Enrollment of Apple devices through ADE

ADE or Automated Device Enrollment (previously known as Device Enrollment Program or DEP) is Apple’s enrollment method to enroll organization-owned Apple devices into MDM. ADE follows a zero-touch approach for setting up and pre-configuring devices, allowing Apple devices to be automatically enrolled in the MDM as soon as they are powered on for the first time. This is made possible by leveraging the capabilities of Apple Business Manager (ABM) or Apple School Manager (ASM).

Apple Business Manager is a web-based platform designed to integrate with MDM systems, enabling efficient management and deployment of Apple devices within your organization. Apple has combined the capabilities of ADE and the legacy VPP (Volume Purchase Program) into ABM, streamlining device and app management. Apple also has Apple School Manager (ASM) to manage devices in an educational institution.

ABM helps in deploying devices in bulk by automatically applying settings and configurations upon the initial device start-up, making it ready for use right out of the box. Over-the-air supervision of devices is possible only if these devices are enrolled in ABM. ABM provides a unified interface to enroll and supervise enterprise-owned Apple devices. ABM requires an MDM solution to supervise it remotely.

Configuring ADE with Hexnode

1. Log in to your Hexnode portal.
2. Go to Enroll > Platform – Specific > iOS/macOS/tvOS >Apple Business/School Manager.
Note:


You can also configure ADE with Hexnode from Admin > Apple Business/School Manager > Automated Device Enrollment.


3. Click Next.
4. Enter a name for the ADE account and download the certificate file.
5. Go to Apple Business Manager and sign in to your account.
6. Click on the account name at the bottom of the left side panel and navigate to Preferences.
7. Click Add.
8. Provide an MDM Server Name and upload the Certificate file you downloaded in Step 4.
9. Click on Save.
10. Then, click Download MDM Server Token to download a new server token. After downloading the token, you’ll need to upload it to the Hexnode server.
11. Go back to the MDM ADE settings page and upload the token you have just downloaded. Then, configure the below options:
    • Add as Pre-approved device: Enable this option to add the ADE devices as pre-approved devices.
    • Default Configuration Profile: Select an already created ADE enrollment profile, or you can also create a new enrollment profile.
      Note:

      
      To view or edit any created enrollment profiles, either go to Enroll > Platform–Specific > iOS/macOS/tvOS >Apple Business/School Manager > Enrollment Profiles or Admin > Apple Business/School Manager > Automated Device Enrollment > Enrollment Profiles.
      

Assign devices to the Hexnode server

Perform the following steps to assign the ADE devices to the MDM server:

1. Log in to your Apple Business Manager account.
2. Click Devices. Search and select the required devices from the list. You can filter devices based on their source, order numbers, device types, etc.
3. On the top-right portion of the screen, click on the horizontal ellipsis button. Then, click on Edit MDM Server.
4. Next, click on Assign to the following MDM option and select the MDM server to assign the devices to that server.

What happens at the device end?

The configuration settings associated with the device are deployed as soon as the device starts up. Once the user turns on the device, the Apple server pushes the ADE enrollment profile associated with the device. It initiates device enrollment. For devices already in use, these configurations will be applied after the factory reset. Thus, you have to perform a factory reset on an already activated device to get it enrolled in MDM.

Troubleshooting tips

• Common errors while enrolling iOS devices in Hexnode UEM.
• Common errors while enrolling in Apple Business Manager.