Mac Enrollment Methods 03


One of the most important steps when deploying Macs at schools is enrolling them into the MDM solution and assigning to users (students, teachers and staff). In most cases, this must be done first before proceeding to any other part of the device management process. There are a few different ways in which you can enroll Macs using your MDM solution and we’ll cover them in this section.

Enroll a Mac using Device Enrollment (DEP) in Apple School Manager

In the previous section, we went over how integrating Apple School Manager to the MDM solution automates device enrollment. We’ll go over how to further configure your Device Enrollment (DEP) profile to streamline the enrollment process.

Important note

In order to manage your Mac computers in an MDM solution using the Apple School Manager, your devices must be associated with your Apple service account. You can assign devices to your MDM servers within your ASM account using the device serial number/order number, or by uploading a comma-separated value (CSV) file that contains a list of all unassigned device serial numbers.

When using Mosyle Manager, the workflow is easy:

When you’re configuring your Device Enrollment (DEP) profile, ensure that you make the proper selection for “The devices of this profile will be used in which model?” This is where you can specify whether your school is using the 1:1 device program, the shared device program or if your devices are still in limbo, which means that it is not assigned to any users yet. If your Macs will be used in labs, you can choose the Devices for Shared Users.

During the Device Enrollment (DEP) profile configuration, you can also integrate certain third-party software to further optimize your Mac deployment workflow. For example, Munki is a set of open-source tools that admins use to manage software and settings on Macs. Scroll down to “Options during the enrollment,” and, under the Install the “InstallApplication” PKG section, upload the signed PKG from your third-party software. Learn more about third-party tools you can integrate with your MDM solution.

Important note

In order for the necessary configuration settings to be applied to your Mac computers so they can be managed by the MDM, you must wipe and restart your devices. See the detailed explanation here.

Enroll a Mac computer using a URL

For Mac computers not enrolled in Apple School Manager, we suggesting using the limbo enrollment method, which means that the devices have been enrolled but not yet assigned to a user (which can be done later). For this manual enrollment process, you must use the URL provided by Mosyle Manager.

What about the User Approved MDM settings on Mac computers?

A User Approved MDM (or UAMDM) gives added permissions to an MDM software that can go beyond what is allowed for the previous macOS MDM type of enrollment. This was created to improve the security on the Mac and was made available starting with macOS High Sierra (10.13.2).

User Approval is required to manage any type of Security settings on a Mac computer being managed by the MDM solution enrolled outside of Device Enrollment in Apple School Manager.

UAMDM also allows an Admin to whitelist the Kernel Extensions, or Kext for short, which are just modules of codes that connect into the OS of the Mac to perform various tasks. This is one of the main benefits of using the User Approved MDM option when managing Apple Devices.

In the next section, we’ll cover how to install applications and software onto your Mac computers.