Adding iOS 11+ devices to Device Enrollment Program (DEP) with Apple Configurator

With iOS 11, Apple provided a way to enroll devices into your Device Enrollment Program (DEP) by using Apple Configurator 2.5 app. Previously, only devices purchased directly from Apple or an authorized re-seller could be used on the Device Enrollment Program (DEP); now with Apple Configurator and iOS 11+ devices, you can move any non-DEP devices into an existing DEP account.

 

Pre-requisites:

  • Device with iOS 11 or higher
  • Mac computer with macOS 10.12.5 or higher
  • Apple Configurator 2.5 or higher
  • Apple Business Manager account with permissions to manage devices
  • Setup and connect your DEP configuration with Moki. Follow this link if you have not done so:

Setup DEP & VPP with Moki

 

Step One: Create a Wi-Fi profile

In Apple Configurator 2 go to File menu and click on New Profile

Select Wi-Fi from the left column and click Configure to start.

Fill out all the necessary info about your Wi-Fi connection and click File, Save...

Assign a file name and save it to your Desktop or any other path that you can easily reference later.

 

 

Step Two: Create a new Organization and Supervision identity

Click Apple Configurator 2 menu and select Preferences...

Click on Organizations and select the + sign to create a new organization

Click Next to continue

Enter your Apple id that was used to set up your DEP configuration in Apple Business Manager and press Next

Fill in the form with the information about your organization and press Next button

Select Generate a new supervision identity and click Done

Enter the credentials you use to access your Mac computer and click the Update Settings button

You will see your new Organization and its corresponding Supervision identity

 

Step Three: Create an entry for Moki MDM server

Go to Apple Configurator 2 menu and select Preferences...

Click on Servers section and press the + sign to create a new server

Press the Next button to continue defining an MDM server

Enter a name for your MDM server and type in the following URL replacing the enrollment code with a valid DEP enrollment code you have created previously (click this link for more information), and press Next to continue.

https://mokimanage.appspot.com/MDMServiceConfig?enrollCode=your_enroll_code

After fetching your data, the MDM server will show up on the list

If you click the Edit button you will see the Trust certificates that were fetched from your MDM configuration. 

 

Step Four: Prepare the device using Apple Configurator

Connect your iOS device to your Mac computer using a USB lightning cable. 

If prompted, go ahead and tell the device to trust the computer.

 

Open Apple Configurator 2.5 or newer and make sure the device is displayed and it is not currently supervised.

Click the device to select it and then right-click over it and choose Prepare... or go to Actions menu and choose Prepare...

Select Manual Configuration and check the boxes "Add to Device Enrollment Program" and "Allow devices to pair with other computers". Click Next to continue.

Make sure that your MDM server created in previous steps is selected and click Next

Choose the organization created in previous steps and click Next 

The "Configure iOS Setup Assistant" will show up; however, these options do not take into effect because when the device is enrolled in DEP it will take you to the settings to define in your DEP Moki enroll profile. Click Next to continue.

Press the Choose button and select the Wi-Fi profile that you created earlier, then click the Prepare button.

If the device has been prepared previously, click the Erase button

 

The preparing process will commence and the device screen will turn black and then the Apple logo will appear. It is possible, that might happen a couple of times.

 

You will see how the status changes from "Downloading activation record for the device" to "Activating iOS on the device"

At this time the device will be on the "Hello" screen but it is very important that you

If you are prompted to enter your DEP credentials go ahead and type those in along with your verification code 

In the top right corner of the device, you will see 2 rotating arrows, 

that means it is connecting and running through the rest of the process. Again, it is very important that   until we see it finished in Apple Configurator

Once the arrows stop spinning, the device will reboot one more time and you will see the Apple logo again on the device's screen. When the Prepare process is complete, you will see the status messages disappear from Apple Configurator and a screen like this:

With the iPad in the "Hello" screen, select it on Apple Configurator and right-click on it to choose Add -> Profiles...

Select the Wi-Fi profile you created in previous steps and press Add

You will see the "Downloading activation record" for the device message and "Activating iOS on the device"

On your iPad, you will see the WiFi symbol that indicates that is connected to your wireless network

Now it is time to press the "Home" button and run through the enrollment process with DEP

"Select your Country or Region" on your device and then the iPad will start retrieving its configuration

The "Remote Management" screen will appear to let you know that the device will be remotely managed by Moki

You will be asked to Agree with Apple's "Terms and Conditions"

If prompted, select "Enable Location Services"

The setup process and DEP enroll will finish, and the iPad will be completely installed.

To verify the device was enrolled in DEP and managed by Moki you can go to the General settings on your iPad and tap on "Device Management"

Your iPad will show the enrollment profile used for the DEP process

Congratulations! your device is now added to DEP and managed by Moki. There are some steps remain that you need to do to assign this device to your correct MDM server in the "Apple Business Manager" portal.

Go to your Moki dashboard for iOS and make sure that the newly enrolled devices are listed in your "Devices" list

Log into "Apple Business Manager" portal with your Apple Id and password

Go to Settings located on the bottom of your left column and click on Apple Configurator 2 under "MDM Servers" section. To confirm that your device's serial number is listed there you need to download a CSV file containing the serial number of the devices added to DEP through Apple Configurator

Confirm that your device's serial number is in this list

Go to Device Assignments menu and copy and paste your recent device's serial number that was added to DEP. Then, select "Assign to Server" under "Perform Action" and your "MDM Server"

 

Click Done and you will get confirmation of the successful assignment

The newly enrolled device will be part of the assigned MDM server and the Apple Configurator 2 section will show the adjustment as well.

Go back to your Moki dashboard, open the DEP (Beta) tab and confirm that the new DEP device is listed there.

Finally, you might want to assign the Moki DEP profile you want this device to have every time it is the Factory reset