Scribd
Upload
58 views

Zero-Touch Apple Device Deployments: For Beginners

This document provides an overview of zero-touch device deployment for Apple devices. It discusses Apple's Device Enrollment Program and Volume Purchase Program, which have been replaced by Apple Business Manager and Apple School Manager. These programs allow automatic enrollment of devices into an MDM server and bulk purchasing of apps. The benefits of zero-touch deployment include saving IT time by automating setup and empowering users. Enrollment options for macOS and iOS are outlined.

Uploaded by

The Rearranger
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
58 views

Zero-Touch Apple Device Deployments: For Beginners

This document provides an overview of zero-touch device deployment for Apple devices. It discusses Apple's Device Enrollment Program and Volume Purchase Program, which have been replaced by Apple Business Manager and Apple School Manager. These programs allow automatic enrollment of devices into an MDM server and bulk purchasing of apps. The benefits of zero-touch deployment include saving IT time by automating setup and empowering users. Enrollment options for macOS and iOS are outlined.

Uploaded by

The Rearranger
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

A COMPREHENSIVE GUIDE

Zero-Touch Apple
Device Deployments
FOR BEGINNERS
Is your organization receiving an influx 2

of Apple devices? Ready to move away


from hands-on, time-consuming imaging
practices? Or maybe you’re the only person
responsible for deploying your entire
fleet of Apple devices and you need a
more efficient way of doing so?

Either way, you’ve come to the In this e-book, we simplify Apple deployment
vernacular and show you exactly what it takes
right place.
to automate Mac, iPad, iPhone and Apple TV
deployments in your organization.

An Overview of Benefits of Zero-Touch MDM for macOS, iOS Purpose-Built


Apple’s Deployment Deployments and tvOS Apple Ecosystem
Programs Management

PAGE 3 PAGE 5 PAGE 10 PAGE 13


3

Historically...
Apple had two different programs for businesses and educational institutions to deploy devices and
procure apps:

An overview
of Apple’s
deployment Device Enrollment Volume Purchase
Program (DEP)
programs
Program (VPP)
To provide automated To purchase app licenses
device enrollment into a in bulk.
mobile device management
(MDM) server.

However, these programs have given way to new education and business-focused portals that combine
the power of DEP and VPP, plus add new device management capabilities.
4

Introducing Apple Business Manager and


Apple School Manager
Apple Business Manager and Apple School Manager offer key features needed to enable a zero-touch deployment strategy.

These programs tell your device the first time it’s taken out of the box and powered on to
automatically enroll in your mobile device management (MDM) server. They also allow you to
procure app and book licenses from Apple and remotely deploy and manage them with your
MDM solution.

Through one program, you can set up devices and deploy apps without getting Apple IDs
tangled up in the works. Apple IDs are unique identifiers to know who the user of the device is.
To make this extra simple, Apple now allows for Managed Apple IDs (for Apple School Manager
only) which empowers IT to be fully in charge of setup and management of the Apple ID
— saving students (and parents) the need to create and remember their own ID and password..

Best of all, these programs specifically designed for businesses and schools are available at no
cost; the only requirement is that you procure your Apple technology from a supported vendor.

OUT WITH THE OLD


DEP Automatic device enrollment
These changes bring some new language in to replace VPP Volume purchasing of apps and books
the old. Here is the vernacular that has changed: DEP + VPP Apple Business Manager (for businesses)
DEP + VPP Apple School Manager (for schools)
5

With the knowledge of Apple’s


deployment programs under your
belt, it’s time to dig into why you’ll
love having a zero-touch deployment
strategy in your environment.
Benefits of
zero-touch
deployments Not surprising, IT is busy. They constantly deal with incoming tickets,
network issues, provisioning accounts across various services, hardware
requests, software deployments, and general help notifications by any
user at any time.

Add the task of unboxing each device, powering on and configuring


prior to deploying to users, and there is virtually no time for anything
else. By implementing a zero-touch deployment strategy, you will be
able to save time and money by automating and empowering users to
accomplish these steps on their own.
6

Enrollment options for macOS


There are a few ways you can enroll devices.

For macOS Description User Experience Best For

Providing users an out-of-box experience. With zero-


Automatic zero-touch User receives shrink-wrapped touch deployment you can:
enrollment with Apple Automatic enrollment box, and the device is
over the air automatically configured when • Ship devices to remote employees
Business Manager or • Speed up the onboarding process
turned on
Apple School Manager • Support education institutions with Mac programs

Manual enrollment User visits a specific URL to BYOD programs or when automatic zero-touch
User-initiated enrollment
over the air configure their device enrollment is not an option

Scan your network Hands-on for IT — enrollment is


for existing Macs and completed remotely through your Enrolling Macs en masse which are known to be on
Network scan
deploy an enrollment MDM when Mac is on the same the same network
package network

Time consuming for IT to create


Use pre-configured images, images go out of date
Not recommended — as new Apple hardware does
Imaging drive images to set quickly, software will likely need
not support imaging
up Macs updates upon first boot, does not
work on new Macs
7

Enrollment options for iOS

For iOS Description User Experience Supervision Best For

Providing users an out-of-box experience.


User receives shrink- With zero-touch deployment you can:
Automatic zero-touch
wrapped box, and the
enrollment with Apple Automatic enrollment • Ship devices to remote employees
device is automatically Yes (wirelessly)
Business Manager or over the air • Speed up the onboarding process
configured when
Apple School Manager turned on • Support education institutions with iPad
programs

Rely on users to Unmanaged devices currently in the field or


enroll their own iOS User visits a specific Via Apple devices that need to be reenrolled into a new
User-initiated via URL devices via a URL URL to configure their Configurator, but MDM server
your MDM server device MDM is removable
creates * Does not guarantee adoption

Enrollment through Shared and cart-device models, labs


IT manages the setup
a Mac app that devices purchased through a retailer
Apple Configurator process and hands Yes
connects to devices
devices to users
via USB * Time consuming
8

Enrollment options for tvOS

For tvOS Description User Experience Supervision Best For

User receives shrink-


Automatic zero-touch wrapped box, and the
enrollment with Apple Automatic enrollment device is automatically
Yes (wirelessly) Providing users an out-of-box experience
Business Manager or over the air configured when
turned on and plugged
Apple School Manager
into ethernet

Rely on users to Unmanaged devices currently in the field or


User uses Apple TV
enroll their own Via Apple devices that need to be reenrolled into a new
remote to plug in URL
User-initiated via URL tvOS devices via a Configurator, but MDM server
of a pre-made MDM
pre-made config file MDM is removable
profile
made available online * Time-consuming for user

When Apple Business Manager or Apple


Enrollment through School Manager are not an option
IT manages the setup
a Mac app that
Apple Configurator process and hands Yes
connects to devices * Note, some newer Apple TV hardware does not
devices to users
via USB have a USB port, and will require an ethernet
cable

Zero-touch deployments via Apple School Manager or Apple Business Manager is the recommended way to enroll
Mac, iPad, iPhone and Apple TV devices to save your organization time and preserve the user experience.
9

The zero-touch enrollment workflow


There are three basic steps to follow when implementing zero-touch enrollment: prepare, purchase and deploy.

Prepare Purchase Deploy

1 Sign up for Apple Business or 1 Order Apple hardware* 1 Send devices to users
Apple School Manager

2 Assign devices for enrollment 2 Users unbox and turn on


2 Link account to your MDM device
server * Must be purchased via Apple directly
or an authorized reseller

3 Devices enroll into

3 Configure enrollment settings management automatically


10

Pairing MDM with Apple’s deployment


programs
Your MDM server communicates to devices via the MDM software leverages the MDM framework
Apple Push Notification service (APNs) and tells built into Apple’s operating systems. With your
them how to behave. This maintains a constant MDM solution, you can build configuration profiles
connection to your devices, so you don’t have to. based on the various settings you’d like to deliver
Commands, apps and profiles are all sent to the and push them to your devices over the air via
device over the air. APNs. Configuration profiles are XML files and

MDM for can be built inside of Jamf — the gold standard for
Apple MDM.

macOS, iOS
and tvOS
11

Common configuration profiles


Below are some examples of configuration profiles you can build and deploy to your Apple devices.

Basic Accounts Security Advanced

Passcode Dock
Mail Certificate

Restrictions Exchange Custom Settings


Security & Privacy

Network LDAP AD Certificate Identification

VPN Contacts Mobility Finder

Printing Calendar Parental Controls Accessibility


12

Mobile device management for macOS


The MDM framework Apple has available for macOS provides baseline By leveraging client management, organizations can install a Mac agent,
control over Mac computers, and many organizations need more control and or binary, that is automatically installed after enrollment and gives you, the
functionality than what Apple provides by default. Some additional functional IT admin, more control over your managed Macs. It adds a hidden admin
needs include: modify a user account, send terminal commands and deploy account that you have full control over and grants you remote root access.
apps outside of the App Store. This enables you to run advanced policies, custom scripts, install custom
software, and a whole lot more.

Below are a few examples of things you can do using client management from Jamf for macOS.

Install PKG/DMG Enforce FileVault Bind to Diectory

Combining the
MDM framework
with the Mac
Run Scripts Customize Dock Set EFI Password agent gives you
total control of
configuration and
management of
your Macs.
Install Printers Create Accounts Set Software Update
Purpose-built Apple ecosystem management
To get the most out of these deployment programs, you need an MDM software
solution that understands Apple. As the best-of-breed Apple management
solution, Jamf is the product trusted by businesses and schools that want to
provide a consistent management experience across the entire ecosystem.

When you let Apple Business Manager or Apple See for yourself why 96 percent
School Manager automatically enroll your devices into of Jamf customers stay with us
management and Jamf handle all the device settings
once they begin utilizing the
and app configurations, you can be virtually hands-off
with all Apple deployments — giving you more time to
benefits of automated Apple
focus on projects that better serve the organization. device management.

Start Trial

Or contact your preferred reseller of Apple


devices to take Jamf for a test drive.

You might also like