Category filter
Apple DEP Management
The Device Enrollment Program (DEP) in Apple Business Manager (ABM) enables the automatic deployment of your corporate Apple devices. Once a device is activated, it is immediately configured, eliminating the need for the IT team to configure it physically. The following documentation shall explain how to use Apple Business Manager with Hexnode.
Device Enrollment Program Settings
The following steps are to be followed to integrate Hexnode with Apple Business Manager for device enrollment.
- Go to Enroll > All Enrollments > No-Touch > Apple Business / School Manager.
- Create a DEP Account and download the certificate file.
Here a DEP token is required which is to be uploaded to the portal.
Follow the steps below to download a server token:
-
- Log in to Apple Business Manager page.
- Click your name at the bottom left of the screen, and go to Preferences > MDM server assignment.
- Click on Add MDM Server button and name the server.
- Upload the public key obtained from the MDM console while setting up the DEP and click Save.
- Click on Download Token.
- Log in to the Hexnode portal. Upload the downloaded server token and click on Next and Finish.
Renew the DEP Token
Apple DEP tokens need to be renewed every year. Therefore, renew the DEP token before the previous one expires.
Pre-approve DEP synced devices
To add DEP devices as Pre-approved devices, check the option Add as Pre-approved Device under DEP Settings.
Apple DEP Devices
The DEP device tab, by default, contains the list of devices enrolled under DEP. The list would include information such as the serial number, model along with the DEP profiles applied to the device, if any.
Associate profiles with devices
- Select the device.
- Click on the Associate DEP Profile button at the top. The following window pops up.
- Search for the profile you want to associate to the device and then click on Assign.
Sync with Apple Device Enrollment Program
To import devices enrolled in the configured Apple DEP account to the Hexnode portal you have to initiate a DEP sync.
Go to Enroll > All Enrollments > No-Touch > Apple Business/School Manager > DEP Devices > Sync with DEP.
DEP Configuration Profiles
This page lists all the existing DEP profiles.
View the details of any profile
- Click on the name of the profile.
- The following screen pops up with detailed information about the profile.
You can also edit the profile on this page and save it again.
Add a new profile
- Click on Configure DEP Profile.
- Fill out all the necessary fields and click on Save.
Here is the description of the configuration parameters for the DEP profile.
- Display name– A friendly name of the policy.
- Department– Name of the department to which the devices are assigned.
- Support Email Address– An email address for the users to request support during setup.
- Support Phone Number– Contact number for users if they need help during setup.
- Enroll Devices in MDM– Enabling this option prevents users from bypassing “Remote Management” during initial device setup screen.
- Allow MDM Profile Removal– Check this to make the profile removable after device enrollment. If disabled, users will be blocked from manually removing the MDM profile from the device.
- Enable Supervision– Check this to make the device supervised upon enrollment.
- Allow iTunes pairing– Check this option to allow users to sync their devices with iTunes. Disabling this option will prevent every iTunes related actions. To re-enable it, the device will have to be wiped and re-enrolled.
- Allow Shared Devices– Check this box to enable multiple users to share Apple School Manager deployed devices.
- Enable Hexnode UI for Authentication– If disabled, the device management has to be set up from Apple’s default Remote Management set up wizard. If enabled, users will be redirected to the Hexnode’s default enrollment window. Users shall read and agree to the Hexnode EULA terms from here before proceeding with the enrollment. This feature is supported on iOS 13+ and macOS 10.15 or later devices. The enrollment authentication settings (Authentication Modes) configured in the Enroll > Settings tab will take effect when this option is enabled, irrespective of the User Authentication configurations in the DEP Account and the Enrollment authentication settings in the DEP Configuration Profile.
- Enrollment authentication settings– Choose the authentication method to be used for enrollment. The following options are available,
- Use Global Authentication Settings – When this option is selected, the authentication settings configured in Enroll > Settings > Authentication Modes are considered.
- No authentication – When selected, the admin must choose the Domain and Default user to which the device should be assigned to.
- Configure user accounts– Check this to create an ‘Administrator’ user in Mac devices.
- Don’t show the selected steps– With Hexnode you can have a customized setup experience for your ABM enrolled devices. Check the boxes corresponding to steps that you want to avoid during Apple devices’ setup.
Available options
SetUp Assistant Options | Supported versions | Description |
---|---|---|
Apple ID |
|
Skip Apple ID setup. |
Biometric |
|
Skip biometric setup. |
True Tone Display |
|
Skip True Tone Display pane. |
Apple Pay |
|
Skip Apple Pay setup. |
Restore |
|
Disable restoring from backup. |
Screen Time |
|
Skip the Screen Time pane. |
Appearance |
|
Skip the Choose Your Look window. |
Diagnostics |
|
Skip sending diagnostic information to Apple. |
Location Services |
|
Skip setting up Location Services. |
Privacy |
|
Skips the privacy pane. |
Siri |
|
Disable users from configuring Siri. |
Terms and Conditions |
|
Hide terms and conditions from the user. |
SetUp Assistant Options | Supported versions | Description |
---|---|---|
Move from Android | iOS 9.0+ | Remove Move from Android option from the Restore pane. |
Keyboard | iOS 11.0+ | Skip the Keyboard pane. |
Watch Migration | iOS 11.0+ | Skip the screen for watch migration. |
iMessage and Face Time | iOS 12.0+ | Skip the iMessage and FaceTime screen. |
Passcode | iOS 7.0+ | Hides and disables the passcode pane. |
SIM Setup | iOS 12.0+ | Skip the add cellular plan pane. |
Onboarding | iOS 11.0+ | Skip on-boarding informational screens. |
Software Update | iOS 12.0+ | Skip the mandatory software update screen. |
Home Button Sensitivity | iOS 10.0+ | Skip the Home Button screen. |
Device to Device Migration | iOS 13.0+ | Skip Device to Device Migration pane. |
Zoom | iOS 8.3+ | Skip the Zoom pane which shows larger text and controls. |
Welcome/Get Started | iOS 13.0+ | Skip the Get Started pane. |
SetUp Assistant Options | Supported versions | Description |
---|---|---|
FileVault | macOS 10.10+ | Disable FileVault Setup Assistant screen. |
iCloud Storage | macOS 10.13.4+ | Skip iCloud Documents and Desktop screen. |
iCloud Analytics | macOS 10.12.4+ | Skip the iCloud Analytics screen. |
Registration | macOS 10.9+ | Prevent users from filling out the registration form and send it to Apple. |
SetUp Assistant Options | Supported versions | Description |
---|---|---|
Screen Saver | tvOS 10.2+ | Skip setting up screen saver. |
TV Home Screen Sync | tvOS 11.0+ | Skip TV home screen layout sync screen. |
Where is this Apple TV? | tvOS 11.4+ | Prevent user from selecting the room for the Apple TV. |
Set up your Apple TV | tvOS 10.2+ | Prevent users from configuring their Apple TV. |
Sign In to your TV provider | tvOS 11.0+ | Skip the TV provider sign in screen. |
DEP Enrollment
If you have a non-activated device, start setting it up and get it connected to the internet. If you have an already activated device, reset the device to its factory settings and then activate it. Once it is connected to the internet, the user will be prompted to enable remote management for the device. This will enable MDM administration on the device. Note that the user can bypass this process if “Enroll Devices in MDM” is not enabled on the DEP Configuration Profile.
Multiple DEP Account Management
You can configure multiple DEP accounts in Hexnode. So, even if your Apple devices are registered to different DEP accounts, you can enroll them in Hexnode by configuring all the DEP accounts in the Hexnode portal.
To configure multiple DEP accounts,
- Go to Enroll > All Enrollments > No Touch > Apple Business/School Manager > DEP Accounts.
- Click on Add DEP Account.
- Follow the same procedure to complete the configuration.
To sync all DEP accounts to Hexnode, click on Sync all DEP accounts. This would automatically import all the devices associated with the DEP accounts to Hexnode.