Support for adding any iOS 11 device to Device Enrollment Program (DEP)

Content

In 10.65 release, MaaS360 introduces new workflows to support Apple capability to add any iOS device to a DEP account. By using MaaS360 workflows that is introduced to support Apple ability, you can convert any non-DEP iOS 11+ devices to a DEP account. When the device is DEP enrolled and if you leave the device DEP enrolled for 30 days then device remains DEP enrolled forever.

How to convert non-DEP iOS 11+ device from non-DEP to DEP device?

MaaS360 introduces new non-DEP to DEP conversion URL. Use this URL to download the MDM profile on the iOS device and enroll the DEP converted device to MaaS360. The workflow is supported on iOS 11+ devices and Apple Configurator 2.5 only.

1. From Devices> Enrollments > Other Enrollment Options, select Apple Configurator. Get the URL to enroll the device from MDM Server URL tab. The URL is unique for every customer.  MaaS360 supports following methods to enroll the device:
   >Requires user authentication (Auth URL): Sample URL is https://e43.m.dm/apple/depENroll/30068469
   > No user authentication (NoAuth URL): Sample URL is https://e43.m.dm/depEnroll/30068469/ABCA3C1166133083229260AAF9ECA7

2. Connect the iOS device to a Mac, go to Apple Configurator 2.5 and select All Devices in Apple Configurator.

3. Enable the following options as illustrated in the image and click Prepare. This ensures that device is added to Device Enrollment Program (DEP) and enrollment is successful. User assignment must be done from the portal.

4. Choose MDM Server from the list if you have already added a server, click Next and continue to step 5. If you want to define a new server follow the steps to add a new server.

         How to add a new server?  

          > Select New Sever from the list.

              > Enter the server Name and Host name or URL that is obtained from step 1 (auth  or NoAuth MDM server URL depending upon type of authentication method selected), click Next 

                 and continue to Step 5.

5. Add trust anchor certificates for the MDM server and click Next.

6. Assign the device to an organization that is used to supervise the device from the list, click Next and continue to step 7. If you want to add a new organization, follow the steps to add new organization.

             How to add a new organization?

             > Select New Organization from the list.

             > Sign in to DEP portal by using active DEP credentials.

                 > Verify your identity and enter the verification code that is sent to the mobile number associated with your organization. On successful verification, the new organization is added to

                     Apple Configurator. Continue to step 7.

7. Configure iOS Setup Assistant as needed. Choose from the options whether to show all steps, only some steps, or do not show any of these steps for further configuration and click Next.
   Option Show only some steps is selected in the illustrated image.
   Note: Based on the setup assistant configurations that is selected here, you see the same setup steps on the device for further configuration after successful DEP device enrollment.

8. Choose Network Profile (.mobileconfig file) to download the MDM profile and click Next.
   Note: Configure network profile Wi-Fi setting in order to achieve streamlined enrollment experience. Failing to configure network profile may result in configuring Wi-Fi profile manually in each device for enrollment  completion.

9.   Enter User Name and Password for Automated Enrollment Credentials to use when enrolling in the MDM server. 

                > In case of Auth URL enrollment, ensure that username and password is added else Apple Configurator prompts you to add the same to authenticate the user. User credentials can

                 be AD, LDAP, or local user. 

                >In case of no auth MDM server URL method, it is optional to enter user credentials.

10. Click Prepare.
11. Enter password to sign in to DEP with DEP account credentials.

On preparing the device,

• The device is being added to DEP portal
• The profile is downloaded from MaaS360 portal and device is configured by using this profile.

In case of MDM Server Auth URL,Apple Configurator prompts for user credentials. Provide valid user credentials to authenticate and complete the enrollment. In case of MDM server no auth URL, enrollment is complete and you are not prompted for user credentials.

Viewing an example of iPad device that is converted from non-DEP to DEP by using MaaS360 workflow

Viewing an example of iPad device that is enrolled by using DEP URL in the DEP portal

How to remove device from DEP enrollment?

Once the device is DEP enrolled, on the device, click Leave Remote Management to remove device from DEP enrollment. You are provided with this option up to 30 days from the time of adding the device to DEP.