Guide Request : Adding iOS11 device to Apple DEP via Apple Configurator 2.5+

Solved
PeterJames
Head in the Cloud

Guide Request : Adding iOS11 device to Apple DEP via Apple Configurator 2.5+

Could I please be provided the subject line guide.

 

Thank you,
Peter James

1 Accepted Solution
CarolineS
Community Manager
Community Manager

Hi all - 

 

This guide is now complete! https://documentation.meraki.com/SM/Device_Enrollment/Enrolling_and_Supervising_iOS_Devices_using_Ap...

 

The guide's author tells me: "It covers the great new feature where you can add non-DEP devices to DEP."

 

Cheers!

- Caroline

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here

View solution in original post

20 Replies 20
PeterJames
Head in the Cloud

Sorry I forgot to add, there is already a Apple Configurator 2.0 Guide:
https://documentation.meraki.com/SM/Device_Enrollment/Enrolling_and_Supervising_iOS_Devices_using_Ap...

 

I just feel one relevant to iOS11 updates would really help the community.

 

Thank you,
Peter James

Agreed, some additional documentation would be nice!

 

I tried this out today on several devices though and it was super easy and worked really well!

I am having some difficulty with this.

 

Has anyone got the device added to their DEP account?

Thank you,
Peter James

Just to expand on the below:
 - I have added the Meraki Server (from the AC2+ URL - See Guide above)
 - I have also added our server

 

Working with a factory reset iPod:

 - Prepare Devices (Options ticked: Add to DEP, Active and complete enrolment, Allow devices to pair)

 - Select Meraki Server above

 - Select new Organisation (Log on with our Apple DEP / Administrator account): No issue.

 - Create an Organisation: Generate a new supervision identity

 - Setup Assistant: Don't show any of these steps

 - Choose Network Profile - Profile: None

 - Automated Enrolment Credentials: Unsure what these refer to. Description "Provide the user name and password to use when enrolling in the MDM server, if needed". Assumed these to be our Apple DEP / Administrator account again.

 

(With our without the above optional user/pass entered I get the same error)

 

Device prepared:
 - Waiting for the device
--- START OF ERROR ---
Error: Provisional Enrollment failed.

Network communication error.
[MCCloudConfigErrorDomain - 0x80EF (33007)].
--- END OF ERROR ---

Our Apple DEP account now has a new server, with the name 'Apple Configurator Devices'.

What am I maybe doing wrong in the above? I  can set up the device and install the Meraki profile without issue, but this is not DEP enrolled.

Thank you,
Peter James

 

I've done a few now.  I did mine almost the same.  I added a network profile so that it could connect to the wifi.  I do tend to get an error at the end but it didn't seem to ultimately matter.  After I got the error, I logged in the Apple DEP site.  I saw the new "Devices Added by Apple Configurator 2" server with the iPads that I just used the Configurator on.  I used the Manage Devices to assign them to my "Meraki MDM" server.  Once that was done, I was able to finish the setup on the device.  The iPad has a new Remote Enrollment setup page telling basically that you can opt out using the settings app.  After you "Next" your way out of that, it downloads a configuration and you have the home screen on the iPad.  I went to the Meraki DEP page and did a full sync and the devices were now available to assign settings just like if they had been purchased with DEP.

 

I don't know if this makes a difference but I am the Apple DEP account owner not an admin.

 

2017-09-22 04_06_23-Apple Deployment Programs.png2017-09-22 04_07_49-Apple Deployment Programs.png

@GregCrider Thanks for this.

 

I too can see the newly created server, but unfortunately no devices have been added.

Also, when will the new IOS11 restrictions be added to SM?

The below video appears to cover this topic:

https://www.youtube.com/watch?v=J2FfN9Amcx8 

But unfortunately does not answer if 'Apple DEP - Administrators' are blocked from adding devices.

 

Thank you,
Peter James

When it comes to deploying Meraki w/ DEP, should i have an entry in DEP for each network?  Or do I just add the ipads to Meraki via DEP and then move them to the correct network after?

 

Also, there are some new restrictions in IOS11, like DNS proxy, etc.  Will these be added to Meraki soon?

I have no idea why this failed or produces an error on three iPod's but then worked on my work iPhone without issue. No Apple Configurator settings were changed.

 

 

But this does rule-in that 'Administrators' can add devices via this method.

 

Thank you,
Peter James

This issue I had was because someone had enrolled my test devices previously to a DEP Account.

 

After sorting this out, my new devices added without issue under an Administrator access account.

Thank you,
Peter James

@robby_barnes - Did these devices show up in your Apple DEP Account? And did you use your main Apple DEP account or an Administrator account of the DEP account?

 

@CarolineS - I appreciate this. Can you please let me know when this guide is updated / created.

 

According to the new Apple DEP T&C's and Apple directly, only the customer can be an owner of the Apple DEP account and service providers should only access it under an Administrator account.

I am currently wondering if Apple have made the requirement that only Apple DEP owners (and not Administrators) can add devices and these credentials must be used with Apple Configurator.

Thank you,
Peter James


@PeterJames wrote:

@robby_barnes - Did these devices show up in your Apple DEP Account? And did you use your main Apple DEP account or an Administrator account of the DEP account?

 



Good question.  I believe I was logged in with the owner account when I did it.

I have pulled some devices logs off and found:

 

<Notice>: Received response 403 for request to https://deviceenrollment.apple.com/v2/enroll

 

This is definitely pointing me down the direction this is a permission issue for 'Administrator' accounts. I am now contacting our DEP Agent account holder.

 

CarolineS
Community Manager
Community Manager

Great suggestion, @PeterJames! I've sent this request on to our documentation team, and they've added it to their list. I don't have an ETA, but I'll post back here when the new guide is out.

Glad to hear from @robby_barnes that it's fairly straightforward to add iOS 11 devices; if you try it, perhaps take some screenshots / take some notes and post them here for the benefit of all.

Cheers!
Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
CarolineS
Community Manager
Community Manager

Hi all - 

 

This guide is now complete! https://documentation.meraki.com/SM/Device_Enrollment/Enrolling_and_Supervising_iOS_Devices_using_Ap...

 

The guide's author tells me: "It covers the great new feature where you can add non-DEP devices to DEP."

 

Cheers!

- Caroline

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here

@CarolineS - Great! Thank you for this!

 

This is far more detailed than expected and gives thought to how we can improve our own processes, so thank you for that!

 

There is one section I would like to query "Manual Enrollment - Add device(s) to Device Enrollment Program (DEP) > Section 9 :

After the 30 day provisional period, the iOS device(s) are now fully in your Device Enrollment Program (or Apple School Manager) account! At this point devices can be moved out of the default “Devices Added by Apple Configurator 2” MDM server and moved into your Meraki MDM server on DEP so the device(s) sync into your existing Systems Manager > DEP page."

 

You can move a device out of this DEP account within the first 30 days, everything else mentioned still applies.

 

Thank you,
Peter James

@PeterJames We just updated the guide with your feedback to make that more clear. Thanks a lot for your feedback and I am glad you're enjoying the guide! Moving non-DEP devices into DEP is a really great new feature to get the most of our Systems Manager! 

DBHS
New here

I apologize for reviving an older thread, but this is the closest I've gotten contextually to the issue I'm having using Meraki MDM with Apple Configurator on devices which weren't purchased via VPP and are not currently in DEP.

 

I've followed the guide linked on this page and everything does work, however when using the manual enrollment method and selecting the Meraki MDM server, the devices are being added to the "Devices Added by Apple Configurator 2" server in the DEP portal rather than the Meraki server specified during the "Prepare" steps in Configurator.

 

I can retroactively move the devices in the DEP portal, but then they show a status of "Empty" in the 'Systems Manager - MDM - DEP' screen on my Meraki portal. If I go through the "Prepare" process again and select automatic enrollment, the will then show up as "Pushed" correctly. This seems like an unnecessary step and I'm not sure if it's because I'm doing something wrong, or if it's just a limitation with Configurator and DEP.

jared_f
Kind of a big deal

@DBHS When doing the setup make sure the check mark to "activate" the device is not checked. Then go into deploy.apple.com (DEP) and assign it to your Meraki server (serial # usually works best) > set prestage enrollment in Meraki (make sure this is done before setup on the device is started.

 

Jared

Find this helpful? Click the kudos button. Thanks!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels