It’s a best practice to enroll corporate owned iOS/iPadOS devices via the Apple Automated Device Enrollment (ADE) program (PKA Device Enrollment Program – DEP). It offers “out of the box” security because the enrollment with the MDM solution will start automatically and the user can’t work around it. Next to automatic device enrollment it makes it possible to set devices in supervised mode, which offers more policy settings to apply and in combination with the Apple Volume Purchase Program (VPP), no Apple ID is required during enrollment and for installing company published applications.
The good news is that this Apple services is free. The company needs to enroll in to the ADE and VPP programs via the Apple Business Manager (ABM). For more information see https://business.apple.com/#enrollment. Once the company is enrolled, devices purchased from that moment on can be automatically added by your authorized Apple reseller to your Apple Business Manager. However, adding devices that have already been purchased takes a little more effort.
In this blog
In this blog I will show you step-by-step how to add already purchased iOS/iPadOS devices to the Apple Business Manager. I will do that in the following steps.
Before you start, keep in mind the following requirements and conditions.
The first step is to create an Enrollment Profile for the Apple Configurator (will be installed later on). Therefore, open a browser and go to the Microsoft Endpoint Manager admin center.
Navigate to Devices > iOS/iPadOS > iOS/iPadOS enrollment and click Apple Configurator
Open the Profiles page and click + Create
Fill in a Name for the profile, and optionally a Description. Click Next.
Select Enroll with user affinity (or without user affinity if you want to use the devices as a kiosk device or something). Set Select where users must authenticate to Company Portal. Click Next.
After creation, open de Profile and click Export Profile. Copy the Profile URL and save it in a Notepad or something. We need this URL later when Configuring the Apple Configurator 2 application.
In this step we going to install the Apple Configurator 2 application from the Apple Store on a device running macOS. Open the Store and search for “Apple Configurator 2”.
After the installation click Open
Click Get Started
The Apple Configurator 2 is now installed on the macOS device.
An internet connection is required on the devices when you add them to the Apple Business Manager via the Apple Configurator 2 application. Therefore, it is recommended to create a Wi-Fi profile so devices will connect automatically during the onboarding process.
If you not configuring a Wi-Fi profile you can still add devices, but you have to connect the device manually to a Wi-Fi network during the onboarding.
To create a Wi-Fi Profile, click File > New Profile
Open the Wi-Fi tab and click on Configure
Fill in the information of the Wi-Fi network, make sure Auto Join is selected and save the profile.
A Blueprint is a template of settings within the Apple Configurator 2 application. Once you have created a Blueprint you can easily apply it to new connected devices. In this step I will show you how to create a blueprint.
Within the Apple Configurator 2 application go to File > New Blueprint
Give the Blueprint a name and open it.
Click the Prepare button
Select Prepare with : Manual Configuration. Make sure only Add to Apple School Manager or Apple Business Manager and Allow devices to pair with other computers is selected as shown in the screenshot above.
Select New Server and click Next
Fill in a name, for example Microsoft Endpoint Manager. In the Host name or URL field copy the MDM link from step one in this blog. Click Next
Select appleconfigurator2.manage.microsoft.com and click Next
Login with your Apple Business Manager admin account.
Select Generate a new supervision identity and click Next
Select Don’t show any of these steps and click Next
Click Choose to select the in step 3 created Wi-Fi profile.
Click Done. The Blueprint is now ready to use.
In this step I will add my old iPhone 8 device to the Apple Business Manager. Connect the iOS/iPadOS device via USB cable to the macOS device.
If the device is correctly connected, it will be shown in the Apple Configurator 2 application.
How click on the Blueprints button and select the just created Blueprint (in this case “Futureworkplace”).
Click Apply (be aware that the device will get a factory reset!)
The device will now be added to the Apple Business Manager.
Within the Apple Business Manager, the new devices will automatically be assigned to “Apple Configurator 2”. This can be changed to the MDM server of Microsoft Intune.
Make sure your sync your Apple Business Manager with Microsoft Intune before enrolling the device.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.