Enroll any iOS 11 device to DEP using Apple Configurator

Starting iOS 11.0 Apple has opened up the option to enroll a normal iOS device into Device Enrollment Program. Device Enrollment Program gives an organization the extra control to enforce stricter policies and also an option to disallow the users from removing the MobiLock Pro management from device.

This document walks you through on how to enroll a normal iOS 11.0 or higher device to DEP program.

If you have purchased your device from a authorized DEP reseller then to learn how to set up MobiLock Pro to manage your DEP devices, please refer to our document here.

Before You Begin

  1. Make sure that you have enabled MobiLock Pro to manage your DEP devices as described in Manage DEP Devices using MobiLock Pro.
  2. Have access to an iOS device running iOS 11.0 or higher.
  3. A Mac machine with Apple Configurator 2 installed.
  4. A lightning USB cable.
  5. Take a backup of your iOS device if required.

Video Guide:

Watch a quick video on how to enroll an iOS device to DEP.

Steps

On Your Mac Machine

  1. Login to MobiLock Dashboard. Navigate to Device Enrollment > QR Code.
  2. Expand the QR code where you want the device to be enrolled to. Copy the URL shown below the QR Code.
  3. Launch Apple Configurator 2 on your Mac and connect the device using the cable.
  4. If the device is connected and your Mac is Trusted, then you can see the device in Apple Configurator 2.
  5. Right click on the device and click Prepare.
  6. On the dialog that is shown please enable the following options,
    1. Choose Manual Configuration in the Prepate With field.
    2. Make sure to check:
      1. Add to Device Enrollment Program.
      2. Activate and Complete Enrollment.
      3. Allow devices to pair with other computers.
    3. Click Next.
  7. In this screen you will be asked the details of the MDM server,
    1. You can choose from your existing MDM servers if you had created one and click Next OR
    2. Select New Server from the drop-down and click Next
      1. In the next screen, enter a Name for the server ex: MobiLock Pro and paste the URL that you copied from MobiLock Dashboard.
  8. At this point you will be asked for your Apple credentials for DEP program. Please enter the credentials that you use for https://deploy.apple.com and Click Sign In.
  9. Once the Sign In succeeds you will be asked to choose a Supervisioning identity. Click Next.
  10. You can ignore the step related to entering credentials for MDM server and click Next.
  11. On the last screen click Prepare.
  12. You will shown a warning that the device will be erased. Click Erase.
  13. This will start the enrollment process on the device and the device might reboot a couple of times during the setup.
  14. Once the device starts, configure a Wi-Fi and click Next on the device.
  15. At this point device should show the Remote Management screen so that you can complete enrolling the device to MobiLock Dashboard.

This would complete part one of the process. The next part involves assigning this device to MobiLock pro at https://deploy.apple.com so that in the future when the device is hard reset it can automatically enrol to MobiLock Dashboard.

On the Apple DEP Portal

  1. Login to Apple DEP portal at https://deploy.apple.com.
  2. In the DEP page, click on Manage Devices.
  3. Type in the Serial number of the device that you just enrolled.
  4. From the list of actions, choose Assign to Server.
  5. Select MobiLock Pro from the list of servers and click OK.
  6. Now Login to MobiLock Dashboard and navigate to Device Enrollment > Apple Setup > DEP.
  7. Click on the number next to Total Devices.
  8. In this screen click on SYNC NOW.
  9. You should see the newly assigned device in your MobiLock Dashboard.


How did we do?