How To Enroll in MDM with Apple Configurator

Last updated October 29, 2019

What is Apple Configurator?

Apple Configurator is a macOS application that allows administrators to create configurations and apply them to iOS devices. Before Apple Configurator, Apple offered iPhone Configuration Utility. Apple Configurator is the continuation of this sunset utility.

The range of configuration options in Configurator is extensive. Administrators can control minimum security requirements for passcodes, VPN configurations, on-device certificates, and even fonts. Generally, any configurations that can be applied via mobile device management (MDM) are also available in Apple Configurator.

Additionally, Apple Configurator provides the ability for an administrator to select which apps to install to iOS. Sign in with an Apple ID and select any app downloaded or purchased previously under that Apple ID.

How Does it Work?

Apple Configurator combines these two capabilities to create a blueprint:

  1. Configurations (aka profiles – made up of individual payloads)
  2. Apps

An administrator is able to create multiple blueprints. Common groupings include role-based (executive, manager, contributor) or department-based (sales, marketing, support). Blueprints can also be layered on a device, allowing multiple configurations to overlap.

With blueprints configured, place Apple Configurator in ‘prepare’ mode.  Then, each iOS device connects via USB or lightning and Apple Configurator pushes the configuration to the device. Also during this time, administrators can wipe devices, upgrade iOS, place into supervision mode, enroll with an MDM, etc.

The process can be time-consuming if one’s upgrading iOS or switching to supervised mode (which requires a system wipe). In these cases, we find many administrators use high-capacity USB hubs. Though we haven’t used it personally, the Cambrionix PowerPad15 is an example of a USB hub for this very purpose.

Sidenote: If looking to purchase a hub, check the capacity of power to the hub. If the wattage is too low, devices may not charge while plugged in. Decide if this is a requirement for your organization.

Why Use Both Configurator and MDM?

After explaining the functionality of Apple Configurator, an often asked question is: So why do I need MDM if I can manage configurations and apps this way? The question is a fair one, and the answer largely depends upon your organizational needs.

Apple Configurator can provide parity with MDM for some organizations with limited requirements. The big difference is the ability to control configurations after deployment. With Configurator, once an administrator unplugs the device, no further communication occurs unless the device plugs back into a computer. With MDM, administrators control configurations via WiFi or cellular connection.

Limited abilities exist to manage apps in Configurator. It only enables the basic process of installing selected apps. However, MDM will allow administrators to distribute company-owned app licenses purchased through Apple Business Manager (formerly Volume Purchase Program – VPP) as well as remotely update and remove apps. MDM is even capable of pushing app-specific configurations.

If you’re interested in how MDM can be used to simplify app deployment, we strongly recommend this read: Install Apps Remotely to iPads and iPhones which provides a comprehensive view of the many ways to deploy apps, each having its own strengths.

MDM provides additional features that an administrator can enable remotely. They can lock a device, wipe its contents, and monitor app installation. MDM also allows an administrator to access advanced functionalities, like forcing a device to only display a single app. A great example is the Square point of sale system.

Organizations learn to establish a balance when using both technologies. Apple Configurator is able to make sure all devices run the latest iOS version, are supervised and have an initial WiFi network connection. MDM is then used for all further configurations and management.

How To Enroll With MDM Using Apple Configurator

Enrolling a device with MDM generally occurs via a link either sent to the device by SMS or email or manually typed into a browser. This is reasonable for only a few devices or if employees will be enrolling their own devices. It absolutely does not scale for companies with a large number of company-owned devices that need to be set up. Instead, an organization will generally use the Apple Device Enrollment Program (read Explained: The Apple Device Enrollment Program) to have devices automatically configured with their MDM out-of-the-box, or they’ll use Apple Configurator.

We’ll now explain how to configure a device with MDM using Apple Configurator. To start, if you haven’t already, download Apple Configurator from the Mac App Store. Install the app and run it.

Once the application is running, plug your device into the computer.

Next, click the ‘Prepare’ button from the top bar of the app.

Supervisor Prepare

Configurator will ask you which mode you’d like to use. Select ‘Manual’ unless you have an Apple Business Manager account and want to add devices to it.

Apple Configurator will ask you if you’d like to assign the device to an MDM. Select ‘New server…’ if you haven’t completed this process before. The following screen will allow you to specify a name for your MDM as well as the enrollment URL.

The process for getting an enrollment URL varies between MDM vendors. For SimpleMDM, you must create an Enrollment (either group or one-time) in order to generate the URL as shown below. Paste the enrollment URL into Apple Configurator.

SimpleMDM Enrollment Interface

The remaining steps are not MDM-specific. The prompt asks if you’d like to:

  1. Supervise the device and block other computers from managing it
  2. Provide information about your organization to display on the device
  3. Skip certain set-up screens during the initial iOS startup
  4. Create or use an existing configurator identity. This is essentially a certificate that allows you to re-access these devices down the road with Apple Configurator on the same or on a different computer.

Once you’ve completed these steps, Configurator will begin setting up the devices you selected initially or plugin subsequently. The devices appear automatically in your MDM as they configure.

We run Windows. Can I Use Apple Configurator?

The strict answer is ‘no’. Apple Configurator software is only for macOS; Apple does not distribute a Windows version.

The nitty-gritty answer is ‘sort of’. None of these methods are recommended and may provide more pain than gain, so we generally recommend that organizations in this scenario purchase a Mac Mini to have as a resource for around the office. If interested in going down the rabbit hole, here are some methods that we’ve heard employed:

  1. Apple used to distribute a Windows version of the iPhone Configuration Utility. It’s still available on c|net here. The last software release was January of 2013. At best it’s missing many features and at worse it won’t work at all.
  2. Run macOS as a virtual machine on Windows. We’re pretty sure this breaks Apple macOS software licensing rules, so we cannot recommend this methodology. We’ve heard some reports that most virtual machine software handles USB emulation in a manner that causes issues when connecting and disconnection iOS devices, but we cannot confirm this.
  3. Use Apple DEP instead. When using MDM, Apple DEP substitutes for Apple Configurator. Apple DEP devices are ready out-of-the-box, eliminating the need for USB/lightning connections and extra touches. Referenced earlier, you can learn more about Apple DEP via this article. If you’d like to use DEP, apply for an account at deploy.apple.com.

If you aren’t already using MDM, manage your devices with a SimpleMDM account. Feel free to ask questions in the comments section. We’re here to help!

Comments (2)

Greetings,

As a quick background, I’m already set up in Apple w/ Apple DEP and I am hoping to use an MDM such as SimpleMDM to manage internal iOS devices. Obviously, it’s best if devices are added into DEP by Apple so that they show up in DEP automatically. However, Apple provides for the use of Apple Configurator in cases where a customer did not purchase the iOS device directly from Apple. In fact, I do this at work, using a different MDM with Apple Configurator 2. Does SimpleMDM support the adding of iOS devices via Configurator, as this other MDM does? In essence, I can then transfer the serial number from the Apple Configurator ‘MDM server’ entry into the SimpleMDM one, via business.apple.com.

I appreciate any help you can provide,

–Peter

Leave a Reply

Your email address will not be published. Required fields are marked *

See Why Apple Admins Prefer SimpleMDM

Start My FREE 30-Day Trial Now
  • How to Enroll an Apple TV in MDM - 3 Methods

    By on January 24, 2019
    Read more
  • How To Sign macOS PKGs for Deployment with MDM

    By on October 4, 2018
    Read more
  • How To Use Custom Configuration Profiles With Custom Attributes

    By on September 17, 2018
    Read more

See Why Apple Admins Prefer SimpleMDM No strings. No Spam.

Start My 30-Day Free Trial Now