Re-enroll and Assign Devices 07
You have setup your school and registered your users, the last (but certainly not least) step is to enroll and assign your Apple devices to users. Now it's time to go back to your documentation and MDM migration plan and choose the best enrollment method according to your school's needs. You should evaluate two key elements before continuing:
- Does your school have an Apple School Manager and DEP accounts?
- Will the enrollment process have students/teachers interaction?
By answering these two questions, you will be able to find the best enrollment and assignment methods to accomplish your Apple Deployment successfully!
Keep in mind that Apple programs such as Apple School Manager and DEP simplify the deployment, so it’s important to integrate those services before starting the enrollment process, as we explained in the previous chapters.
Using Apple School Manager and DEP
If you have an Apple School Manager/DEP account for your school/district, you should move the DEP token to the new MDM solution. To move the DEP token, you should create the MDM server for the new solution by following the steps displayed in the "MDM Servers" area within the ASM portal. Then, navigate to "Device Assignments" area, choose the devices, select "Assign devices" and choose the new MDM server.
Complete enrolling devices by wiping them. You can do it by sending a command through your current MDM solution or by requesting students and teachers to reset their iPad by erasing all content and settings in the Settings app.
DEP profiles are only applied after the reboot of the device, therefore if the device is not wiped and rebooted, the DEP profile will not be applied and the devices will not be enrolled in the new MDM solution.
It is possible to enroll the devices with or without the user interaction. By enrolling using ASM/DEP, you have the option to assign the devices to users using User Authentication, Active Directory Authentication or the Automatic Assignment to bypass user authentication.
Using ASM, students and teachers have their devices automatically enrolled to the MDM when they turn on the devices.
Not using Apple School Manager and DEP
If your country/region doesn't support Apple School Manager, you are able to enroll devices using Apple Configurator 2 or the URL method.
Important note/ #3
Always make sure the Wi-Fi network is properly configured for the enrollment, ensuring the devices stay connected so the enrollment will not be interrupted.
Enrolling Mac devices
Apple School Manager and DEP
Using Apple School Manager and DEP is the quickest way to enroll Mac computers into a new MDM server. Remember that DEP requires a wipe of the devices, so if your devices have previously been used, you'd need to reformat the hard drive in order for the new DEP configuration profile to be applied. You can do this by sending a remote wipe command from your current MDM platform.
When enrolling devices via DEP using the terminal commands “sudo profiles -N”, it's not necessary to wipe the Macs if they're on 10.12.4 macOS or later. If your devices are brand new and have never been used or turned on, simply take the Mac out of the box and turn it on to enroll.
Mosyle Manager Agent
To enroll the Mac computers using the Mosyle Manager Agent, you'll first need to download the Agent onto the macOS devices of your school. Then, enter the Access Code provided in the users or Shared Macs of Mosyle Manager MDM platform and login to the agent using the unique Access Code.
Manually enroll the Mac Computers in the new MDM solution by using the Enrollment URL. For non-DEP devices, our suggestion is to use the limbo enrollment method. When you enroll the Mac in limbo status, it means the macOS device is enrolled in the Mosyle Manager MDM but has not been assigned to a user or laboratory. You can later assign the Mac computer to any student or teacher, or even a shared group or lab.
Important note/ #4
Mosyle Manager supports Mac enrollment using the imagining process, one of the most traditional methods used by Mac Admins. However, we highly recommend to enroll the macOS devices using the DEP enrollment method since it will save time and efforts of your technology team by taking the advantages of the zero-touch deployment capabilities.