Apple DEP integration if not currently using

raphhyyy
New Contributor III

First off, i want to know everyone's experience with Apple DEP program

Secondly - if we aren't currently using it, and want to add DEP into our organization, would we have to re-enroll all the devices again? I'm not sure if there would be an easy way of doing that..

5 REPLIES 5

Look
Valued Contributor III

First off: Going forward working without DEP is getting close to impossible, I really don't envy people in countries where it is not available!!

Secondly; No you don't need to re-enroll existing devices (in the JSS at least), DEP is only applied during the macOS setup wizard and simply enrolls the device in JAMF. If your Vendor has been DEP registered you can however add devices bought through them in the last couple of years to DEP which can be useful if your looking for a uniform deployment methodology when it comes to repurposing these devices.

In general DEP is pretty awesome, it still requires 3 or 4 clicks to get a machine into the system, but with some clever 'on enrollment' policies you can make it look a little bit like magic when you unwrap a new Mac.

easyedc
Valued Contributor II

I'm about 6 months into flipping the switch and leveraging DEP for all our managed Macs. I also worked with our 3rd party vendor to add all our prior purchases so that if we re-provision an existing computer to a different user, it'll go through the DEP process auto-magically. It's been a mostly painless process, albeit slower than the traditional imaging with a thick image. My one complaint is that High Sierra can't leverage my pre-configured local admin account, and requires one to be created in the GUI. DEP is light-touch, but I've given feedback to Apple where I'd like it to be truly zero-touch.

cwaldrip
Valued Contributor

Moving to DEP is simple enough, but finding the best way to integrate it into your imaging workflow might take a bit (everyone is different). @Look mentioned adding machines to DEP. I believe you can add iOS devices, but only a reseller can add macOS devices. Many resellers can go back and add previously purchased devices to DEP if you ask nice. Make sure going forward that the resellers you work with know to enroll your machines (iOS and macOS) into DEP.

And if your company has multiple MDM (i.e. Jamf) servers or not all purchased machines are managed by your Jamf server you'll want to turn OFF the feature in DEP to auto-assign machines to a MDM where they might get auto-enrolled on first startup and do things other people may not want.

Look
Valued Contributor III

Yes you can manually add iOS devices using Configurator.
I believe only a vendor can add macOS devices after the fact and they may have to have been a DEP registered vendor at the time of purchase, this all varies somewhat country to country as well, for example here in NZ we are buying from one company, who sources from a DEP registered company in AUS who sources from Apple. The AUS company I believe is the one that does the DEP portion of our purchases.

raphhyyy
New Contributor III

One thing we don't have to really worry about is iOS devices, we have like 20+ iPads that are strictly used for ZoomRooms and nothing else.
We're not a big company at all, with around 300 MacOS devices floating around and us being fairly new to JAMF.