Manage DEP Devices using Scalefusion
Device Enrollment Program or DEP is an Apple Program that can be used to streamline the onboarding process for brand new devices or devices that have been hard reset, automatically to an MDM server. Also with iOS 11 and the latest version of Apple Configurator tool any device can be enrolled into the DEP program. DEP devices also give you the option to disallow the removal of MDM management from the iOS & Mac device, thereby making the DEP program a highly recommended approach for organizations.
By configuring Scalefusion to manage your DEP devices, you can enforce them to become Supervised during the first time they are Unboxed and also enroll into Scalefusion Dashboard.
This document guides on how to setup Scalefusion to manage your DEP devices.
Before You Begin
- You would need an Apple Business Manager or Apple School Manager account
- A valid Scalefusion Dashboard account.
- An iOS or a Mac device that is purchased under DEP program.
Please watch the video for a visual guide on the process.
Configuring Scalefusion to Manage your DEP devices
The first step is to configure Scalefusion to allow to sync with Apple DEP portal to get your DEP devices and let Apple know that Scalefusion will manage those devices. For this the following need to be done.
- Login to Scalefusion Dashboard.
- Navigate to Getting Started > Apple Setup.
- Click on the DEP tab.
- Download Scalefusion DEP Public Key
On the next screen, click on DOWNLOAD Scalefusion DEP TOKEN. This will download DEPTokenKey.pem file to your Downloads folder or to the folder that you have set as the downloads folder.
- Click NEXT.
- Generate Server Token File
- You will need to generate server token. To do so, login to Apple Business Manager Portal at https://business.apple.com
- Click on Preferences (You will see Preferences on clicking your Profile name on the bottom left)
- Now under Your MDM Servers, click on Add
- This creates an Untitled MDM Server. Enter MDM server info:
MDM Server Name: Enter a name for the MDM server under MDM Server Name
Upload Public Key: Click on Choose File and select the Scalefusion DEP token (.pem file) that you downloaded from Scalefusion Dashboard at Step 4, to upload it.
- Click Save
- Download the server token file that is generated, by clicking on Download Token
- You will get the following screen. Click on Download Server Token
- Once you have downloaded the Token file from Apple DEP portal, navigate back to Scalefusion Dashboard. Click Next.
- Upload DEP token
Upload the server token file that you downloaded from Apple DEP Portal, by clicking on Browse files.
- Once you upload the file, click Next.
- This will complete the process and you can see the details of your organization and the name that you gave in the Apple DEP Portal now under DEP tab.
Assigning Devices to Scalefusion Server
Now that you have setup Scalefusion MDM server to manage your DEP devices, let us assign one device so that you can see how it works. Follow the below steps to manage your existing devices using Scalefusion.
- Login to https://business.apple.com using your Apple credentials.
- Once logged in, click on Getting Started next to Device Enrollment Program.
- On the left hand side, click on Manage Devices.
- You will be shown a page where you can assign devices to an MDM server. You can:
- Assign using Serial numbers.
- Assign using Order numbers.
- Upload a CSV file of Serial and/or Order Numbers.
- Enter the Serial number of the iOS or Mac device that you have and have bought under DEP program.
- Select Assign Devices from the drop down below.
- From the list of servers click Scalefusion (or the name that you gave) and click OK.
- Now Login to Scalefusion.
- Navigate to Getting Started > Apple Setup > DEP. This page displays the total devices that Scalefusion has synced.
- Click on the number next to Total Devices. You will be shown a page that lists all your DEP devices that Scalefusion has synced with Apple. At this point it will be blank as Scalefusion syncs every 6 hours for new devices.
- Click on SYNC NOW to manually sync.
- Refresh the page so that you can see the device that you just assigned in Step 5-7.
- For all your DEP devices, you can choose a QR Code configuration, so that when these devices are unboxed or hard reset they use this configuration to be automatically setup. Click on CHOOSE and select the QR Code configuration.
- Click APPLY.
- In addition to the default QR Code configuration that can be attached for DEP devices, you can attach per device profile/group. The way to do it is,
- Sync all your DEP devices using Sync button.
- Download the Report for devices that are pending enrollment from DEP devices page.This report only gives devices that are not in enrolled state
- Enter the Profile or Group name for each device.
- Upload the CSV to IMEI/Serial# section. The CSV can directly be used in IMEI/Serial# section.
- Once these devices enroll they will pick the mapped profile or group.If there is no mapped profile or group then the default that is provided in the DEP section is picked.
- The DEP devices page lists the profile/group attached with the device.The Enrollment Method shown here does not apply for iOS and Mac devices
- The Download Report option can be used to download all devices that are in enrolled state.
- At this point you are ready to start your device. Depending upon the state of your device, either of the following needs to be done,
- For a new iOS or Mac device, Unbox it and start the device. Choose the language and configure a Wifi. The device should show you a Remote Management screen post the initial setup screens.
- For an existing iOS device, go to Settings > General > Reset > Reset All Content & Settings. This will reset the device and post the screens where you choose the language and configure a Wifi, the device should show you a Remote Management screen.
- For an existing Mac device, please reinstall the Mac OS using Recovery options (CMD + R) to renroll using DEP method.
- Once you see the Remote Management screen, you would have to click Next and the device will be enrolled onto the Scalefusion Dashboard.
- User Authenticated Enrollment: If you have chosen an Enrollment configuration where Enrollment Type is User Authenticated enrollment, after Remote Management you will get the screen to enter email id and OTP for user authentication.
- Enter the email id, OTP and accept Terms of Service.
- Follow the next steps to install configuration profile and enroll the device.
- You can see the status of the newly enrolled device in Scalefusion Dashboard under Devices section.
DEP can be deleted any time. Devices already enrolled will stay enrolled. However on next Factory Reset, they will not be enrolled to Scalefusion. To delete,
- Navigate to Getting Started > Apple Setup > DEP page and click on Delete DEP
- You will get a confirmation box. Click Yes to confirm. DEP will be deleted.
Managing DEP Supervisioning Settings
For all your DEP devices you can set a group of Supervisioning settings that are applied when the device enrolls to the Dashboard on the first unboxing or after hard reset. To access and change these settings please follow the below steps,
- Login to Scalefusion Dashboard.
- Navigate to Getting Started > Apple Setup > DEP.
- Click on CONFIGURE DEVICE SETUP SETTINGS.
- Here you can choose the setup options for a new DEP device.
- Please note these settings are ONLY applied when the device is unboxed for the first time or is starting for the first time after a hard reset.