Have you ever heard about DEP in Microsoft Intune and you just wondering what it is and how can I use them?
In this Post I will describe you, what DEP (Device Enrollment Program) is and how you can get and use it for your infrastructure;
In the Microsoft Intune Portal Website after change to the Administration Workspace and expand the Mobile Device Management you found on iOS “Device Enrollment Program” (DEP)
But what is DEP and how you can use it?
OK I will describe this by Design from Apple and also the right Links to this topic.
Was I describe is all in theory and Technical approved from Apple Tech-Center Germany, if I wrote anything wrong, please let me know to correct that. Why I wrote this maybe Wrong, if you can join the Apples DEP Program you have to be a big company.
OK as a Company you have to register on D-U-N-S, this is a US-Site (Organization) that you can approve your company that you are working with laws, that no corruption is in your Company and so one, after this registration you will become a DUNS-ID*, with this ID you can go to Apple to become a Apple Customer ID**, that means that you have to have a agreement with apple, in example that you buy some iPhones from Apple or some Air-Books however, with this ID you can go to the “Apple Device Enrollment Program portal” Website and Register with the “Downloaded Encryption Key” to become DEP Token, first you have to Save the “Downloaded Encryption Key” from the MS Intune Portal. After that you can upload that Key to the Apple Website to ask for the Enrollment.
(links are at the end of this Post)
* D-U-N-S Number (Dun & Bradstreet): https://www.dandb.com/
Is a Organization in USA to have all the Companies registered in a Database to guarantee that this Companies are really approved from Government also have all the Permits and Licenses in Hand to do they’re Business, you have to register there and also to pay a Fee, after that you are Listed in this Database and it’s allowed to do your Business. In the End you get a Number, with this number you can register on Apple.
** Apple-Customer-ID:
If you are a Apple Customer and you in the Program from Apple you can get a Customer ID to do some Cool stuff with your Apple-Devices.
OK, what means cool Stuff with Apple-Devices, you can get some special Profiles to Configure your iBooks, iPhones, iPad’s and all Apple Devices, is like a Provisioning for those Devices. Yea Apple can do that as well but there also some limitations.
What can that be? You can configure different Profiles for your Company Owned Devices and push that Profile to a Apple Device, you can that Manage only on the Apple Cloud and you need that DUNS stuff to get that ID, however you can those Profiles upload to Apple and Provisioning your Devices, not only the Devices in your Company, you can also Organize that your employees buy they’re Devices in a Apple Store and during the Payment Process they have to say he need’s the company Profile, Apple can Provisioning this Devices directly in the Store for your Employee and he has the Company Settings on the Device.
*** AppleID
How does it Work:
After you have your Registration done you have the Idea from the ** Part read, now you know how Apply use this Scenario, and now with Intune we can use this also to Provisioning our Company Owned Device. Push the Profile you created trough Intune to a Apple-Device or let that do the Apple Store for you.
1. Enroll.Create an account by providing basic information about your business including a D‑U‑N‑S number. You’ll also be asked to create a dedicated Apple ID for administering the program. |
3. Configure.Link your account to multiple MDM servers and assign devices by serial number or by order number. And choose to automatically assign all future orders to a default MDM server you designate. |
2. Set Up.Create administrative accounts to manage device enrollments across your business. You can create administrators for the entire company or by department. |
4. Assign.Assign user profiles through your MDM solution. As the user completes Setup Assistant, the device will be automatically enrolled in MDM and configured with the proper settings. |
Ready, set, deploy.
Deployment of corporate-owned devices is no longer a manual configuration process, and users get fully setup right out of the box.
Overview in a Picture:
1. Our Company purchase a DUNS Account
2. Get a DUNS ID
3. Buy the DUNS ID
4. Go to Apple, get a Apple Customer Number (with the DUNS ID)
5. Enroll the AppleID in iCloud Portal (with the Apple Customer Number)
6. Create your Apple Device Profiles (Like Designs, Wallpapers, settings…) and load it to iCloud
7. sync and enable DEP in MS Intune over the MS Intune portal
8. Sync from MS Intune to Apple DEP
9. Employee Buy a Apple Device in a Apple-Store
10. Get a Device and Apple do a Provisioning with your Company Profile
11. Sync the Profile to the Apple Device with the Company Settings
12. get the Company Settings from the Company Portal (MS Intune) to the new Device with additional Company Settings
13. Finish Employee leave the Apple-Store with a new Device and all your Company Settings on it and can Work!
Hyper links to the right places:
On the Apple Site http://www.apple.com/business/dep/
Registration for DUNS: https://www.dandb.com/
Enroll: https://deploy.apple.com/qforms/open/register/index/avs
Full PDF description from Apple: https://www.apple.com/business/docs/DEP_Guide.pdf
Abstract, what we need in the end:
1. D-U-N-S Number (from Dun & Bradstreet)
2. verified Apple Customer Number
3. AppleID.
*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.
Hope it helps and brings you a little light, this post is “as is” test it before implement Live
Leave a Reply