Automated Device Enrollment (ADE) allows devices to be automatically enrolled in Mobile Device Management (MDM) and placed into supervised mode during setup.
Requirements
- Apple Business Manager or Apple School Manager
- An ADE Enrollment token configured in your Addigy account
Once you’ve uploaded your token from Apple Business or School Manager into Addigy, devices will automatically enroll into Addigy during their initial out-of-the-box setup or directly from a device wipe. Let’s look at a few important and recommended settings you can enable.
Settings and Recommendations
ADE Profile
Provide a name for your ADE Profile that helps identify which Policy the ADE Token is associated with. A token can only be associated with one policy.
Make ADE setup mandatory during initial device setup Recommended
The device user cannot skip the enrollment process. This ensures that all devices are correctly enrolled into Addigy and under your management. Devices can still be enrolled if this is unchecked, but ADE makes it seamless for the device user.
Enable Supervised Mode Recommended
This setting allows greater management options. Supervision essentially defines that the device is owned by the organization and is not a user’s personal device. This setting enables several additional ADE settings and many other support and troubleshooting commands later on.
Supervised mode is required if you are using Addigy Identity.
Allow user to remove the ADE enrollment profile
If enabled, the user can remove the profile, which will unenroll the device from Addigy. If disabled, the profile will be locked to the device and only removable by using Addigy commands. We recommend leaving this unchecked to prevent an end-user from removing the management capabilities.
Enable Activation Lock
This will enable Activation Lock on the device and escrow the code into Addigy, which can later be found in the Security section of GoLive.
Await device configured
With this enabled, you ensure that the ADE enrollment is completed before the user can complete Setup Assistant. Then, you can configure device user accounts to unlock management options.
Await device configured is required if you are using Addigy Identity.
Configure User Accounts Recommended
Check this box to uncover additional settings:
Skip user account during Setup Assistant
You should only skip the user setting up their own account if you’ve added an ADE Account or if Addigy Identity is configured for this policy.
Enable this for policies that have Addigy Identity configured. This will skip the user account creation screen and allow Addigy Identity to take over. This is also useful when the only account you want to be created is the ADE-created local admin (see Add User below).
Create primary accounts as regular (non-admin) users
By default, Setup Assistant will create the user’s own account as an admin account. Selecting this will instead make it a standard, non-admin account. The ADE account will always be an admin account.
ADE Account (admin)
This automatically creates an admin user during Setup Assistant, called the ADE-created admin. This is required if you also want to enable "Skip Setup for Primary Accounts," as referenced above.
Pre-fill end-user account name
This is not the ADE Account (admin). Filling these fields is generally not recommended except for specific situations, such as a lab setting where the machines are to be shared devices with the same username on all devices. Leaving the setting unchecked will allow the end user to enter their own information during Setup Assistant.
Enable Shared iPad
This will enable Shared iPad on all eligible iPads enrolling through this policy. The settings below only apply to Shared iPads.
User Settings
Set specific user settings for Shared iPads. They include:
- None: This will use the device's maximum allowed settings for Shared iPad
- Resident Users: The maximum number of users that can exist on the device
- Quota Size: The maximum space requirements (in MB) each user can have on the device.
- Only Allow Guest Session: Only allow guest sessions and do not allow any Managed Apple ID login on Shared iPad devices.
- Auto lock time: Number of seconds before the device is put to sleep when idle.
- Passcode lock grace period: The number of seconds before the screen is locked. This option is a drop-down only and can not be custom-set to any other value.
- User session timeout: The timeout for the user session in seconds. The minimum time is 30. Setting this value to 0 removes the timeout.
- Guest session timeout: The temporary session's timeout in seconds. The minimum value is 30. Setting this value to 0 removes the timeout.