Apple - Device Enrollment program

KRIECCO
Contributor

Even it is fairly old, I just started to look using DEP for our company.

One of the thing we often have issues with, is people that leave the company and forget to unlock the icloud on the phones. When getting new phones I can of course enroll them with dep, so they are supervised by me - but how do I do regarding backup. If a user get a new phone, a icloud backup/restore typical made from old to new phone. But will the DEP get lost on the new phone when making a restore of icloud or what is the best practise to this, as old phones are not running DEP

3 REPLIES 3

al_platt
Contributor II

You can use DEP and restore from an iCloud backup. That's what we have here and it works fine. It's also worth running all older devices through configurator (as and when you have hands on and can wipe) so you can add them to DEP.

KRIECCO
Contributor

What about this unlock token.
If I have apple configurator 2 installed on a mac as far I can read the unlock code is saved in the keychain. So only way to keep those token is to general backup this mac book ?
Or is there anyway a different way with somekind of "online" storage of those tokens. Would be best if they would be connected to company dep apple ID

al_platt
Contributor II

You mean the Activation unlock code?

Once the device is in DEP you're good to go.

So user has old device, backs up to iCloud.

User gets new phone and restores from iCloud backup as part of the setup options. Following that the MDM enrol screen appears (DEP) and the user logs in to the MDM server and grabs policies etc.

The unlock token for Activation Lock is generated then stored and managed by the MDM server - Jamf or whatever you use. To turn off activation lock you select the device in MDM of choice and send the unlock command.

You can use Configurator but if the device is enrolled via DEP and you have supervision enabled on your MDM server you're all sorted.

You should definitely be using a standalone company Apple ID for the DEP - don't use this for anything else, especially the App Stores.

Al