Going back to basics with DEP and ios enrolment

Jacko
Here to help

Going back to basics with DEP and ios enrolment

Hi all,

ok to try and get as many useful replies as possible, i'm going to start my enrolment from scratch.

Currently i used Meraki SM to cover devices across about 5 different companies and keeping tabs of employee AppleID's is a nightmare.

Right now, i have a profile that organise apps on the homepage for ios devices and delivers them, but requires an AppleID as i haven't used VPP to deploy them.

My understanding is that if i set it up right, a brand new ios device that's already in DEP can be turned on for the first time and everything will load; all apps (silently) without the need for an AppleID.

This would be great, but how would an ios device be backed up in instances like these? It would surely need an icloud account (AppleID).

 

If anyone is willing to give me a step by step account on how to do all this, and have the patience to respond to [possibly] dumb questions, then i'd be most grateful.

 

Thanks

 

 

10 REPLIES 10
PhilipDAth
Kind of a big deal
Kind of a big deal

If you had a device in this configuration - what would need to be backed up?

photos, notes, text messages, maybe contacts, if the user doesn't know how to ensure the contacts are saved to the outlook app that will be deployed (we use office 365).

I already have over 100+ users on VPP, but i've found its a ball-ache, enrolling each new user in VPP, waiting for the email, verifiying it, then reviewing it in itunes before it actually associates itself with VPP.

Only then can i start to tag apps for deployment. This has always gone on using AppleID's though AND unsupervised.

I have the envious task (potentially) of ensuring every one of those devices is supervised, meaning 'preparing' them in AC, so they can go into DEP, enrolling them, assigning them in SM and then wiping them.

Of course the issue there is they'll lose all their data as from what i've read, restoring from icloud wipes out the supervision. So.....back to square one.

 

So, the 'no need for apple id' scenario would be ideal, but the devices need backing up. WE have designers and all sorts taking 1000s of pics using their ios devices.

PhilipDAth
Kind of a big deal
Kind of a big deal

>Of course the issue there is they'll lose all their data as from what i've read, restoring from icloud wipes out the supervision. So.....back to square one.

 

@jared_f has covered that one of several times.  You need to backup the phone.  Restore it to a different phone.  And then restore it back to the original phone.  This keeps the phone supervised.

 

Check out this thread, and note the comments by @jared_f:

https://community.meraki.com/t5/Endpoint-Management-Systems/Can-we-restore-a-back-up-after-DEP-enrol...

Excellent, thanks Philip, appreciate the link 🙂

PhilipDAth
Kind of a big deal
Kind of a big deal

If you are using OneDrive, OneNote and Outlook then that data will all be kept in Office 365 - so nothing to back up there.

 

You can use OneDrive to store photos (at least n Android you can).

 

 

That just leaves TXT messages.  The value of backing them up is probably marginal ...

sadly only onedrive personal will auto backup your camera roll (which is very handy). We have Onedrive for business, which is 1TB but won't back up photos. icloud does it........but guess what? Back to my problem of backing up a device without being signed into an icloud account.

 

Oh, the frustration of it all, lol.

" My understanding is that if i set it up right, a brand new ios device that's already in DEP can be turned on for the first time and everything will load; all apps (silently) without the need for an AppleID. "

 

 

App's will only silently load if they have been purchased via the VPP store. If your users are having to use Apple ID's then they will need to sign in to their app store and load the app's themsleves. 

 

VPP is the way to go, its easy to setup and manage, you can use a combination of both VPP and app store. We use VPP for company required app's and the user can use their ID for any other app's they require.  

 

Hi,

yeah i got it working with VPP assignment per device.

I then tested it with assignment per user, but i don't really need that.

I have to compromise and manually sign in to the phone with a newly created staff AppleID, but let everything push out via device assignment.

The AppleID signin is purely for backing up sms, photos etc and not least Find My Phone 😉

Any apps that a user requires, if its business related then i assume others would find it useful too so i push it out from SM. Personal apps don't get a look-in as its a business device and i've had enough of solving issues caused by idiots being allowed to install what they want onto their company phone.

 

Glad to hear you got it working.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels