assign the iOS device to the virtual MDM Server (you created in the previous steps).

MDM_DEP_CSV

validation-status-icon-error WARNING

Once a device is removed from the DEP portal, it is removed permanently, you cannot add it back.

After that you can leave the Apple DEP portal and continue in ERA Web Console.

validation-status-icon-error WARNING

If you are enrolling iOS devices that are currently in use (and that meet the device requirements) new policy settings will be applied to them after a factory reset of target device.

In order to complete the enrollment process you need to upload the APNS certificate into the MDC Policy that will be assigned to the MDM Server. (This MDC Policy will fulfill the role of MDM Server Settings).

icon_details_hoverNOTE

If your iOS device displays the message that it is not able to download the profile from ESET during enrollment, verify that the MDM server inside DEP is correctly configured (has the correct certificates) and that you assigned the correct iOS device to your selected ERA MDM Server inside Apple DEP.