Definition

Apple Automated Device Enrollment

What is Apple Automated Device Enrollment?

The Apple Automated Device Enrollment program, formerly known as the Device Enrollment Program (DEP), is a device enrollment service that's included with Apple Business Manager (ABM) and Apple School Manager (ASM). Automated Device Enrollment streamlines the process of enrolling organization-owned Apple devices into a mobile device management (MDM) platform. The program also simplifies the initial setup configuration tasks that are an integral part of the enrollment process.

Only organizations in supported countries or regions can use Apple Business Manager or Apple School Manager and therefore take advantage of Automated Device Enrollment. These organizations must also purchase their Apple devices directly from Apple, an Apple authorized reseller or an approved cellular carrier. User-owned Apple devices are not eligible for the Automated Device Enrollment program.

It is possible for an organization to include devices in the Automated Device Enrollment program that were not purchased through the regular outlets, such as devices that have been donated to an organization, but adding these devices requires the organization to take additional steps, which include the use of Apple Configurator. IT teams should refer to Apple's documentation about how to include these types of devices.

Although the Automated Device Enrollment program supports a wide range of Apple devices, it is limited to the following Apple products:

  • MacOS computers with macOS Mavericks 10.9 or later.
  • IOS devices with iOS 7 or later.
  • IPadOS devices.
  • TvOS devices (4th generation or later) with tvOS 10.2 or later.

Automated Device Enrollment makes it possible to configure and manage organization-owned Apple devices as soon as users take them out of the boxes and turn them on. IT teams do not need to physically manage inventory or even touch the devices.

Diagram of three common enrollment processes for Apple devices.
Apple offers three enrollment processes for Apple devices depending on whether the device is corporate-owned or personally owned. And ownership affects the type of configuration options available.

How does Automated Device Enrollment work?

With Automated Device Enrollment, IT teams can enroll their organization's Apple devices into their MDM platforms and configure a variety of settings related to the enrollment process. For example, they can require credentials for enrollment, set the language and region, provide a configuration URL, prevent users from unenrolling their devices, or specify which Setup Assistant panes to skip.

To use Automated Device Enrollment, an organization must take several steps:

  1. Set up an ABM or ASM account if one doesn't already exist.
  2. After Apple has approved the account, use the ABM or ASM web portal to register the organization's purchased Apple devices.
  3. Use the same portal to register the organization's MDM platform. Be sure that the platform supports Automated Device Enrollment.
  4. From the MDM platform, download the public key certificate for the MDM server and upload it to the ABM or ASM service.
  5. From the ABM or ASM portal, download the MDM server token and upload it to the MDM platform.
  6. At the ABM or ASM portal, assign the purchased devices to the registered MDM platform.

These steps provide only a high-level overview of the process used to register Apple devices in the Automated Device Enrollment program. IT teams should refer to the ABM or ASM documentation, as well as to the MDM's documentation, when setting up Automatic Device Enrollment for Apple devices to ensure a smooth enrollment process.

When an organization purchases devices that will use Automatic Device Enrollment, IT can ship the devices directly to users, eliminating the need for administrators to unpack and configure each device manually. The only requirement is that the devices have internet access so they can receive the initial configuration information.

As soon as a user powers up a managed device, the device will connect to the MDM server registered with the ABM or ASM service. The user is then prompted to interact with the Setup Assistant panes. The exact panes shown in Setup Assistant depend on how the enrollment profile has been configured on the MDM platform. In some cases, an IT team will configure the enrollment profile to skip all Setup Assistant panes.

Once the setup process is complete, the user's device is automatically enrolled with the MDM server, which then applies the applicable configurations and apps to the device. Administrators can then use the MDM platform to manage the Apple devices going forward.

Learn all about enterprise mobility management and unified endpoint management. Compare iPhone vs. Android for business and iPhone vs. Android privacy for employee devices. See how to detect and remove malware from an iPhone and how to perform a full remote wipe on an iPhone. Check out key Apple-native macOS security features for administrators and how to use the Apple Rapid Security Response updates.

This was last updated in December 2023

Continue Reading About Apple Automated Device Enrollment

Dig Deeper on Mobile operating systems and devices