DEP vs. Non-DEP / iMacs that are donated

npowell
New Contributor

Good Afternoon JAMFers,

Our district is on the receiving end of some donated iMacs that are being purchased through Apple, by some other 3rd party and then being donated to our district. Both the 3rd Party and Apple for whatever reason don't want to apply this to our DEP instance therefore leaving us with this conundrum of not knowing what to expect.

Ultimately, we would've liked them just added to our DEP instance so we could manage them like any other Apple purchase our district makes, but this is apparently not the case.

I have two questions here really... first, what am I missing in terms of management and abilities by having a non-dep, URL enrolled Mac? Secondly, are these devices going to be much different in terms of management down the road?

Any help would be appreciated. Thanks.

3 REPLIES 3

Tribruin
Valued Contributor II

At this point, there should not be much difference. The major difference between the Automated Enrollment and URL enrollment would be that computers enrolled via Automated Enrollment are automatically supervised. There is no way to supervise a Mac otherwise.

Right now, Apple does not have any management features (that I can think of) that requires supervision. However, I think it is a safe bet that this will change, and probably sooner than later. I think if you look at the management difference between a supervised and non-supervised iOS device, you can make reasonable assumption where Apple could take this. Non-DEP Macs will probably be less "manageable" via MDM in the future.

There is a lot of requests for Apple to add a provisional ASM/ABM enrollment to macOS, like there is for iOS. But, who knows if Apple will add it at any point.

taugust_ric
Contributor

To add to @RBlount's post... Non DEP deployed are already less manage-able. It means you will physically (ie have a human do this using a keyboard and mouse at the computer, not remotely over the network using a script or ARD/VNC) have to enroll the systems in Jamf Pro rather than the automated fashion that you are accustomed to using DEP. If you have any automation that is dependent on the computer being automatically enrolled in Jamf Pro after a factory wipe, this automation will not run. This will most likely be the case as long as you keep these iMacs in service. Just plan accordingly that the beginning of your configuration/deployment process will be manual until the iMac is enrolled and the MDM profile is trusted. Once that happens, everything else mostly works the same...

marklamont
Contributor III

you may find this useful it’s a way to handle building dep and non dep automatically, well as much as is possible.