March 21, 2018 By Dan Cheuvront 3 min read

Manually deploying thousands of Apple smartphones, tablets and laptops is tedious, and any veteran IT administrator worth his or her salt doesn’t do it that way. However, this is how most companies get started managing Apple devices.

In recent years, Apple has streamlined the deployment process by introducing its Device Enrollment Program (DEP), which is specifically designed to work directly through a unified endpoint management (UEM) solution. The combination of the DEP and UEM has enabled Apple to carve out a larger presence in the enterprise while making its devices easier to manage.

An Introduction to Apple’s Device Enrollment Program

Apple’s DEP is a unique program that gives IT virtually unlimited management capabilities over iOS devices. There are certain criteria that IT has to meet and follow to enroll, including linking DEP to a UEM solution. Here are some basic steps to help you get started with your DEP integration:

  • Configure DEP options in the UEM solution.
  • Enroll the organization using the Apple DEP portal.
  • Download the token from the DEP and upload it to the UEM solution.
  • Customize device enrollment settings.

In most cases, admins simply leverage the DEP to make user enrollment easier. In other scenarios, admins use a feature called Supervised Mode to add more structure to their environment.

View the Infographic: Low-Touch, No-Touch Deployments for PC and Mac

Leveraging the Security Options of DEP Controls

Supervised Mode is baked into the iOS device policy of the UEM solution. This enables the admin to customize the setup, appearance and overall functionality of enrolled devices. The admin gains the ability to better control the device in specific scenarios. For example, an iPad sitting in a retail store can be locked down to show only one approved application and block users from accessing other apps and device functionality. Unlike unsupervised devices, Apple has given admins the ability to push and install operating system (OS) updates, which keeps devices current and reduces OS version fragmentation.

Some other valuable DEP features include:

  • Kiosk mode — Shows only one app or a custom home screen;
  • Restricting iMessage — Turns off and hides iMessage from the user;
  • Disabling activation lock — The device can be wiped remotely without an Apple ID;
  • Notification control — Customizes the amount and type of notifications a device receives;
  • Blacklisting websites — Restricts specific websites or adult content; and
  • Automatic app updates — Updates apps without user intervention.

In the same portal as the DEP, there is also an option to participate in Apple’s Volume Purchase Program (VPP). As part of this, admins can purchase apps in bulk and silently install them over the air to enrolled devices via the UEM solution.

Watch the Video: IBM MaaS360 with Watson — Apple Device Enrollment Program (DEP) Support

Managing Apple Devices Has Never Been Easier

A major benefit of the DEP is the preconfigured, out-of-the-box experience. When a user powers on a new Apple device, he or she simply completes the customized setup and enters the appropriate corporate credentials. The device is now enrolled and reporting to the UEM solution, and apps are automatically downloaded without the user having to enter an Apple ID. This saves time and money for the organization because everything the user needs is automatically handed down, which also makes users more productive.

The DEP provides no-touch, drop-ship delivery for Apple devices, which minimizes the need to assemble custom images or physically handle hardware for updates.

IBM MaaS360 with Watson offers Apple device management and full integration with the DEP. Streamlined enrollment for iOS and macOS devices has never been easier with a solution that is simple, fast and effective.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today