How does DEP work?

Once DEP is setup and configured, it provides the easiest method for you to automatically enroll corporately purchased devices in your MDM solution. It also gives you the greatest level of control over Apple devices. So, how does this happen?

First, let’s start with the purchasing process. Devices must be purchased either directly from Apple or from an Apple-authorized third-party reseller in order to be automatically added to the DEP program. If you have devices that were not purchased through one of these avenues, they can still be added to the DEP program, but it’s a little more complicated. We’ll cover that in a later section. For now, just know that the easiest path is to purchase devices directly from Apple or through an authorized reseller.

So, what happens after you’ve purchased the device?

  1. Apple, or the reseller, will upload the serial numbers of the devices that you’ve purchased into the DEP portal.
  2. These devices are then assigned to an MDM server in the DEP portal. This is either done manually by you or someone in your purchasing department, or it can be done automatically by device type. We’ll look at that in more depth shortly.
  3. The devices are synchronized with KACE Cloud (KACE Cloud) and assigned to a DEP profile (again, either manually or automatically, depending on how you’ve configured it).

These three steps need to occur before the device is activated for the first time. If the devices have not shown up in your Apple DEP portal (a.k.a. Apple Business Manager), then you will need to wait for either Apple or the reseller to finish uploading the device information. Typically, this happens quickly, but we have seen it take a few days.

Once the devices have made it into the DEP portal, been assigned to an MDM server, synchronized with KACE Cloud, and been assigned to a DEP profile, the device can be activated. Here’s how that works:

  1. The device is turned on for the first time (or factory reset if you want to re-provision with a new DEP profile).
  2. The device contacts the Apple activation server, reports its serial number, and requests an activation profile.
  3. Apple sends the DEP profile to the device, along with the MDM server information.
  4. The device (if configured in the DEP profile), automatically enrolls with KACE Cloud during the activation process.
  5. The device will show up in the KACE Cloud 'Device' list once enrollment is complete. These devices will NOT have a user assigned to them automatically since that information is unknown during the enrollment process, but you can assign a user afterwards.
  6. All configuration items marked for auto-deployment will be automatically sent to the device once enrollment is complete, and the device will be ready for use by your end user.