Skip to content
BLOG

What is Apple's Automated Device Enrollment (ADE)?

Brock Bingham headshot
Brock Bingham|September 20, 2023
General IT Article background
General IT Article background
Sections

Apple's Automated Device Enrollment (ADE) program is designed to help organizations automate the configuration and enrollment of devices into their MDM environments.

Previously known as the Apple Device Enrollment Program (Apple DEP), ADE can automatically enroll devices and modify initial configuration behaviors. IT departments can manage devices received directly from Apple or approved Apple Authorized Resellers without physical intervention.

"Automated Device Enrollment lets organizations configure and manage devices from the moment the devices are removed from the box." - Apple

How does Automated Device Enrollment work?

Automated Device Enrollment utilizes Apple Business Manager (ABM) or Apple School Manager and your MDM server to apply enrollment profiles to automate the device enrollment.

Once devices are associated with your ABM account and MDM server, those purchased directly from Apple, Inc. or an Apple Authorized Reseller will be automatically enrolled.

Sounds cool, huh? 😎

When an enrolled device is turned on and connects to Wi-Fi for the first time during Setup Assistant, the device will contact Apple activation servers to determine if the device is assigned to an ABM account. The ABM account then instructs the device to retrieve and install the Automated Enrollment Profile from the associated MDM server.

What are the benefits of using Automated Device Enrollment?

Apple Automated Device Enrollment paired with a feature-rich MDM platform (like SimpleMDM) drastically simplifies Apple device management. Automated Device Enrollment provides several advantages:

  • Automatically link purchased devices to your Apple Business Manager account.

  • Force MDM enrollment for org devices.

  • Customize the setup user experience with your organization's details.

  • Skip panes during the setup assistant.

  • Deploy custom configuration settings as soon as devices are activated.  

  • Simplify the onboarding process for IT and end users.

  • Install assigned apps automatically during setup.

  • Enable mandatory supervision for enhanced device security and control.

What are the requirements for using Automated Device Enrollment?

Here is a list of requirements to get started with ADE. Your organization must:

  • Have an Apple Business Manager account. Accounts are free.

  • Have an MDM solution, such as SimpleMDM. Try it free for 30 days.

  • Be in a supported country or region.

  • Support these minimum technical requirements:

    • iOS devices running iOS 7 or later

    • iPadOS devices

    • macOS device running OS X Mavericks 10.9 or later

    • Apple TV (4th generation or later) tvOS device running 10.2 or later

    • Devices must be organizationally owned

Can currently owned devices be added to ABM and ADE?

Most organizations already have a fleet of Apple devices that could greatly benefit from creating an Apple Business Manager account utilizing Automated Device Enrollment. Luckily for these newbie orgs a little late to the game, Apple makes adding your already-owned Apple devices to your ABM account possible using Apple Configurator version 2.5 and newer.

iPhone, iPad, iPod touch, and Apple TV devices can all be added to ABM using Apple Configurator for Mac. In contrast, Mac computers with Apple silicon or the Apple T2 security chip can be added using Apple Configurator for iPhone.

Easy tip when it comes to using Configurator:

- If you want to add a Mac, use an iPhone.

- If you want to add an iPhone, use a Mac.

Once a device has been added, users have a 30-day provisional period where the device can be released from ABM, supervision, and mobile device management. 

If you want to learn more, we've created a video about enrolling in SimpleMDM with Apple Automated Enrollment. 🤓

How does BYOD work with ADE? 

Bring your own device (BYOD) allows users to utilize their personally owned equipment to conduct work activities. Utilizing a BYOD policy can be great for organizations and users. It reduces equipment costs for organizations and enables users to continue using the devices they know and love. However, managing BYOD devices can be complicated because organizations lack control over user-owned devices.

While many MDM solutions support BYOD environments, Apple recommends using Apple Business Manager and Automated Device Enrollment for organizationally owned devices rather than BYOD devices. BYOD environments can leverage User Enrollment, which provides organizations control over their owned data and apps while offering users privacy over their content.

How to connect Apple Business Manager and configure ADE to SimpleMDM

Connecting SimpleMDM with Apple Business Manager and configuring Automated Device Enrollment takes only a few minutes. Here's everything you need to do to get started using ABM and ADE with SimpleMDM:

  1. Sign in to your Apple Business Manager account.

  2. On the bottom of the left sidebar, click your account menu, then click Preferences.

    Selecting preferences from Apple Business Manager

  3. Click Add located next to Your MDM Servers.

    From Profile click Add located next to Your MDM Servers

  4. Enter a name for the MDM server, such as SimpleMDM.

  5. Leave "Allow this MDM Server to release devices" checked or uncheck it. SimpleMDM does not use this functionality.

    You can leave allow this MDM server to release device checked or unchecked, whatever your preference is

  6. Download your SimpleMDM DEP Public Key.

  7. Within Apple Business Manager, click Choose File and select your downloaded public key file.

  8. Click Save, then on the next screen, click Download Token to download the MDM server token.

    Click Save then on the next screen select Download Token

  9. In your SimpleMDM console, click Enrollments.

  10. Click Add Enrollment > Automated Enrollment (DEP).

    Click Add Enrollment then Automated Enrollment DEP

  11. Click Choose File, then navigate to the token you downloaded from your ABM account.

  12. Once you've added your token file, click Upload.

    Once you add the token file to Add DEP Account click Upload

With your ABM account and SimpleMDM connected, you can now assign your devices in ABM to your SimpleMDM server.

  1. In Apple Business Manager, click on the Devices menu.

  2. Click on the device you want to add to your SimpleMDM server.

  3. Click Edit MDM Server.

    Click Edit MDM Server within Apple Business Manager

  4. Select Assign to the following MDM: select the MDM server you wish to assign it to.

  5. Click Continue.

  6. It will then ask you to confirm your choice. Click Confirm.

You can also set default MDM servers by device type.

  1. In ABM, click on your account profile menu, then click Preferences.

  2. Click MDM Server Assignment.

  3. Click Edit next to Default MDM Server Assignment.

  4. Assign the default MDM server to each device type.

    Set a default MDM server by device type within Apple Business Manager

Once you've assigned your MDM server in ABM, you'll need to sync it with SimpleMDM. In SimpleMDM, click Enrollments, select your automated enrollment group, then click Sync with Apple.

Once an MDM server is assigned in ABM sync it with SimpleMDM

You can also begin configuring your Automated Device Enrollment settings on the DEP Settings page in SimpleMDM. For further information about assigning devices in ABM, Apple has provided a thorough guide detailing the process.

FAQs about Apple's Automated Device Enrollment

Can Apple Watch be enrolled in ADE?

The Apple Watch cannot be enrolled directly in Apple's Automated Device Enrollment. Instead, it relies on being paired with an iPhone enrolled through Automated Device Enrollment. This means that the Apple Watch gets its management profiles and policies indirectly from the paired iPhone.

Is the Apple Device Enrollment program free?

Yes, the Apple Device Enrollment program is completely free. All you need is a  D-U-N-S Number to create your ABM account.

Is Apple's automated device enrollment the same as DEP?

Apple ADE is the same as Apple DEP (just a new title). DEP was the initial term used to refer to the Apple Deployment Program. However, Apple renamed it Automated Device Enrollment as part of their move towards a unified platform in Apple Business Manager/Apple School Manager.

What if I already have devices in use that I want to enroll in ADE?

Devices must be fully erased at the Setup Assistant screen to go through ADE.

For devices already in use, you can manually enroll them in MDM. However, the level of management capabilities and the "unremovable" MDM profile are only available for devices enrolled in Automated Device Enrollment.

Make life easier for your IT team and end users with Automated Device Enrollment.

With Apple's Automated Device Enrollment and SimpleMDM, managing both on-prem and remote devices is easy peasy. Directly shipping managed devices from distributors and out-of-the-box enrollment eliminate all your onboarding woes.

So what are you waiting for? Give ADE a spin with a free 30-day trial of SimpleMDM today!

Brock Bingham headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

General IT Article background

What is the Principle of Least Privilege?

GENERAL IT

Padlock on computer screen

What is XProtect?

SECURITY

General IT Article background

What is the macOS Security Compliance Project?

GENERAL IT