Apple Configurator - What am I doing wrong?

SOLVED
Jeff_Longley
Getting noticed

Apple Configurator - What am I doing wrong?

We use DEP on mobile phones and that's working just fabulous. So, when the company decided to get *some* ipads in, I figured, get them in DEP so I can get them supervised and locked down.

 

Followed the guides and it sort of works.....

 

My current process is:

Using apple configurator, I prepare the device. I have to do manual configuration and tick add to device enrollment program. I can't tick "activate and complete enrollment, or else the ipad hangs when fetching remote management config. (yes, it has a working wifi config)

 

So,  after preparing the ipads, I then have to go into Apple Business Manager, download the serial numbers from settings/MDM servers/Apple Configurator 2, and add them into the Meraki MDM section (and yes, default device assignment action is for Configurator 2 is to do this, it just doesn't).

 

After running a DEP sync in dashboard, I can then start a manual setup of the ipad. This downloads remote profile and shows the device in dashboard, but NOT as supervised. DEP settings show as assigned, not pushed.

 

Reset the iPad and setup again, and FINALLY, I've a supervised device.

 

Hardly what I'd call a seamless management process - Where am I going wrong??

1 ACCEPTED SOLUTION

Just an update - time seems to be a factor.

 

The process is still long and complicated, but it appears the dashboard can be very inconsistent in displaying correct information.

 

As an example, in the DEP view, devices would show as pushed, whereas in client view, the DEP status would be assigned.

 

24 hours later, everything seemed to have settled down.

View solution in original post

12 REPLIES 12
nextgenconcepts
Here to help

What sate are the iPads in during the first setup? What I have found is that they can not be setup at all prior to applying the profile settings in the DEP list in Systems Manager. If the iPad setup has been started in anyway prior to that step, a full wipe is needed.

 

When it comes to the ABM/Configurator flow, it works a lot better when you are buying new devices that are automatically added to ABM and your default MDM. The configurator approach is a bit more intensive but you have to remember that up until about a year ago, there was no way to manually add previously purchased iOS devices. This, while being a bit of a pain setting up, is still much better than nothing at all.

Ipads are brand new out of box.

 

Totally agree that having distributors add them to your account is the pain free way (it's how we do our phones) but sadly, management decided to buy the ipads first, then consult us later....

as per Meraki:

Note that after initially adding devices into DEP through Apple Configurator, there is a 30-day provisional period where the management profile can still be removed. After this period, the management profile will no longer be removable.

yes, well aware of that. however, I'm NOT trying to remove the profile.

 

I'm trying to add devices into DEP without having just jump through a number of hoops.

@Jeff_Longley Have you tried setting one up without using Apple Configurator? Once the iPads are DEP enrolled and setup within Meraki you shouldn't need Apple Configurator to set them up.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
alexis_cazalaa
Building a reputation

If you set a profile by default on DEP dashboard section you don't even need to worry about going back there after "preparing' an ipad with AC.

So, to be clear, the documentation I'm following is this:
https://documentation.meraki.com/SM/Device_Enrollment/Enrolling_and_Supervising_iOS_Devices_using_Ap...

 

However, the results are, shall we say, unexpected....

 

Apple Configurator DOES add the devices to DEP - Its just that once there, you have to manually move them from the "MDM server" (devices added by apple configurator) to the meraki MDM server, This is despite the default DEP profile in Apple Business centre being set to meraki.

 

Within Meraki Dashboard, there IS a default DEP profile, and this does, after a sync, get assigned to the device.

 

HOWEVER..... once you pick the Ipad up and start to run through the setup, it becomes very apparent, something is not right.

 

Wifi profiles have to be configured (despite being part of the AC part), the devices appear in dashboard, but then it's a hit and miss as to whether they show as being pushed or assigned under their DEP settings, and the SM app says the device isn't registered, despite the damn things being manageable from dashboard.

 

*Maybe* I've just had a really long day, but when you're used to your apple phones just working straight off the bat, something in the AC/Meraki part just feels wrong.

in ASM/ABM - yes you have to move from added by AC to your MDM server
but if in Dashboard you set a profile by default you don't have to do anything, it will auto assign your profile ( that's what it does for me now ( it didn't work originally but got resolved by support ) )

so to check - prepare an ipad with AC - move it from added by ac to your mdm server - then make sure in dashboard's dep section that your device is indeed assigned, then it should work

Yes, doing that “sort of” works.

i can get devices in dashboard, with a DEP profile assigned. But as I said, what happens then is that from the device, it’s as if DEP profile is assigned; the device gets enrolled (although SM on the device says it isn’t) and the DEP profile says it’s still assigned (not pushed). Resetting the device sometimes fixes it.

tomorrows plan is to try a block of 10 devices, and give it a few hours between moving the AC profiles and actually configuring the devices.

in my case between AC preparation then ASM and Meraki it's all instantaneous.

do you download SM app or you push it with dashboard

SM is pushed from dashboard

Just an update - time seems to be a factor.

 

The process is still long and complicated, but it appears the dashboard can be very inconsistent in displaying correct information.

 

As an example, in the DEP view, devices would show as pushed, whereas in client view, the DEP status would be assigned.

 

24 hours later, everything seemed to have settled down.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels