Apple recently announced a whole new way to enroll devices in MDM, and in doing so, they removed several of the roadblocks that have long plagued MDM admins. Apple’s new Device Enrollment Program (DEP) allows administrators to enroll devices in Systems Manager without ever touching them. In fact, devices can be enrolled right when they are purchased and arrive in users’ hands with Systems Manager as part of the initial setup process. Along with this functionality, comes more control for MDM administrators, most notably, the ability to prevent users from removing the Systems Manager profile from a device. Cisco Meraki Systems Manager lets admins take advantage of these enhancements right away.
Setting up the Device Enrollment Program
First, create an account with Apple’s Device Enrollment Program. Add devices to the program by their serial number or Apple purchase order number. Next, configure Systems Manager to communicate with the Apple DEP by navigating to Organization > Settings > Apple Device Enrollment Program. Systems Manager will then automatically populate the MDM>DEP tab in the dashboard with participating devices.
MDM > DEP tab with a single device on the Meraki Corp – Systems Manager network
Systems Manager DEP
With Systems Manager, administrators can configure every detail of the new device setup process, such as which screens appear on startup, and if installing the Systems Manager profile is mandatory or not. Not only can the setup process be streamlined for this one device, but for all of your MDM managed devices in just a few clicks.
Configure initial setup settings for DEP managed devices such as allowing the device to be paired and specifying which setup pages to skip (Siri and diagnostics are skipped above).
Now when the Apple device arrives in the end users hands, the initial setup is configured for that organizations specific needs including apple configurator supervision, MDM profile setup, and more.
During setup, the iPad prompts the user to install the Systems Manager profile with no intervention from the administrator and no Apple ID or passwords required.
Non-removable MDM profile
Not only can the administrator require that the SM profile be installed on setup, but they can also prevent the profile from being removed. This is a huge departure from previous management capabilities that left even company or school-owned devices at the mercy of the end user.
Systems Manager MDM management profile installed on the iPad with no option for removal
Systems Manager DEP enables an enhanced level of device management for administrators and it is available today in the dashboard. Brand new Apple devices, as well as those purchased directly from Apple in the last 3 years, are eligible for the Device Enrollment Program. As soon as your products are enrolled, admins can start prompting fresh installs for DEP devices.