Enrolling Apple devices

With KACE Cloud, you can manage your organization's Apple devices and ensure they are secure and compliant with your policies, and also to prevent their data from being exposed to unauthorized users. This topic provides specific instructions that allow you to enroll your Apple devices.

Apple device administrators can choose from a number of different enrollment flows depending on the device ownership (such as company-owned or personal), required level of control, and the specific business needs:

  • Apple DEP enrollments: The Apple Device Enrollment Program (DEP) is the preferred method for touch-free enrollment of corporate-owned devices in your MDM solution. This is typically the flow for enrolling new iOS, macOS, and tvOS devices purchased from Apple or an authorized reseller.
  • iOS Supervised Mode enrollments: You can enroll your target iOS devices in Supervised Mode using Apple Configurator 2. Administrators can use this mode for enrolling iOS devices that are not purchased from Apple or an authorized reseller. To enroll an iOS device in Supervised Mode, the device must be connected to a Mac running Apple Configurator 2. This process requires a KACE Cloud enrollment URL.
  • Personal device (BYOD) enrollments: Personal iOS and macOS can be enrolled easily by pointing the user to a KACE Cloud enrollment URL. A device administrator can provide an enrollment URL to the device user to initiate enrollment, or send the URL with instructions by email. During enrollment, a provisioning profile is installed on the device. 
  • tvOS device enrollments: Apple TV devices can be enrolled either using Apple DEP or Apple Configurator 2. Administrators can also enroll tvOS devices using Apple Configurator 2 and add them to Apple DEP.

The following procedures summarize the steps for enrolling your target Apple devices. The procedure you choose depends on your Apple device type, ownership (company-owned or personal), and also on the level of control you need to have over managed devices.

Apple DEP enrollments (iOS, macOS, tvOS)
  1. Enroll your organization in the Apple DEP program.

    When your organization is enrolled in the Apple DEP program, you order and manage Apple devices using your organization's credentials. Administrators can quickly assign desired iOS and macOS devices to the applicable Apple MDM servers and easily enroll them in KACE Cloud with Apple DEP. See this topic for more details.

  2. Link KACE Cloud with Apple DEP.

    Start by downloading your public key from KACE Cloud. When you log in to your Apple DEP subscription in ABM, configure one or more MDM servers that you want to use for KACE Cloud enrollments. Then, upload the KACE Cloud public key file to associate your MDM server in ABM with KACE Cloud. You can also specify the default MDM server for enrolling different device types. Finally, download the server tokens from ABM and upload them to KACE Cloud. Each server token links KACE Cloud to the appropriate MDM server. This enables KACE Cloud to be aware of the devices in Apple DEP. See detailed instructions here.

  3. Assign target Apple devices to Apple MDM servers.

    Using your organization's Apple account credentials, associate the devices you want to start managing with desired Apple MDM servers. See detailed instructions here.

  4. Assign KACE Cloud DEP profiles to target Apple devices.

    Create one or more DEP profiles to control the activation process of your target devices. Next, assign desired DEP profiles to the applicable macOS and iOS devices. See detailed instructions here.

  5. Activate managed Apple devices.

    Activate managed Apple devices by turning them on or resetting them to factory settings. See this topic for more details.

iOS Supervised Mode enrollments
  • Enroll iOS devices in Supervised Mode.

    Start by installing Apple Configurator 2 to your computer and attach an iOS device to the computer using a USB cable. Next, follow all steps in the wizard to activate Supervised Mode. When prompted, provide the KACE Cloud enrollment URL. See detailed instructions here.

Personal (BYOD) device enrollments (iOS, macOS)
  • Enroll personal iOS devices.

    Provide the end user with enrollment instructions. You can find them in KACE Cloud, in the Enroll Devices view when you select iOS. See detailed instructions here.

  • Enroll personal macOS devices.

    Provide the end user with enrollment instructions. You can find them in KACE Cloud, in the Enroll Devices view when you select macOS. See detailed instructions here.

tvOS device enrollments
  • Enroll tvOS devices with Apple DEP.

    Complete the same flow as for enrolling iOS and macOS devices in KACE Cloud with Apple DEP. Some additional configuration may be required if tvOS devices are already in the DEP program or if they are already set up. See detailed instructions here.

  • Enroll tvOS devices using Apple Configurator 2.

    Start by installing Apple Configurator 2 to your computer and attach a tvOS device to the computer using a USB cable. Then, select the paired tvOS device and complete the configuration. When prompted, provide the KACE Cloud enrollment URL. See detailed instructions here.

  • Enroll tvOS devices using with Apple Configurator 2 and add to Apple DEP.

    Complete the same flow with Apple Configurator 2, but ensure you add the tvOS device to the Device Enrollment Program and activate it. See detailed instructions here.