Manually Add Devices to DEP with Apple Configurator
This article explains how to manually add existing devices to Apple Business Manager (formerly Apple Device Enrollment Program) using Apple Configurator. Apple Configurator is a free app in the Mac App Store. If you are using Apple School Manager, the instructions are the same.
Note: at the time of writing this, the version of Apple Configurator used was 2.10. The layout and/or exact steps for this process may change slightly over time, but the concepts should be similar.
1. Plug your iOS device into a Mac running Apple Configurator.
2. Select the device in Apple Configurator and click "Prepare".
3. Select 'Manual Configuration'. Make sure that 'Add to Device Enrollment Program' is checked.
Checking 'Activate and complete enrollment' will cause Apple Configurator to try and enroll the device in MDM via a specified URL. Check this if you wish to enroll the device in MDM via Apple Configurator in addition to adding the device to ABM. If you do not wish to enroll the device via Configurator at this time, do not check this. For this demonstration, we will be performing this step.
4. On the 'Enroll in MDM Server' screen, select 'New Server' if you have not done this before.
5. Give the enrollment a name. Copy a Group Enrollment URL generated from your MDM account and paste it in 'Host name or URL' field. Be sure that you are using a Group Enrollment URL and not a One Time Enrollment URL. The first three steps in this article explain how to generate an enrollment URL in SimpleMDM.
6. If you have not already created an organization profile, select 'New Organization' and click 'Next'.
7. You will be prompted to enter your credentials from Apple Business Manager. This should be the same Apple ID and password that you use to login to Apple Business Manager.
8. You will be asked whether you want to choose a supervision identity or generate a new one. If you haven't done this before, generate a new one.
9. Configure Setup Assistant. On this step, select which setup screens you want to be shown to the user when setting up the device.
10. Choose a network profile. This allows the device to connect to WiFi during the initial setup. If you haven't yet created a WiFi profile, click 'File', select 'New Profile', then create a new WiFi network profile via Apple Configurator.
11. Optional: enter your network authentication credentials. This is only necessary if you have specifically configured authentication for your MDM enrollments. Authentication does not exist by default, so this will not be necessary for most new users.
12. If your device has already been setup previously (meaning it is not brand new), you will need to erase the device to add it to ABM and enroll it in MDM. You will be prompted by Apple Configurator to erase it.
13. You should see the physical device reboot and initialize showing the setup screens. Follow the remaining prompts on the device to complete the setup/enrollment. If the device was erased, you will need to manually connect it to WiFi.
Assuming it is successful, the device should be added to Apple Business Manager and assigned to a server named 'Devices added by Apple Configurator' or something similar. In order to enroll a device in MDM via automated enrollment, you will need to re-assign this device to the server linked to SimpleMDM.
1. If, in step #3 above, you chose not to complete enrollment through Configurator, you will need to complete the following steps to initiate automated enrollment in MDM:
- Login to your Apple Business Manager account.
- Re-assign the device serial number to the server you have linked to your MDM account.
- In SimpleMDM, go to the Automated Enrollment page and click 'Sync with Apple'.
- Erase the device to trigger the enrollment.
- When the device reboots after being erased, you will need to manually connect it to WiFi in order to complete the enrollment.
2. Devices added to Apple Business Manager manually via Apple Configurator and enrolled in MDM will still allow the MDM profile to be manually removed for 30 days after enrollment. As long as the device is not unenrolled at any point during the first 30 days, the profile will become unremovable and users will not be able to manually remove MDM from devices.