Apple DEP faces new device provisioning competition
The Apple Device Enrollment Program is well-established, and now, Microsoft and Google have their own zero-touch device provisioning services for Android and Windows.
MINNEAPOLIS -- New Android and Windows provisioning programs aim to simplify device configuration, but they won't move the needle among IT pros who choose Apple for its ease of deployment.
Zero-touch provisioning aims to help IT by eliminating the need to manually configure and enroll newly purchased devices in enterprise mobility management (EMM) software. Google and Microsoft launched programs for Android and Windows, respectively, earlier this year, but they have some limitations compared to the established Apple Device Enrollment Program (DEP).
"With DEP, I don't have to sit there and monitor the device and baby it," said Collin Van Meter, Mac administrator at Southern Illinois University (SIU) Edwardsville, which offers Macs to users in computer labs. "I don't have to spend two weeks building a profile anymore."
Van Meter and other attendees here at Jamf Nation, Jamf Software's annual user conference, discussed the pros and cons of the Apple DEP and how the new options for Android and Windows compare.
Google, Windows test the provisioning waters
With zero-touch provisioning programs, IT pros and end users don't have to waste time manually configuring and enrolling devices in EMM. Users simply sign into their device and are up and running.
Apple has offered zero-touch provisioning through DEP since 2014. Administrators use an online service to preconfigure settings and applications and choose what EMM platform they want the devices automatically enrolled in. The Apple DEP supports all macOS and iOS devices and EMM products, including Jamf.
"It's slick," said Bobby Tishaw, CIO at Comprehensive Pain Specialists, a Jamf shop in Franklin, Tenn. "You set it up once, and you don't need to manage it after that."
Google added zero-touch device provisioning to Android in September. Like Apple's DEP, it allows IT to configure devices through a portal at the time of purchase. But the program is only available for Google Pixel, Huawei Mate 10 and Sony Xperia XZ1 devices, with support for other manufacturers' devices coming later, Google said. Plus, while EMM vendors BlackBerry, IBM, MobileIron, Soti and VMware support Android's program, Microsoft and Citrix do not as of now.
It seems like Android's is really in its infancy.
Maracus Scottapplication support technician at SIU Edwardsville
"It seems like Android's is really in its infancy," said Maracus Scott, application support technician at SIU Edwardsville. "It's very limited devices, and it's only phones."
Microsoft also launched its program, Windows AutoPilot, in September. It allows IT to preconfigure Windows devices through the Windows Store for Business, but it is all cloud-based. It requires devices to have access to the Azure portal, as well as an Azure Active Directory Premium subscription, in addition to being on the Windows 10 Creators Update or Fall Creators Update. AutoPilot supports all EMM products, Microsoft said.
When Scott was deciding which mobile devices to adopt for his school, the DEP was a big factor in selecting Apple, he said.
"There was nothing else I could use to control the device without touching it," he said. "Apple was the first to have that. When I first looked at DEP, I thought, 'This is a game-changer,' and wondered when this would happen for Android."
The idea of other operating systems providing zero-touch provisioning is an enticing prospect, Scott added.
"It took everybody else so long, but maybe that's now another opportunity to research and look at," he said. "I'll probably try out Android's when they're truly ready."
IT on board with zero-touch
At Comprehensive Pain Specialists, the ability to remotely configure devices through the Apple DEP was helpful, because the company has many different sites.
"We were spending a lot of time and money shipping devices back and forth to reimage before," Tishaw said.
And at SIU Edwardsville, one of the main benefits of DEP is it allows IT to sidestep Apple's activation lock. Typically, only a single Apple ID can access a given device. But under the DEP, users can activate a device using their own Apple ID, return it to IT later, and IT can then wipe and image the device for another user with their own unique Apple ID.
This approach allows the university to provide teachers and students with iOS devices for single semesters. DEP also lets IT remotely lock a device if a student doesn't return it or send reminder notifications letting a user know he must bring the device back.
One issue the university runs into with DEP occasionally is Apple, in typical fashion, sometimes makes changes without giving much notice to customers, because it so tightly controls its own ecosystem, Van Meter and Scott said.
SAP, which uses the DEP to configure Macs and iOS devices for its employees, ran into another problem with the program initially. Until iOS 11, DEP didn't support devices that organizations purchased from third parties. Now, however, SAP can enroll devices not purchased from Apple. An added benefit is IT can place DEP devices in Supervised Mode, which has additional management and security capabilities, said Martin Lang, SAP's head of enterprise mobility services for internal IT.
Next Steps
What IT really wants out of Apple device enrollment program
