Skip to main content

Three ways to get iOS devices enrolled into management

Posted in: Jamf Pro, K-12 Education

Regardless of where iPads were purchased, the next step for schools and their IT teams is to get these devices enrolled into a management solution so they can be configured, secured and rolled out to users.

But how do you go about doing just that? We’ll use the standard for Apple device management — Jamf Pro — as an example to explain three workflows to make it happen.

Workflow 1 (most recommend): Use Apple School Manager (previously known as Device Enrollment Program) to enroll devices.

If your devices were purchased through Apple or an authorized Apple reseller, this is the preferred and easiest way to get devices enrolled.

Steps:

  1. Get Public Key from Jamf Pro under Global Management > Device Enrollment Program.
  2. In Apple School Manager, go to MDM Servers > Add New MDM Server and upload the Public Key, and download the Server Token.
  3. Back in Jamf Pro, go to the same Device Enrollment Program location and select “New” and then upload your Server Token.
  4. You’ll now be able to go into Prestage Enrollments on the left column, and select “New”.
  5. Customize your Setup Assistant, and then select the “Scope” tab to pick which devices will be going through this particular enrollment.

Workflow 2: Use Apple Configurator 2.5 to bring devices into Apple School Manager so they can enroll using Apple School Manager (using workflow 1 above).

This workflow is ideal for devices that were purchased through a retailer like Best Buy.

Steps:

  1. In Apple Configurator 2.5, go to Preferences > Organizations and add a new Organization. Use the Apple ID you use to sign into Apple School Manager.
  2. Generate a New Supervision Identity.
  3. Then select the Servers icon and create a new server.
  4. Enter in a display name for your MDM server and the complete URL of your Jamf Pro server.
  5. Select “Next” when “Unable to verify the server’s enrollment URL” page comes up.
  6. Select your iPad and then Prepare.
  7. Select Manual Configuration, and “Add to Device Enrollment Program”. Then I recommend supervising the device and allowing device to pair with other computers.
  8. Select your MDM server that you created in step 4.
  9. Select your organization you created in step 2.
  10. Select which steps you want to show.
  11. Add a Wi-Fi profile, if wanted, and select Prepare.
  12. Device will then be wiped.
  13. Once device is wiped and displays the Setup Assistant, you will see a message that the MDM profile can be removed within 30 days. Be sure to let those devices wait for the 30 days so they cannot be removed from Apple School Manager.
  14. In Apple School Manager, assign your devices from the “Added from Apple Configurator 2 Server” to your MDM server.
  15. In Jamf Pro, confirm your devices are available under the Global Management > Device Enrollment Program. Once confirmed, go to your Prestage and make sure your new devices are selected, and then wipe your devices again to have them enroll into your Jamf Pro server.

Workflow 3: User-Initiated enrollment

Note: This method of enrollment will allow your users to be able to remove the MDM profile, and will not supervise your devices over the air. This method is typically used when devices are already in use and cannot be wiped. It’s still highly recommended that you add these devices into Apple School Manager as another layer of security if the device is stolen and wiped.

Steps:

  1. On your iPad, go to your Jamf Pro server URL, and at the end, add “/enroll” For example: https://mycompany.jamfcloud.com/enroll or https://mycompany.edu:8443/enroll.
  2. Log in with your Jamf Pro credentials or your Enrollment Only credentials.
  3. If you have the option, select “Institutionally Owned” when specifying who owns the device, and then select “Enroll”.
  4. (Optional) Assign a user and/or Site only if applicable to your environment. Otherwise select “Enroll”.
  5. Tap “Continue”.
  6. Select “Allow” to open Settings.
  7. Select Install on “Install Profile” and “Install” on all prompts.
  8. Select “Trust” on Remote Management prompt.
  9. Select “Done”.

That’s it! You now have a device enrolled into your Jamf Pro instance that is managed and ready to receive your applications and settings. Want to see these workflows in action? Check out this video.

Ready to put these workflows to the test in your environment?

Take Jamf Pro for a free test drive and tell us what you think.