Automated Device Enrollment is designed to work with devices owned by the organization and allows you to configure and manage Apple devices from the moment they are removed from the box. Addigy provides each Environment the ability to associate multiple Automated Device Enrollment instances across different Policies with unique MDM servers.
Note: Before continuing with this article to set up ADE, you will need to have administrator access in an Apple Business/School Manager account, owner access in Addigy, and have Set up Policy MDM Profiles.
Also Note: Apple requires that the Apple Business/School Manager Terms of Service be re-accepted periodically. When this happens, you will be unable to enroll devices via Automated Device Enrollment until the ToS are accepted. Please see Apple Business / School Manager Terms and Conditions Update on how to accept Apple Business and School Manager Terms of Service and Restoring Automated Device Enrollment Connectivity.
Uploading the Server Token
- In a separate tab, log into your Apple Business Manager portal and click on Preferences.
- In the Your MDM Servers section, select the Add button.
- Enter the name you'd like this MDM Server to have. The Public Key will be downloaded from Addigy in Step 6; for now, keep this page open.
- Back in your Addigy Environment tab, navigate to the Policies page, select a Policy you'd like to have devices enrolled into. Click Settings in the policy navigation section and select the Automated Device Enrollment tab.
- From here, download the Addigy MDM Public Key, and upload it into the Upload Public Key section from Step 4. Save the changes.
- Download the Server Token and upload it into the Upload New Token section on the Integration Settings.
Creating an Automated Device Enrollment Profile
You must set up an Automated Device Enrollment Profile for the integration to be considered complete and start managing devices.
Enter all the unique and corresponding information to your company that you would like to be reflected on Automated Device Enrollment Enrolled devices during enrollment and thereafter. Each task will control the enrollment behavior accordingly below and may vary uniquely for each Operating System (e.g. macOS, tvOS, iOS).
For information on the benefits of enabling Supervised Mode, please reference the following Apple Article: https://support.apple.com/guide/mdm/supervised-restrictions-mdm54960f92a/web
After you've configured the profile to your preferences, click Save. Once the Automated Device Enrollment Profile is saved, your Automated Device Enrollment devices will install Addigy via MDM during their initial enrollment.
Troubleshooting
If devices are already enrolled in Automated Device Enrollment, they would need to be re-enrolled to inherit new profile settings; see the article Resetting the Automated Device Enrollment Status of a Device.
If the device has already gone through the Automated Device Enrollment enrollment process and you would like to redo enrollment, then see our article Resetting the Automated Device Enrollment Status of a Device.
As soon as your Apple Automated Device Enrollment account is linked to the policy, your Automated Device Enrollment enrolled devices will appear in the table below the setup.
Here are the possible statuses for each device.
Automated Device Enrollment Profile Status:
- assigned
- empty
- pushed
- removed
Automated Device Enrollment Profile Assign Status:
- success - assigned profile
- not accessible - the serial number not accessible
- failed - not assigned profile "unexpected reason"
You can validate devices are enrolled in this process when they are powered on for the first time and they reach the enrollment screen or the Profile is visible in System Preferences.