How are you setting up Automated Device Enrollment with different departments?

BCPeteo
Contributor III

We are getting some iOS devices and working with apple school manager for the first time. How are you setting up Automated Device Enrollment in your organization?
Are you making different Automated Device Enrollment instances for each department? or letting them come in to one instance an then manually assigning devices to different sites after?

5 REPLIES 5

kevin_v
Contributor

We are treating Sites as Departments for our org. Each site has it's own MDM Server in Apple School Manager.

The downside to this is the lack of granularity within Jamf Pro to delegate permissions. Some things require Full Site access where Department Administrators get the "keys to the castle" per se to modify things we don't want them modifying.

I would advise not going this route having dug ourselves as deep as we have now. Utilize the Department field in Inventory > User and Location.

BCPeteo
Contributor III

Got it, I'm using Department field in my test right now. I tried to add another New Automated Device Enrollment instance, but it would not take my apple MDM token again so it did not look like you could add a new instance using the same mdm I set up in apple school manager. but it sounds like this is not a good idea anyways.

Asnyder
Contributor III

I'm using one Automated Device Enrollment server (ASM) and multiple prestage enrollments that set the department of the device. I then scope policies to those departments. K-12 EDU Here.

reddrop
New Contributor III

We enroll all of our macs into a single DEP site and then use a script to change the site via API. We scope the script to smart groups based on information pulled from the users LDAP attributes.

cbd4s
Contributor II

So what is exactly the difference between Options (General) > Department (Department to associate with the PreStage enrollment) and Options (User and Locations) > Department in the Devices PreStage Enrollments?