Manually deploying thousands of Apple smartphones, tablets and laptops is tedious, and any veteran IT administrator worth his or her salt doesn’t do it that way. However, this is how most companies get started managing Apple devices.

In recent years, Apple has streamlined the deployment process by introducing its Device Enrollment Program (DEP), which is specifically designed to work directly through a unified endpoint management (UEM) solution. The combination of the DEP and UEM has enabled Apple to carve out a larger presence in the enterprise while making its devices easier to manage.

An Introduction to Apple’s Device Enrollment Program

Apple’s DEP is a unique program that gives IT virtually unlimited management capabilities over iOS devices. There are certain criteria that IT has to meet and follow to enroll, including linking DEP to a UEM solution. Here are some basic steps to help you get started with your DEP integration:

  • Configure DEP options in the UEM solution.
  • Enroll the organization using the Apple DEP portal.
  • Download the token from the DEP and upload it to the UEM solution.
  • Customize device enrollment settings.

In most cases, admins simply leverage the DEP to make user enrollment easier. In other scenarios, admins use a feature called Supervised Mode to add more structure to their environment.

View the Infographic: Low-Touch, No-Touch Deployments for PC and Mac

Leveraging the Security Options of DEP Controls

Supervised Mode is baked into the iOS device policy of the UEM solution. This enables the admin to customize the setup, appearance and overall functionality of enrolled devices. The admin gains the ability to better control the device in specific scenarios. For example, an iPad sitting in a retail store can be locked down to show only one approved application and block users from accessing other apps and device functionality. Unlike unsupervised devices, Apple has given admins the ability to push and install operating system (OS) updates, which keeps devices current and reduces OS version fragmentation.

Some other valuable DEP features include:

  • Kiosk mode — Shows only one app or a custom home screen;
  • Restricting iMessage — Turns off and hides iMessage from the user;
  • Disabling activation lock — The device can be wiped remotely without an Apple ID;
  • Notification control — Customizes the amount and type of notifications a device receives;
  • Blacklisting websites — Restricts specific websites or adult content; and
  • Automatic app updates — Updates apps without user intervention.

In the same portal as the DEP, there is also an option to participate in Apple’s Volume Purchase Program (VPP). As part of this, admins can purchase apps in bulk and silently install them over the air to enrolled devices via the UEM solution.

Watch the Video: IBM MaaS360 with Watson — Apple Device Enrollment Program (DEP) Support

Managing Apple Devices Has Never Been Easier

A major benefit of the DEP is the preconfigured, out-of-the-box experience. When a user powers on a new Apple device, he or she simply completes the customized setup and enters the appropriate corporate credentials. The device is now enrolled and reporting to the UEM solution, and apps are automatically downloaded without the user having to enter an Apple ID. This saves time and money for the organization because everything the user needs is automatically handed down, which also makes users more productive.

The DEP provides no-touch, drop-ship delivery for Apple devices, which minimizes the need to assemble custom images or physically handle hardware for updates.

IBM MaaS360 with Watson offers Apple device management and full integration with the DEP. Streamlined enrollment for iOS and macOS devices has never been easier with a solution that is simple, fast and effective.

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]