This integration guide is focused on configuring the Apple Device Enrollment Program using Apple Business Manager within Addigy.
Please review the article in full to understand all of the requirements, configuration steps, and statuses.
The following requirements are needed to proceed with the Automated Device Enrollment Integration within Addigy using Apple Business Manager:
- Apple Business Manager account (business.apple.com)
- An MDM server with devices assigned
- Administrator access in Apple Business Manager
- Owner access in Addigy
- An MDM Profile is created and defined in Policies > Integrations > Mobile Device Management (MDM) Integration (Creating an Apple Push Certificate)
Enable the Addigy Automated Device Enrollment Integration
Addigy provides each organization with the ability to associate multiple Automated Device Enrollment accounts across different policies.
To enable Automated Device Enrollment within your organization, a user with the Owner role will need to enable the integration from the Support -> Integrations page.
Creating an MDM Server in Apple Business Manager
In Apple Business Manager, navigate to Settings -> Device Management Settings and select Add MDM Server.
The Public Key can be found in Upload Server Token Step 3 of the Automated Device Enrollment instructions as shown in the next section of this article.
Now, each policy within your organization will be able to leverage Automated Device Enrollment by integrating with a unique MDM server created in your Apple Business Manager account. Associating an Automated Device Enrollment account with a policy can be done in two places:
- In the Add Devices page of your Addigy portal
- In the Integrations tab of each policy
Setting Up Automated Device Enrollment from the Add Devices page
From the Add Devices page in Addigy, select the desired policy from the drop-down box and select the Edit Settings option.
Here you will be prompted to apply the MDM Server token from your Apple Business Manager account and configure an Automated Device Enrollment Profile. You will then have the option to configure the settings you wish to enact during the device setup.
Setting Up Automated Device Enrollment from the Policies page
To configure Automated Device Enrollment in the Policies page first, navigate to Policies >> [Desired Policy] >> Integrations >> Automated Device Enrollment.
Then, follow the instructions available within the Automated Device Enrollment section.
Configuring the Device Enrollment Program Automated Device Enrollment Integration
Completing the two requirements below involves leveraging your Apple Business Manager Program platform.
Now, your Automated Device Enrollment devices will install Addigy via MDM during their initial enrollment.
If the device has already gone through the Automated Device Enrollment enrollment process and you would like to redo enrollment, then see our article Resetting the Automated Device Enrollment Status of a Device.
As soon as your Apple Automated Device Enrollment account is linked to the policy, your Automated Device Enrollment enrolled devices will appear in the table below the setup. Here are the possible statuses for each device.
Automated Device Enrollment Profile Status:
Automated Device Enrollment Profile Assign Status:
1) success - assigned profile
2) not accessible - the serial number not accessible
3) failed - not assigned profile "unexpected reason"
Creating an Automated Device Enrollment Profile: (*REQUIRED*)
You must set up an Automated Device Enrollment Profile for the integration to be considered complete and start managing devices.
Enter all the unique and corresponding information to your company that you would like to be reflected on Automated Device Enrollment Enrolled devices during enrollment and thereafter.
Each task will control the enrollment behavior accordingly below and may vary uniquely for each Operating System (e.g. macOS, tvOS, iOS).
For information on the benefits of enabling Supervised Mode, please reference the following Apple Article: https://support.apple.com/guide/mdm/supervised-restrictions-mdm54960f92a/web
Once the Automated Device Enrollment Profile is saved new devices will inherit this Profile configuration.
If devices are already enrolled in Automated Device Enrollment, they would need to be re-enrolled to inherit the new profile settings in which case see the article Resetting the Automated Device Enrollment Status of a Device.
You can see the status of Automated Device Enrollment enrolled devices in Addigy after the Profile Settings in the Automated Device Enrollment Devices area.
Underneath you can view the grid of devices and their Profile status:
You can validate devices are enrolled in this process when they are powered on for the first time and they reach the enrollment screen or the Profile is visible in System Preferences.