Know Your ABCs From Your DEP

January 5, 2016
| |
2 min read

With the mobile space rapidly changing and various vendors rolling out different features, it can sometimes be hard to keep up with the new technologies and acronyms that we see. For instance, the Apple Device Enrollment Program (DEP) is growing in the mobility space, focusing primarily on the education and enterprise markets. As more mobile vendors and telcos begin to support DEP, it is likely that we will see adoption grow at an even faster rate.

With the proliferation of mobile devices in the enterprise space, companies are looking to strike a balance between security, productivity and ease of use. So what is DEP all about, and what are its key considerations? How can it help with mobile device management (MDM) and mobile security?

About Apple DEP

DEP is a program designed to simplify deployment and speed up the initial setup and enrollment of iOS devices into an enterprise mobility management (EMM) or MDM solution such as IBM MobileFirst Protect.

Until now, the process of enrolling devices in an EMM solution has always required the user or IT administrators to manually configure them, spending time and effort while doing so. But with DEP, organizations can have iOS devices enroll directly in a program as soon as they’re taken out of the box.

Self-enrollment has always carried the risk that the user won’t ever actually enroll his or her device, meaning a company potentially doesn’t have a record of the device and has no way to manage it; by using DEP, this risk is eliminated.

How the Program Works

The process has three parts, as explained by the official Apple website:

  1. An organization creates an account on the DEP portal (a customer account).
  2. The EMM or MDM solution is linked to the DEP account. Once a company registers with the DEP portal, it links to the EMM server for devices to later enroll with. The business can choose to automatically assign all future or new devices to enroll with the EMM server.
  3. When ordering a new iOS device from a supporting vendor, the device serial numbers are loaded into the portal.

When the user follows the iOS setup wizard, the device will automatically be enrolled into the DEP portal.

Bringing Value to Organizations

As soon as users have unwrapped their new devices and enrolled them in DEP, the company can ensure that it has control and that the device is secured right from the beginning. When a company chooses to manage devices through DEP, the existence of the restrictions on the corporate device is mandatory and nonremovable. Only the administrators can remove DEP from a device, giving the company complete control. Moreover, due to the hardware serial number being tied to the DEP portal, if the device is wiped and reset for any reason, it will automatically be re-enrolled into the EMM solution before it can be used again.

By linking devices to an EMM solution, the EMM admin can assign a profile and policies for any given device. This means that a company can ensure a device is compliant with corporate policies, such as passcode rules and device restrictions. Applications can also be automatically downloaded and installed on the device. By deploying certain DEP profiles, a company can also streamline and remove items during initial setup, such as digital wallets they might not want on a corporate device.

Apple DEP enables organizations to ensure that new iOS devices are secured and managed by their corporate EMM solution without the need for end users to manually configure anything — helping employees to be more productive while staying safe.

David Harsent
Technical Mobility & Endpoint Security Specialist, IBM
David Harsent is a contributor for SecurityIntelligence.