Manage DEP Devices using MobiLock Pro


Device Enrollment Program or DEP is an Apple Program that can be used to streamline the onboarding process for brand new devices or devices that have been hard reset, automatically to an MDM server. Also with iOS 11 and latest version of Apple Configurator tool any device can be enrolled into DEP program. DEP devices also give you the option to disallow the removal of MDM management from the iOS device, thereby by making DEP program a highly recommended approach for organizations.

By configuring MobiLock Pro to manage your DEP devices, you can enforce them to become Supervised during the first time they are Unboxed and also enroll into MobiLock Pro Dashboard.

This document guides on how to setup MobiLock Pro to manage your DEP devices.

Before You Begin

  1. You would need a corporate DEP account that can be used at https://deploy.apple.com.
  2. A valid MobiLock Pro Dashboard account.
  3. A iOS device that is purchased under DEP program.

Video Guide:

Please watch the video for a visual guide on the process.


Steps

Configuring MobiLock Pro to Manage your DEP devices

The first step is to configure MobiLock Pro to allow to sync with Apple DEP portal to get your DEP devices and let Apple know that MobiLock will manage those devices. For this the following need to be done.

  1. Login to MobiLock Dashboard.
  2. Navigate to Device Enrollment > Apple Setup.
  3. Click on the DEP tab.
  4. Click on DOWNLOAD MOBILOCK PRO DEP TOKEN.
  5. Click NEXT.
  6. Now on the next step please click on https://deploy.apple.com. This will open up a new tab.
  7. Login to Apple DEP portal using your corporate Apple credentials.
  8. Once logged in, Click on Get Started next to Device Enrollment Program.
  9. On this screen, click on Add MDM Server.
  10. Enter a Name for the server and Click Next.

    Additionally, you can choose to automatically assign new devices, so that the devices that you purchase henceforth are automatically assigned to MobiLock.
  11. Upload the Token file that you downloaded at Step 4.
  12. Click Next.
  13. Now in the final dialog, you will get an option to download the token. Click on Your Server Token.
  14. Now navigate back to MobiLock Pro Dashboard. Click Next.
  15. In this screen, upload the file that you downloaded from Apple at step 13.
  16. Once you upload the file, click Next.
  17. This will complete the process and you can see the details of your organization and the name that you gave at Step 10 now under DEP tab.
This token needs to be updated every year.

Assigning Devices to MobiLock Pro Server

Now that you have setup MobiLock MDM server to manage your DEP devices, let us assign one device so that you can see how it works. Follow the below steps to manage your existing devices using MobiLock Pro.

  1. Login to https://deploy.apple.com using your Apple credentials.
  2. Once logged in, click on Getting Started next to Device Enrollment Program.
  3. On the left hand side, click on Manage Devices.
  4. You will be shown a page where you can assign devices to an MDM server. You can:
    1. Assign using Serial numbers.
    2. Assign using Order numbers.
    3. Upload a CSV file of Serial and/or Order Numbers.
  5. Enter the Serial number of the iOS device that you have and have bought under DEP program.
  6. Select Assign Devices from the drop down below.
  7. From the list of servers click MobiLock Pro (or the name that you gave) and click OK.
  8. Now Login to MobiLock Dashboard.
  9. Navigate to Device Enrollment > Apple Setup > DEP.
  10. Click on the number next to Total Devices.
  11. You will be shown a page that lists all your DEP devices that MobiLock has synced with Apple. At this point it will be blank as MobiLock syncs every 6 hours for new devices.
  12. Click on SYNC NOW to manually sync.
  13. Refresh the page so that you can see the device that you just assigned in Step 5-7.
  14. For all your DEP devices, you can choose a QR Code configuration, so that when these devices are unboxed or hard reset they use this configuration to be automatically setup. Click on CHOOSE and select the QR Code configuration.
  15. Click APPLY.
  16. At this point you are ready to start your iOS device. Depending upon the state of your device, either of the following needs to be done,
    1. For a new device, Unbox it and start the device. Choose the language and configure a Wifi. The device should show you a Remote Management screen post the initial setup screens.
    2. For an existing device, go to Settings > General > Reset > Reset All Content & Settings. This will reset the device and post the screens where you choose the language and configure a Wifi, the device should show you a Remote Management screen.
  17. Once you see the Remote Management screen, you would have to click Next and the device will be enrolled onto the MobiLock Dashboard.
  18. You can see the status of the newly enrolled device in MobiLock Dashboard under Devices section.

Managing DEP Supervisioning Settings

For all your DEP devices you can set a group of Supervisioning settings that are applied when the device enrols to the Dashboard on the first unboxing or after hard reset. To access and change these settings please follow the below steps,

  1. Login to MobiLock Dashboard.
  2. Navigate to Device Enrollment > Apple Setup > DEP.
  3. Click on CONFIGURE DEVICE SETUP SETTINGS.
  4. Here you can choose the setup options for a new DEP device.
  5. Please note these settings are ONLY applied when the device is unboxed for the first time or is starting for the first time after a hard reset.

How did we do?