Manage DEP Devices using Scalefusion

Device Enrollment Program or DEP is an Apple Program that can be used to streamline the onboarding process for brand new devices or devices that have been hard reset, automatically to an MDM server. Also with iOS 11 and the latest version of Apple Configurator tool any device can be enrolled into the DEP program. DEP devices also give you the option to disallow the removal of MDM management from the iOS & Mac device, thereby by making the DEP program a highly recommended approach for organizations.

By configuring Scalefusion to manage your DEP devices, you can enforce them to become Supervised during the first time they are Unboxed and also enroll into Scalefusion Dashboard.

This document guides on how to setup Scalefusion to manage your DEP devices.

Before You Begin

  1. You would need a corporate DEP account that can be used at https://deploy.apple.com. OR a corporate DEP account that can be used at https://business.apple.com
  2. A valid Scalefusion Dashboard account.
  3. An iOS or a Mac device that is purchased under DEP program.

Video Guide:

Please watch the video for a visual guide on the process.


Steps

Configuring Scalefusion to Manage your DEP devices

The first step is to configure Scalefusion to allow to sync with Apple DEP portal to get your DEP devices and let Apple know that MobiLock will manage those devices. For this the following need to be done.

  1. Login to MobiLock Dashboard.
  2. Navigate to Mission Control > Apple Setup.
  3. Click on the DEP tab.
  4. Click on DOWNLOAD Scalefusion DEP TOKEN. This will download DEPTokenKey.pem file to your Downloads folder or to the folder that you have set as the downloads folder.
  5. Click NEXT.
  6. Depending upon your DEP account click on Legacy DEP Portal  OR Apple Business Manager tabDepending upon the tab, follow the steps below,

  7. Once you have downloaded the Token file from Apple DEP portal, Navigate back to Scalefusion Dashboard. Click Next.
  8. In this screen, upload the file that you downloaded from Apple DEP Portal.
  9. Once you upload the file, click Next
  10. This will complete the process and you can see the details of your organization and the name that you gave in the Apple DEP Portal now under DEP tab.

NOTE: The DEP Token needs to be renewed every year. Click on the RENEW SERVER DEP TOKEN to renew the token.

Assigning Devices to Scalefusion Server

Now that you have setup Scalefusion MDM server to manage your DEP devices, let us assign one device so that you can see how it works. Follow the below steps to manage your existing devices using MobiLock Pro.

  1. Login to https://deploy.apple.com or https://business.apple.com using your Apple credentials.
  2. Once logged in, click on Getting Started next to Device Enrollment Program.
  3. On the left hand side, click on Manage Devices.
  4. You will be shown a page where you can assign devices to an MDM server. You can:
    1. Assign using Serial numbers.
    2. Assign using Order numbers.
    3. Upload a CSV file of Serial and/or Order Numbers.
  5. Enter the Serial number of the iOS or Mac device that you have and have bought under DEP program.
  6. Select Assign Devices from the drop down below.
  7. From the list of servers click Scalefusion (or the name that you gave) and click OK.
  8. Now Login to Scalefusion.
  9. Navigate to Mission Control > Apple Setup > DEP. This page displays the total devices that Scalefusion has synced. 

  10. Click on the number next to Total Devices. You will be shown a page that lists all your DEP devices that Scalefusion has synced with Apple. At this point it will be blank as Scalefusion syncs every 6 hours for new devices.
  11. Click on SYNC NOW to manually sync.
  12. Refresh the page so that you can see the device that you just assigned in Step 5-7.
  13. For all your DEP devices, you can choose a QR Code configuration, so that when these devices are unboxed or hard reset they use this configuration to be automatically setup. Click on CHOOSE and select the QR Code configuration.
  14. Click APPLY.
  15. At this point you are ready to start your device. Depending upon the state of your device, either of the following needs to be done,
    1. For a new iOS or Mac device, Unbox it and start the device. Choose the language and configure a Wifi. The device should show you a Remote Management screen post the initial setup screens.
    2. For an existing iOS device, go to Settings > General > Reset > Reset All Content & Settings. This will reset the device and post the screens where you choose the language and configure a Wifi, the device should show you a Remote Management screen.
    3. For an existing Mac device, please reinstall the Mac OS using  Recovery options (CMD + R) to renroll using DEP method.
  16. Once you see the Remote Management screen, you would have to click Next and the device will be enrolled onto the MobiLock Dashboard.
  17. You can see the status of the newly enrolled device in Scalefusion Dashboard under Devices section.

Managing DEP Supervisioning Settings

For all your DEP devices you can set a group of Supervisioning settings that are applied when the device enrolls to the Dashboard on the first unboxing or after hard reset. To access and change these settings please follow the below steps,

  1. Login to Scalefusion Dashboard.
  2. Navigate to Mission Control > Apple Setup > DEP.
  3. Click on CONFIGURE DEVICE SETUP SETTINGS.
  4. Here you can choose the setup options for a new DEP device.
  5. Please note these settings are ONLY applied when the device is unboxed for the first time or is starting for the first time after a hard reset.

How did we do?