How to enroll in an MDM with Apple Configurator

Just like with Apple's line of sleek products, Apple is also focusing on making its management tools intelligent and powerful.

Upgrades to Apple Configurator, Apple Business Manager (ABM), and Apple School Manager (ASM) have carried quality-of-life changes to the management side of Apple. However, as these systems are updated, workflows like enrolling devices into a mobile device management (MDM) server often change. So, let's go over enrolling devices into an MDM server with Apple Configurator.

What is Apple Configurator?

Apple Configurator is an application available for both macOS and iOS. However, while they share the same name, the macOS and iOS versions of Apple Configurator function very differently.

Apple Configurator for macOS was initially released in 2012 and provides device management functionality, such as managing and distributing configurations, VPN settings, device certificates, passcode requirements, and more. Additionally, Apple Configurator can help enroll iPhone, iPod, iPad, and Apple TV devices into ABM/ASM or directly into an MDM service.

Apple Configurator for iOS, released in 2021, is primarily used to enroll Mac devices running the T2 Security Chip or Apple silicon into ABM/ASM accounts. It does not provide management functionality. However, Apple announced that Apple Configurator for iOS would also be capable of onboarding devices running iOS 16 and iPadOS 16 into ABM/ASM.

How to enroll devices into an MDM server using Apple Configurator

There are two primary methods of enrolling devices into an MDM using Apple Configurator for macOS:

• Enrolling devices directly into an MDM server, bypassing ABM/ASM

• Using Apple Configurator to enroll devices into ABM/ASM and utilizing Automated Device Enrollment (ADE)

Let's review these two methods and when you want to use each.

Enroll devices directly into your MDM server using Apple Configurator.

Note: this process will ultimately erase the device being configured.

If you are not utilizing ABM/ASM, you can enroll devices directly into your MDM server using Apple Configurator for macOS. As mentioned, this method works with mobile devices like iPhones, iPods, iPads, and Apple TVs. Here's how it works:

1. Connect the iOS device to the Mac running Apple Configurator.

2. Launch Apple Configurator. You should see the connected iOS device. (Note: the device must have the lock screen passcode unlocked to show in Configurator.)

   

3. Select the device.

4. Click Prepare.

   

5. Using the drop-down menu, make sure Manual Configuration is selected.

6. Select Supervise devices and Allow devices to pair with other computers.

   

7. Click Next.

8. Using the drop-down menu, select New Server…

   

9. Click Next.

10. Enter the name and link for your MDM server. In SimpleMDM, you can retrieve your Group Enrollment link by clicking on Enrollments and then clicking on the enrollment group you want the device to join.

    

11. Use the default trust anchor certificates and click Next.

    

12. You can click Next on the Assign to Organization screen.

    

13. Click Skip at the Sign in to Apple School Manager or Apple Business Manager sign-in screen since we aim to enroll directly into MDM without using ABM/ASM.

    

14. Enter your organization's information, then click Next.

    

15. Select Choose an existing supervision identity if you already have one. If you don't have one, select Generate a new supervision identity and click Next.

    

16. Select which setup steps will be shown to the user in Setup Assistant, then click Prepare.

    

    This screen is where you can really customize your end user's onboarding setup experience, so be sure to take some time to review all the options. 🤓

17. If asked to authenticate to update the certificate trust settings, enter your current computer user login credentials and click Update Settings.

    

18. If the device has already been prepared, you will be prompted to erase the device to continue the process. Click Erase.

    

19. Once the device has been wiped, you will be back at the main Configurator screen. Repeat steps 3 through 7.

20. It should default to the MDM server information you previously entered. Click Next.

21. It should default to the organization information you previously entered. Click Next.

22. Review the Setup Assistant steps, and click Prepare.

    

The device will go through its final configuration. Once it has finished and you've connected it to Wi-Fi, the device will be enrolled in your MDM server.

This method works if you're unable to utilize ABM/ASM. However, don't sleep on Apple Business Manager. ABM/ASM is free and provides many features that can enhance your Apple device management experience. ADE alone can significantly improve the onboarding experience for you and your users.

Add devices to ABM/ASM and utilize ADE to enroll devices into your MDM with Apple Configurator.

If your organization utilizes ABM/ASM, you can use Apple Configurator to add devices to your ABM/ASM account. Once the device is in your ABM/ASM account, you can utilize ADE to enroll the device in your MDM. This option suits already-owned devices and devices acquired outside of authorized Apple channels that you want to import into your ABM or ASM account. Here's how it works:

1. Connect your iOS device to your Mac.

2. Launch Apple Configurator.

3. Select the device, and click Prepare.

   

4. At the Prepare Devices window, select Manual Configuration. Ensure Add to Apple School Manager or Apple Business Manager, Supervise devices, and Allow devices to pair with other computers are selected, and unselect Activate and complete enrollment.

   

5. Click Next.

6. If you haven't configured a server, follow steps 8 through 10 of the previous example. Since I already have a server configured, I'll ensure it's selected and click Next.

   

7. If you have an existing organization profile, select it and click Next; otherwise, create a new organization profile.

   

8. Enter your Apple School Manager or Apple Business Manager account credentials, and click Next.

   

9. Configure your Setup Assistant steps, and click Next.

   

10. Select a network profile or create one by clicking File > New Profile or creating your own through iMazing.

    

11. Click Prepare.

12. If the device has already been set up, you will be prompted to erase the device to continue the process. Click Erase.

Once the setup is completed, the device enrolls into your Apple School Manager or Apple Business Manager account.

With the device in ABM, we can assign it to our MDM server and enroll it via Automated Enrollment.

Assigning the device in ABM to an MDM server

1. Locate and select the device in your ABM or ASM account. Searching for the device serial number is a quick way to narrow down the results.

2. Click Edit MDM Server.

   

3. Select Assign to the following MDM, then select your MDM server from the drop-down list.

   

4. Click Continue.

5. When asked if you want to confirm the changes, click Confirm.

6. To complete the automated enrollment, you need to wipe the device. In Apple Configurator, select the device, click Actions > Advanced > Erase All Content and Settings.

7. When prompted to confirm you want to erase the device, click Erase.

   

Once the device has been restored and connected to Wi-Fi, the device will finish the automated enrollment into your MDM server.

Do I need an MDM solution if I'm using Apple Configurator?

If you're wondering if you still need an MDM solution if you already use Apple Configurator, the answer is: probably.

With a small enough fleet of local Apple devices, you may be able to utilize just Apple Configurator. However, you'll quickly find that Apple Configurator lacks remote management functionality and is inefficient when managing large numbers of devices.

Additionally, many MDM functions aren't available with Apple Configurator, such as app-specific configurations, remote app deployments, device tracking, remote locking, remote wiping, bring your own device (BYOD) management, Munki integration, link enrollment, and more.

Simplifying Apple device management

Apple continues to improve its device and OS management tools year after year. The combined power of Apple Business Manager, Apple School Manager, Apple Configurator, and SimpleMDM lets you take control of your entire Apple ecosystem from the moment you purchase a device.

If you're not already using SimpleMDM, what are you waiting for? Start your 30-day free trial now to discover how easy managing a fleet of Apple devices can be.