Manually deploying thousands of Apple smartphones, tablets and laptops is tedious, and any veteran IT administrator worth his or her salt doesn’t do it that way. However, this is how most companies get started managing Apple devices.

In recent years, Apple has streamlined the deployment process by introducing its Device Enrollment Program (DEP), which is specifically designed to work directly through a unified endpoint management (UEM) solution. The combination of the DEP and UEM has enabled Apple to carve out a larger presence in the enterprise while making its devices easier to manage.

An Introduction to Apple’s Device Enrollment Program

Apple’s DEP is a unique program that gives IT virtually unlimited management capabilities over iOS devices. There are certain criteria that IT has to meet and follow to enroll, including linking DEP to a UEM solution. Here are some basic steps to help you get started with your DEP integration:

  • Configure DEP options in the UEM solution.
  • Enroll the organization using the Apple DEP portal.
  • Download the token from the DEP and upload it to the UEM solution.
  • Customize device enrollment settings.

In most cases, admins simply leverage the DEP to make user enrollment easier. In other scenarios, admins use a feature called Supervised Mode to add more structure to their environment.

View the Infographic: Low-Touch, No-Touch Deployments for PC and Mac

Leveraging the Security Options of DEP Controls

Supervised Mode is baked into the iOS device policy of the UEM solution. This enables the admin to customize the setup, appearance and overall functionality of enrolled devices. The admin gains the ability to better control the device in specific scenarios. For example, an iPad sitting in a retail store can be locked down to show only one approved application and block users from accessing other apps and device functionality. Unlike unsupervised devices, Apple has given admins the ability to push and install operating system (OS) updates, which keeps devices current and reduces OS version fragmentation.

Some other valuable DEP features include:

  • Kiosk mode — Shows only one app or a custom home screen;
  • Restricting iMessage — Turns off and hides iMessage from the user;
  • Disabling activation lock — The device can be wiped remotely without an Apple ID;
  • Notification control — Customizes the amount and type of notifications a device receives;
  • Blacklisting websites — Restricts specific websites or adult content; and
  • Automatic app updates — Updates apps without user intervention.

In the same portal as the DEP, there is also an option to participate in Apple’s Volume Purchase Program (VPP). As part of this, admins can purchase apps in bulk and silently install them over the air to enrolled devices via the UEM solution.

Watch the Video: IBM MaaS360 with Watson — Apple Device Enrollment Program (DEP) Support

Managing Apple Devices Has Never Been Easier

A major benefit of the DEP is the preconfigured, out-of-the-box experience. When a user powers on a new Apple device, he or she simply completes the customized setup and enters the appropriate corporate credentials. The device is now enrolled and reporting to the UEM solution, and apps are automatically downloaded without the user having to enter an Apple ID. This saves time and money for the organization because everything the user needs is automatically handed down, which also makes users more productive.

The DEP provides no-touch, drop-ship delivery for Apple devices, which minimizes the need to assemble custom images or physically handle hardware for updates.

IBM MaaS360 with Watson offers Apple device management and full integration with the DEP. Streamlined enrollment for iOS and macOS devices has never been easier with a solution that is simple, fast and effective.

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…