Skip to main content
  1. Addigy
  2. Enrolling Devices
  3. Enrolling Devices

Automated Device Enrollment Settings

Updated:

Automated Device Enrollment (ADE) allows devices to be automatically enrolled in Mobile Device Management (MDM) and placed into supervised mode during setup.

Requirements

Once you’ve uploaded your token from Apple Business or School Manager into Addigy, devices will automatically enroll into Addigy during their initial out-of-the-box setup or directly from a device wipe. Let’s look at a few important and recommended settings you can enable.


Settings and Recommendations

ADE Profile

Provide a name for your ADE Profile that helps identify which Policy the ADE Token is associated with. A token can only be associated with one policy. 

Make ADE setup mandatory during initial device setup  Recommended 

The device user cannot skip the enrollment process. This ensures that all devices are correctly enrolled into Addigy and under your management. Devices can still be enrolled if this is unchecked, but ADE makes it seamless for the device user.

Allow user to remove the ADE enrollment profile

If enabled, the user can remove the profile, which will unenroll the device from Addigy. If disabled, the profile will be locked to the device and only removable by using Addigy commands. We recommend leaving this unchecked to prevent an end-user from removing the management capabilities.

Enable Activation Lock

This will enable Activation Lock on the device and escrow the code into Addigy, which can later be found in the Security section of GoLive.

Await device configured

With this enabled, you ensure that the ADE enrollment is completed before the user can complete Setup Assistant. Then, you can configure device user accounts to unlock management options.

Await device configured is required if you are using Addigy Identity. 

Configure User Accounts  Recommended 

Check this box to uncover additional settings:

Skip user account during Setup Assistant

You should only skip the user setting up their own account if you’ve added an ADE Account or if Addigy Identity is configured for this policy.

Enable this for policies that have Addigy Identity configured. This will skip the user account creation screen and allow Addigy Identity to take over. This is also useful when the only account you want to be created is the ADE-created local admin (see Add User below).

Create primary accounts as regular (non-admin) users

By default, Setup Assistant will create the user’s own account as an admin account. Selecting this will instead make it a standard, non-admin account. The ADE account will always be an admin account.  

ADE Account (admin)

This automatically creates an admin user during Setup Assistant, called the ADE-created admin. This is required if you also want to enable "Skip Setup for Primary Accounts," as referenced above.

Note: If FileVault is enabled, this user account will not be granted a Secure Token until the first time it logs in or is granted a Secure Token by an already enabled user account.

Pre-fill end-user account name

This is not the ADE Account (admin). Filling these fields is generally not recommended except for specific situations, such as a lab setting where the machines are to be shared devices with the same username on all devices. Leaving the setting unchecked will allow the end user to enter their own information during Setup Assistant.

Enable Shared iPad

This will enable Shared iPad on all eligible iPads enrolling through this policy. The settings below only apply to Shared iPads.

User Settings

Set specific user settings for Shared iPads. They include:

  • None: This will use the device's maximum allowed settings for Shared iPad
  • Resident Users: The maximum number of users that can exist on the device
  • Quota Size: The maximum space requirements (in MB) each user can have on the device.
  • Only Allow Guest Session: Only allow guest sessions and do not allow any Managed Apple ID login on Shared iPad devices.
  • Auto lock time: Number of seconds before the device is put to sleep when idle.
  • Passcode lock grace period: The number of seconds before the screen is locked. This option is a drop-down only and can not be custom-set to any other value.
  • User session timeout: The timeout for the user session in seconds. The minimum time is 30. Setting this value to 0 removes the timeout.
  • Guest session timeout: The temporary session's timeout in seconds. The minimum value is 30. Setting this value to 0 removes the timeout.
Was this article helpful?
2 out of 5 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team