How to Enroll in MDM with Apple DEP (Device Enrollment Program)

Last updated October 28, 2019

The Apple Device Enrollment Program, often referred to as “DEP” allows organizations to preconfigure the initial setup process on newly purchased devices, and starting with iOS 11, with already purchased devices as well. Organizations can, for instance, place devices in supervised mode, enroll them in an MDM program, and skip Apple Pay or “Restore from Backup” setup panes. For more information on what DEP is, read our article Explained: The Apple Device Enrollment Program.

DEP is almost always used in tandem with an MDM. This article explains how to link SimpleMDM to your Apple DEP account and how to add and initialize new iOS devices.

Create an Apple DEP Account

If you haven’t already, you may apply for a free Apple DEP account on Apple’s website. Please note that this process can take a matter of days to complete and generally requires that your organization has a D-U-N-S number. In short, you will need to follow this link to visit Dun & Bradstreet on the web. More helpful information on obtaining a D-U-N-S number for the purposes of the Device Enrollment Program is available from Apple Support.

Link Apple DEP to SimpleMDM

SimpleMDM needs to link to your DEP account so that it can configure devices to use the SimpleMDM service. To link Apple DEP to SimpleMDM, a certificate must be exchanged between the accounts to establish a secure, trusted relationship.

  1. Sign into SimpleMDM and click the “Devices” link on the left-hand side of the screen.
  2. Click the “Enrollments” sub-menu option.
  3. On the Enrollments page, click the “Apple DEP” tab.
  4. Click “Add Account”.
  5. Follow the on-screen steps based on whether you are using Apple Business Manager or a legacy Apple DEP account. These steps will guide you through the certificate exchange process.
    Once you have uploaded your Apple server token, SimpleMDM will link to your Apple DEP / Business Manager account.

Once this certificate is uploaded, your DEP account is successfully linked.

Associate Devices

Linking Apple DEP to SimpleMDM establishes a channel of communication between the two services. The next step is to make SimpleMDM aware of the devices in your DEP account.

  1. Within the Apple DEP Portal, assign your devices to the SimpleMDM server. This action grants SimpleMDM the ability to see these devices.
  2. Within SimpleMDM, return to the DEP interface by clicking Devices and then the Enrollments sub-menu option. Select the Apple DEP tab. Click the “Sync with Apple” button.

This will cause SimpleMDM to communicate with your Apple DEP account and become aware of any new devices you’ve added. Once this step completes, you should see the devices count in the SimpleMDM DEP interface increment to the correct count. These devices haven’t been added to SimpleMDM yet, but now SimpleMDM is aware of them in the DEP Portal.

Initialize Devices

Now that your devices are associated and SimpleMDM is aware of their DEP records, it’s time to start them up.

Helpful tip: If you’ve previously turned these devices on and completed the series of setup panes, they will need to be reset. This is because the devices only check in with the DEP service when they have not yet been set up. To re-initialize a device, on the device, go to Settings, General, Reset, and select “Erase all content and settings”. Your device will wipe itself and then restart, entering the DEP setup process.

  1. Turn on your device for the first time. The device may ask a few initial setup questions.
  2. If the device asks for WiFi information, be sure to select a wireless network that has internet access. Internet access is required to complete the DEP process.
  3. Once the device has gained internet access, the setup process will conform to the DEP settings you created.
  4. When the setup process has been completed, the device will appear under Devices in the SimpleMDM interface.

At this point, the device has been fully initialized and enrolled in SimpleMDM. Congrats!

Common Questions, Problems & Solutions

Problem: My devices aren’t showing up in SimpleMDM after linking my DEP account.

DEP enrolls devices in SimpleMDM when they are initially set up. It does not have the ability to enroll devices that have already been initialized. To add these devices you will need to reset the device to an initial factory state. On the device, go to Settings, General, Reset, and select “Erase all content and settings”.

Problem: My device didn’t enter DEP when I turned it on for the first time.

If your device started in the initialization process but did not seem to represent your DEP configurations, it could be that SimpleMDM is not aware of the device yet. Be sure to complete the steps in the Associate Devices section whenever you’ve purchased new devices.

Question: Can I add my existing devices to DEP?

Starting with iOS 11, any existing iOS device can be added to a DEP account. We provide a walkthrough of this process. This includes used devices and devices purchased through any retail channel. For devices before iOS 11, only some devices can be added. Please read our in-depth article which details when this is possible: Add Existing Apple Devices to Your DEP Account

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

See Why Apple Admins Prefer SimpleMDM

Start My FREE 30-Day Trial Now

  • How To: SAML Authenticated Device Enrollments

    By on September 27, 2021
    Read more

  • Using MDM for SOC 2 and ISO 27001 Compliance

    By on April 12, 2021
    Read more

  • Moving MDMs: How to Migrate macOS Devices Between MDMs

    By on December 12, 2019
    Read more

See Why Apple Admins Prefer SimpleMDM No strings. No Spam.

Start My 30-Day Free Trial Now