Automated Device Enrollment in Apple Configurator 2
In Apple Configurator 2, you can automate the enrollment of devices into your mobile device management (MDM) solution. Devices can be enrolled there automatically if the MDM solution has an enrollment profile for the device. This profile must contain enrollment options, and the Setup Assistant panes must not be visible to the user.
Automated Device Enrollment follows the steps depicted below.
Here’s what happens in each step of the illustration:
1. In Apple Configurator 2, the device activates when turned on.
2. In Apple Configurator 2, a Wi-Fi profile is installed on the device so it can contact the MDM solution.
3. In Apple Configurator 2, a command runs to apply the configuration.
4. The Apple device enrollment service downloads the configuration information.
5. The device enrolls with the specified MDM solution.
6. Setup Assistant panes are skipped based on the configuration.
For more information, see Manage Setup Assistant for Apple devices in Apple Platform Deployment.
Prepare iPhone, iPad, or Apple TV for Automated Device Enrollment
In Apple Configurator 2
, select one or more devices you want to prepare or one or more Blueprints, then to one of the following:Click Prepare
in the toolbar.Choose Actions > Prepare.
Control-click the selected devices or Blueprints, and choose Prepare.
The Prepare Assistant appears.
Select Automated Enrollment, then click Next.
Select your configuration profile with a Wi-Fi payload and (if your wireless network requires certificates) the Certificates payload, then click Next.
For automated enrollment to take place, you must provide a configuration profile that contains Wi-Fi information and, if necessary, any associated certificates. This lets the device look for a network you specified so it can contact Apple and your mobile device management (MDM) solution.
To create a configuration profile with Wi-Fi and Certificates payloads, see Create and edit configuration profiles, and see Certificate settings and Wi-Fi settings in Apple Platform Deployment.
If your mobile device management (MDM) solution supports using an enrollment user name and password, you can provide them here.
Click Prepare.
Choose Window > View Activity to follow the progress as Apple Configurator 2 prepares the devices.
Custom enrollment profile example
Here’s an example of a custom enrollment profile used in automated enrollment. This profile lists the following:
Name of MDM solution
Enrollment is optional
Device is supervised
List of Setup Assistant panes to be skipped
Note: Enrollment profiles can contain more info. When you use the Device Enrollment Assistant, you can select from additional options.
{"profile name": "Test Profile","url": "https://mdm.acme.com/getconfig","is_supervised": true,"allow_pairing": true,"is_mandatory": false,"await_device_configured": false,"is_multi_user": false,"is_mdm_removable": false,"department": "IT Department","org_magic": "BBB4B12F-1EA6-4013-B811-07CEB293CE7B","support_phone_number": "1-888-555-1212","anchor_certs": [MIICkDCCAdxaljhhntwlkjnmdjkgnjnwuqbnapliytnhkjhenkkjfqalcmmepej]"supervising_hosts_certs": [MIICkDCCAdxaljhhntwlkjnmdjkgnjnwuqbnapliytnhkjhenkkjfqalcmmepej]"skip_setup_items": [ "Accessibility", "Android", "Appearance", "AppleID", "Biometric", "DeviceToDeviceMigration", "Diagnostics", "DisplayTone", "HomeButtonSensitivity", "iMessageAndFaceTime", "Location", "MessagingActivationUsingPhoneNumber", "OnBoarding", "Passcode", "Payment", "Privacy", "Restore", "RestoreCompleted", "ScreenSaver", "ScreenTime", "SIMSetup", "Siri", "SoftwareUpdate", "TapToSetup", "TOS", "UpdateCompleted", "WatchMigration", "Welcome", "Zoom", ]}