- Deploying iOS Devices Through Apple DEP
You need an Apple Developer Enterprise Program (DEP) account to be able to take advantage of the Apple DEP for IOS device enrollment and management in XenMobile. The main requirements for organizations to sign up for the Apple DEP are as follows.
For more information about Apple DEP details, see this PDF from Apple. It is important to highlight that Apple DEP is available for organizations and not individuals. It is also important to be aware that a fair amount of corporate details and information needs to be provided to create an Apple DEP account, which means it could take time for customers to request and receive approval for their accounts.
When applying for a DEP account, the best practice is to use an email address that is tied to the organization, such as email@example.com.
1. After you enter your organization information, you should receive a temporary password for the new Apple ID through email.
2. You then sign in with the Apple ID and complete the security settings for the account.
3. Configure and enable two-step verification, which is required for use with the DEP Portal. During these steps, you add a phone number where you will receive the 4-digit PIN for the two-step verification.
4. Log in to the DEP Portal to complete the account configuration using the two-step verification that you just set up.
5. Add your company details and then select from where you purchase devices. For details on purchasing options, see the next section, Ordering DEP-enabled devices.
6. Add the Apple Customer Number or the DEP Reseller ID and then verify your enrollment details and wait for Apple to approve your account.
7. After you receive your logon credentials from Apple, log into the Apple DEP Portal. Then, follow the steps in the next section to connect your account with XenMobile.
Follow the steps in this section to connect your Apple DEP account with your XenMobile server deployment.
1. On the left-hand side of the Apple DEP Portal, click Device Enrollment Program.
2. Click Manage Servers and then on the right-hand side, click Add MDM Server.
3. In Add MDM Server, enter a name for your XenMobile server and then click Next.
4. Upload a public key from your XenMobile server. To generate the key from XenMobile, do the following:
a. Log on to the XenMobile console, click Configure, click Settings and then under More, click iOS Bulk Enrollment.
b. On the iOS Bulk Enrollment page, click Export Public Key. The public key is downloaded.
5. On the Apple DEP Portal, click Choose file, select the public key you just downloaded and then click Next.
6. Click Your Server Token to generate a server token, which is downloaded from the browser, and then click Done.
7. On the XenMobile console iOS Bulk Enrollment page, click Import Token File and then upload the token file you downloaded in the preceding step.
Your Apple DEP token information appears in the XenMobile console after you import the token file.
8. Click Test Connection to verify the Apple DEP connection with XenMobile.
9. On the iOS Bulk Enrollment page, complete the additional settings, select the Apple DEP controls and policies you want to implement for your Apple DEP devices and then click Save.
The XenMobile server appears in the Apple DEP Portal.
You can order DEP-enabled devices directly from Apple or DEP-enabled authorized resellers or carriers. To order from Apple, you need to provide your Apple Customer ID within the Apple DEP Portal to enable Apple to associate your device purchased with your Apple DEP account.
To order from your reseller or carrier, contact your Apple reseller or carrier to check if they participate in the Apple DEP. Ask for the resellers' Apple DEP ID when purchasing devices. You will need this information to add your Apple DEP reseller to your Apple DEP account. You will receive a DEP customer ID after adding the resellers' Apple DEP ID, when approved. Provide the DEP customer ID to the reseller, who will use the ID to submit information about your device purchases to Apple. For more information, see this Apple website.
Follow these steps to associate devices with your XenMobile server within your Apple DEP account through the DEP Portal.
1. Log on to the Apple DEP Portal.
2. Click Device Enrollment Program, click Manage Devices and then in Choose Devices By, select the option for which you want to upload and define your Apple DEP-enabled devices - Serial Number, Order Number, or Upload CSV File.
3. Under Choose Action, to assign your devices to a XenMobile server, click Assign to Server and then in the list, click the name of your XenMobile server and then click OK.
Your Apple DEP devices are now associated with the selected XenMobile server.
When users enroll an Apple DEP-enabled device, their experience is as follows.
1. Users start their Apple DEP-enabled device.
2. Users the configuration wizard to configure the initial settings on their iOS device.
3. The device automatically starts the XenMobile device enrollment process. Users follow the wizard to enroll the device into the XenMobile server associated with the Apple DEP-enabled device.
The Apple DEP enrollment process starts automatically as part of the initial IOS configuration flow for Apple DEP enabled devices.
4. The Apple DEP configuration that you configured in the XenMobile console is delivered to the Apple DEP-enabled device. Users follow the wizard to configure the device.
5. Users may be prompted to sign into iTunes so that Worx Home can be downloaded.
6. Users open Worx Home and enter their credentials. If required by the policy, users may be prompted to create and verify a Worx PIN.
The remainder of the required apps are pushed down to the device.