Issues with DEP PreStage enrollment with iCloud Backup / Restore

pds_jamfadmin
New Contributor

Hello all,

We've run into an issue that is an extremely big deal for us and would love any insight that may help us in finding a resolution. The issue is with the workflow for students that are keeping their iPads and getting them enrolled into Jamf. What we had discussed with Jamf was that these iPads would be assigned to the DEP PreStage, then the student could make an iCloud backup, erase all content and settings, then restore from the iCloud backup and it would catch the DEP information to be enrolled into Jamf.

However, as we've been testing this, it doesn't seem to work on the iPad that performed the iCloud backup. It did work as expected with a different iPad (not the one that performed the backup), but since these kids aren't swapping iPads this doesn't solve our issue. Also, when we choose the option to set up as a new iPad, it will ask us to log into LDAP and enroll the device, so we know the prestage enrollment is scoped correctly.

Thanks for your help or insight here!

5 REPLIES 5

psliequ
Contributor III

Your post got me interested in whether this is by design or a potential bug. Supervision, whether through Configurator or DEP prevents any data from being restored from a backup if the backup was made on an unsupervised device I think. Does your prestage enforce supervision? I'll test this myself later and report back.

lunddal
Contributor

A restore from an unsupervised device to the same device will keep it unsupervised, but enrollment should work as far as I remember.

jared_f
Valued Contributor

I just got our first DEP device yesterday and ran into this issue. I also though that a unsupervised backup could not be put on a supervised DEP device. I was wrong - I synced a non supervised backup onto a supervised DEP device with no problem. It was an iTunes backup. For some reason if the device is configured with Apple Configurator the supervision will be erased if restored form a backup.

psliequ
Contributor III

I can confirm that if you allow a restore from backup in the DEP prestage, and if the user chooses to restore, that DEP enrollment never occurs. This happens if the prestage is set to either supervise or leave unsupervised.
It sounds like iTunes is the only way to do what the original poster had in mind, but I suspect that that hole will be closed by Apple soon.

See here for additional info. It doesn't look like the situation has changed since last year;

https://www.jamf.com/jamf-nation/discussions/10528/dep-pre-stage-enrollment-or-icloud-restore

CairoJXP
Contributor

@psliequ Thanks for the shout out!

I'm having issues similar to what was described in this thread now and hoping I don't have to do the work around from my other posting. We had iPad 4 devices deleted from our JSS accidentally. Our prestage requires credentials for enrollment. In the past, when restoring from an iPad, it does the initial restore in the setup, reboots, and then goes to the credential login page for LDAP which is what allows us to assign department/position which we use for smart groups.

Upon wiping one and having it go through prestage, I was able to restore from iCloud, but it didn't go to the credentials login page like it should. Instead it just started restoring and it never got the prestage, nor did it register in JSS. If I set up the device as new, it registers just fine. This is clearly still an issue Apple hasn't resolved. The iPad I tested was on iOS 10.3.3 which may make a difference.