To understand DEP, it’s probably worth understanding Supervised Mode for Mac and iOS devices. The iPhone began life as a consumer device, and even though people used them for work, they weren’t specifically designed for this. With iOS 5, Apple introduced Supervised Mode, which allowed companies to differentiate corporate-owned devices from personally owned. Once supervised, the device allows administrators access to a growing list of additional management features such as silent app-push and restrictions on AirDrop, Handoff and many other settings. With every release of iOS, the number of management features which require Supervised Mode grows.
You know when an employee leaves and hands back their iPhone, but they’ve left their Apple ID signed in and Find My iPhone on? The company is unable to remove the user in many instances because their Apple ID on an unsupervised device makes them the effective owner, regardless of who actually bought it. If the device is supervised, the IT admin can sign the user out, wipe the phone and provision it for its next user. So, if supervision is so beneficial, why have so few organisations deployed it? Until the DEP came online, devices had to be Supervised via a USB connection to the supervising Mac, and Supervision involved replacing the operating system with a different version which was like a factory reset, erasing all contents and settings on the device. This was time-consuming when rolling out new handsets, and the requirement to ensure backup of data made it largely impractical for estates where the handsets were already in use by employees.
DEP is designed to make corporate-owned deployments simple. The process begins before the phone or tablet even arrives. You can order an iPhone or iPad, and have it arrive fully enrolled in your organisation’s MDM, supervised, and ready to deploy and required apps. IT simply has to create an account with Apple to verify that they own the MDM(s) they intend to use, create one or more deployment profiles to be assigned to DEP devices, link their Apple account to their MDM and assign profiles through their MDM. Once these simple steps have been performed, the following benefits are available:
- Mandatory and lockable MDM enrolment – even if you permit a user to use the “Erase all content and settings” function, when the device resets, it will still be part of DEP and require MDM enrolment before the user can use it.
- Wireless supervision – enable supervised mode over-the-air without needing to unbox the device
- Zero-touch configuration for IT – once the user activates their device, the mandated configuration is deployed, so that MDM, setting apps and other configurations are all in place for the user with no need for kitting.
- Streamlined Setup Assistant – As part of the configuration, certain setup steps can be removed
While under certain circumstances devices can be “grandfathered” into DEP, in general the program applies to new devices which are added to the program when ordering. Devices should be procured through an Apple DEP authorised reseller.
For further details, to order DEP devices, or to get enrolled with the program, contact CWSI where our sales and technical team will be happy to guide you through the process.