What is Apple's Automated Device Enrollment (ADE)?

Apple's Automated Device Enrollment (ADE) program is designed to help organizations automate the configuration and enrollment of devices into their MDM environments. 

Formerly known as the Apple Device Enrollment Program (DEP), ADE can automatically enroll devices and modify the initial device configuration behavior, allowing IT departments to manage devices received directly from Apple and approved Apple Authorized Resellers without ever touching them. 

"Automated Device Enrollment lets organizations configure and manage devices from the moment the devices are removed from the box." - Apple

How does Automated Device Enrollment work? 

Automated Device Enrollment utilizes Apple Business Manager (ABM) or Apple School Manager and your MDM server to automate the device enrollment process. 

Once your ABM account and MDM server are paired, devices purchased directly from Apple or an Apple Authorized Reseller can be automatically associated with your ABM account. 

Once a device has turned on and is connected to Wi-Fi during the Setup Assistant, they will contact Apple activation servers to determine if they've been assigned to an ABM account. The ABM account then instructs the device to retrieve and install the Automated Enrollment Profile from the associated MDM server. 

What are the benefits of using Automated Device Enrollment? Apple Automated Device Enrollment paired with a feature-rich MDM platform, like SimpleMDM, drastically simplifies Apple device management. Here are some of the advantages of using Automated Device Enrollment: 

• Automatically link purchased devices to your Apple Business Manager account 

• Force MDM enrollment 

• Customize the setup user experience with your organization's details 

• Skip panes during the setup assistant 

• Deploy custom configuration settings as soon as devices are activated 

• Simplify the onboarding process for IT and end-users 

• Install assigned apps automatically during setup 

• Enable supervision for enhanced security and control 

What are the requirements to use Automated Device Enrollment? 

Automated Device Enrollment is designed to help organizations easily distribute and manage their Apple devices. From small businesses to large enterprise environments, most entities can take advantage of and benefit from ADE. Here is a list of requirements to start utilizing ADE: 

• An Apple Business Manager account. Accounts are free. 

• An MDM solution, such as SimpleMDM. Try it free for 30 days.

• The organization must be located in a supported country or region

• Devices must be supported. These include:

  • iOS devices running iOS 7 or later

  • iPadOS devices

  • Mac computers running OS X Mavericks 10.9 or later

  • Apple TV devices (4th generation or later) running tvOS 10.2 or later

  • Devices must be organizationally owned

Can currently owned devices be added to ABM and ADE? 

Most organizations already have a fleet of Apple devices that could greatly benefit from joining an Apple Business Manager account and Automated Device Enrollment. Apple makes it possible to add your already-owned Apple devices to your ABM account using Apple Configurator version 2.5 and newer. iPhone, iPad, iPod touch, and Apple TV devices can be added using Apple Configurator for Mac, while Mac computers with Apple silicon or the Apple T2 security chip can be added using Apple Configurator for iPhone. 

Once a device has been added, users have a 30-day provisional period where the device can be released from ABM, supervision, and mobile device management. 

If you'd like to learn more, we've created a video covering the process in depth. 

How does BYOD work with ADE? 

Bring your own device (BYOD) allows users to utilize their personally owned equipment to conduct work activities. BYOD can be great for organizations and users. It reduces equipment costs for organizations and enables users to continue using the devices they know and love. However, managing BYOD devices can be complicated because organizations lack control over user-owned devices. 

While many MDM solutions support BYOD environments, Apple recommends using Apple Business Manager and Automated Device Enrollment for organizationally owned devices rather than BYOD devices. BYOD environments can leverage User Enrollment, which provides organizations control over their owned data and apps while offering users privacy over their personal content. 

How to connect Apple Business Manager and configure ADE to SimpleMDM

Connecting SimpleMDM with Apple Business Manager and configuring Automated Device Enrollment is easy and only takes a few minutes. Here's everything you need to do to get started using ABM and ADE with SimpleMDM: 

1. Sign in to your Apple Business Manager account.

2. On the bottom of the left sidebar, click your account menu, then click Preferences.
   

   

3. Click Add located next to Your MDM Servers.
   

   

4. Enter a name for the MDM server, such as SimpleMDM.

5. You can leave "allow this MDM server to release devices" checked or uncheck it. SimpleMDM does not use this functionality.
   

   

6. Download your SimpleMDM DEP Public Key.

7. Within Apple Business Manager, click Choose File and select the public key file you just downloaded.

8. Click Save, then on the next screen, click Download Token to download the MDM server token
   

   

9. In your SimpleMDM console, click Enrollments.

10. Click Add Enrollment > Automated Enrollment (DEP).
    

    

11. Click Choose File, then navigate to the token you downloaded from your ABM account.

12. Once you've added your token file, click Upload.
    

    

With your ABM account and SimpleMDM connected, you can now assign your devices in ABM to your SimpleMDM server.

1. In Apple Business Manager, click on the Devices menu.

2. Click on the device you want to add to your SimpleMDM server.

3. Click Edit MDM Server.
   

   

4. Select Assign to the following MDM: then select the MDM server you wish to assign it to.

5. Click Continue.

6. It will then ask you to confirm your choice. Click Confirm.

You can also set default MDM servers by device type.

1. In ABM, click on your account profile menu, then click Preferences.

2. Click MDM Server Assignment.

3. Click Edit next to Default MDM Server Assignment.

4. Assign the default MDM server to each device type.
   

   

Once you’ve assigned your MDM server in ABM, you’ll need to sync it with SimpleMDM. In SimpleMDM, click Enrollments, then select your automated enrollment group, then click Sync with Apple.

You can also begin configuring your Automated Device Enrollment settings on the DEP Settings page in SimpleMDM. For further information about assigning devices in ABM, Apple has provided a thorough guide detailing the process.

Make life easier for your IT team and end-users with Automated Device Enrollment

Apple's Automated Device Enrollment and SimpleMDM make managing large fleets of local and remote devices almost effortless. With complete control of your Apple devices shipped directly from distributors and out-of-the-box enrollment, the pain of onboarding becomes a thing of the past. Your users will be amazed at how quickly they're up and running with their new devices.