Help

DEP setup and operation

PaulHazelden
Valued Contributor

Posted on ‎02-11-2019 04:12 AM

Hi
Can you clear up some questions with regard DEP, please?

We currently use DEP for all of our IOS devices. It works really well for them. However, the MDM we use is not JAMF, it covers all of our mobile devices - IOS, Android and Windows. This server is in our DEP setup, it is currently set as the default one.

For Mac OSX we haven't needed to use DEP as we have been Netbooting the Macs and enrolling in JAMF from there. I believe all of the Macs we currently run are new enough to have them all added to DEP. For operational reasons, we are looking to upgrade the lot to 10.14. Whilst it is possible to netboot our existing Macs, the replacements due in, will probably not.

My thoughts are, to add the JAMF server in to our DEP. Add all of the Macs to DEP. Then DEP will force the enroll to JAMF and then with my normal setup, the Macs will sort themselves out.

My questions...
In DEP is it possible to separate automatically the IOS and OSX devices and then apply them to the correct MDM server? What I am meaning is, can I set up one server as IOS only default, and another as OSX default. Then as new devices are purchased and added to our DEP they will pick up the correct MDM server and enroll with it. OR, am I going to have to go into the DEP account and add the devices manually to the correct server?
How does the DEP workflow work with OSX? On our IOS devices it is pretty simple, either a new or erased device, you give it network access, and then it asks for you to enroll the device with the MDM. We have all of the devices set up in groups, and they configure them selves. Is it going to be like this with OSX?
I use a script to setup the Mac, and create the Administrator account. It also transfers, and sets up, a set of scripts, LaunchAgents, LaunchDaemons and apps for managing the Macs. Will this still be possible to do before the account setup screen kicks in and requires you to setup a new account?

I know these are big questions, but I am hoping that someone out there can help with answers.
Many thanks in advance

Paul

Labels:
0 Kudos
6 REPLIES 6

a_stonham
Contributor II

Posted on ‎02-11-2019 05:45 AM

In DEP is it possible to separate automatically the IOS and OSX devices and then apply them to the correct MDM server?

This can be done in business manager.

0 Kudos

PaulHazelden
Valued Contributor

Posted on ‎02-11-2019 05:59 AM

Thanks for the quick response.

I forgot to say we are a college.

This can be done in business manager.

Looks like Business Manager is not available to us

0 Kudos

stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎02-11-2019 07:04 AM

@PaulHazelden You can have multiple MDM servers configured in DEP even if you are using the old deploy.apple.com site. In other words, if ABM is not available to you.

In DEP is it possible to separate automatically the IOS and OSX devices and then apply them to the correct MDM server?

No, not automatically if you are not able to use ABM. You can have one server set to automatically assign, but that is global, so every new device that comes in, regardless of iOS or macOS, will get assigned to that server. This means you will need to go into the Deploy web site and assign devices to the proper MDM servers. Using order numbers might make it slightly easier.

How does the DEP workflow work with OSX? ...... Is it going to be like this with OSX?

You can create a workflow that will work like this utilizing PreStage Enrollments, but that would require multiple MDM servers in Deploy and multiple PreStage Enrollments. One of each for each department build. You would then set the appropriate department in the PreStage and use Smart Groups to gather those devices for an enrollment policy to install the software, etc.

Basically, the enrollment piece happens while Setup Assistant is running. You can hide all of the Setup Assistant dialogs so that you are not given the opportunity to create the Computer Account and you are simply dropped at the login window. You can then utilize an enrollment policy to drop the admin user on the machine, do any generic setup (apps/settings that all users get). You can then login to device, open Self Service and run a provisioning policy based on the department/group that the machine is a part of.

Others may have better ideas, this is just what I can think of off the top of my head.

0 Kudos

bmortens115
New Contributor III
New Contributor III

Posted on ‎02-11-2019 07:21 AM

If you are higher ed, you should have access to apple school manager (ASM), which is the EDU equivalent of ABM, so you should have the same functionality to make different MDM servers default for different types of hardware.

0 Kudos

dsavageED
Contributor III

Posted on ‎02-11-2019 07:31 AM

Note you need to edit the server for it to actually show the options...bcfa91714a73451aa897308e4a4c8c20

0 Kudos

PaulHazelden
Valued Contributor

Posted on ‎02-12-2019 03:28 AM

Thanks for this.

Sorting out Apple School Manager some time this week. Then give our supplier the joy of adding all of the Macs to DEP for us.

Cheers

Paul

0 Kudos