In order to enroll devices with Apple's DEP you'll need to handle a few account setup pieces such as getting approved by Apple for DEP, connecting your DEP account with Moki and then specify the enrollment process for your DEP devices. Follow these steps below to continue enrolling devices.
Step 1 - Sign up for DEP with Apple
Step 2 - Link your DEP account and Moki
Once you are signed up with DEP follow these steps to connect your DEP account with Moki. Connect Moki and your DEP account
- Login to Moki
- Click your account name in the top right and select Account Settings
- Scroll down to DEP Setup and click Download in step 1
- Click the link in step 2 for deploy.apple.com and login to your apple DEP account
- Click on Device Enrollment Program
- Click on Add MDM Server on the right
- Give the server a name and hit Next
- Click Choose File and select the file you downloaded from Moki (cert.pem) and click Next
- Click Your Server Token to download the file and hit Done
- Go back to Moki and hit the Upload button in step 3
- Select the file you downloaded from Apple (.p7m file)
- When you refresh the page you will see checkmarks if the process was completed successfully
Step 3 - Register device serial numbers with DEP and Moki
- In your DEP account click on Manage Devices
- Enter the serial number(s) of the devices you purchased with DEP, separated by commas or upload the CSV file Apple gave you
- Under Choose Action select Assign to Server, select the MDM server you created earlier and hit Ok
- Go back to Moki and click on the Enroll tab and copy an existing enrollment code, or, hit the + button, select iOS and create a new one (then copy the 7 character enrollment code)
- Click on the DEP tab in the top navigation and select Profiles
- Click the New Profile button
- Give the profile a name, paste in the Enrollment Code and choose the options you want the device to go through when it starts up. Anything you skip will turn that option OFF so make sure you do not skip location, then hit Save. The new profile will show up under the New Profile button
- Click the Devices tab that is within the DEP Window, next to the Profiles tab
- Click the Sync DEP Devices button, in a few minutes the devices you uploaded into Apple will populate in this list. You may need to refresh your browser window.
- Now you need to assign the profile you created to your devices. To do this select all your devices, then click the drop down that says Add Profile, select your profile and hit Yes
Step 4 - Enroll the device
This is the simple part, simply turn the device on and go through the start up screens. You'll be told that the device will be configured into your account. All the apps, profiles and tags associated with the enroll code you associated with the DEP profile will be installed on the device. If the device has already gone through the start up screens you'll need to do a complete factory reset and erase all content and settings for the device to go through the enroll process. Repeat this process on each new device. When the device has completed the enrollment you can go to the Devices tab in Moki and it will be listed.
Step 5 - Lock down the device
As mentioned in the previous article when talking about the benefits of DEP there are a few options for locking down the device. Choose the scenario that best suits your needs.
- App Lock - Locks the device down to one app through use of a profile installed on the device. This works with any app, be it store, enterprise or B2B. The profile will launch the app and cause it to be launched whenever the device restarts. Removal of the profile is only possible with a command sent from Moki, inconvenient if network connection is lost with the device. For this reason we recommend a backup WiFi profile placed on the device that you can set a hot spot to. By default your account comes preloaded with an App Lock profile for MokiTouch 2 so you can skip to Step 6 below. If you are not using MokiTouch 2 then learn how to setup and apply an App Lock profile.
- SAM - Once an app is open, lock and unlock the device to that app through a command from Moki or by an action from within the app. To use this feature, the app has to have the SAM code integrated and a custom action created in Moki. See here for documentation on SAM integration. MokiTouch 2 is already configured for SAM. The biggest advantage of SAM is that it allows you to remove it locally on the device, convenient if network connection is lost. Learn how to enter and exit SAM.
- Whitelist/Blacklist certain apps - Allow or disallow specific apps on the home screen. This works for all apps except the Settings app, it stays. Set these apps in the Restrictions profile and apply it to your device. Learn how to setup a whitelist or blacklist