Apple DEP and MDM Solutions

26th July 2017
Group project work on an Apple desktop

As an Apple Authorised Seller we are able to centrally register the Macs and iPads we lease to customers with Apple, which helps them with the management of their assets. Apple’s Device Enrolment Programme (DEP) an efficient way to deploy Macs, iPads and other iOS devices which you have leased across a business or school. The DEP allows you to choose to supervise from a distance any iOS devices owned by your business but used by your staff, whether they’re office based or work remotely. This higher level of management allows you to add restrictions, such as turning off Game Center and iMessage and blocking certain apps from the device. With the Device Enrollment Program, large-scale deployments of iPad and Mac are seamless. Your devices are configured through a management solution, and users are guided through the activation process with the built-in Setup Assistant. You can streamline setup by specifying that certain steps in Setup Assistant be skipped — such as screens for Apple ID, passcode, or terms of service.

Through the Device Enrollment Program, businesses can choose to supervise corporate-owned iOS devices over the air and the supervision of this provides a higher level of device management customising configurations and features specific to your school or business.

What can I do with DEP?

Configuring DEP allows you a number of options:

  • Force the device to enroll with an MDM such as AirWatch
  • Select which MDM group devices should be a part of initially
  • Disable users ability to un-enroll from the MDM manually
  • Place device in supervised mode
  • Restrict device from pairing with macOS computers
  • Disable sending diagnostics information to Apple
  • Display personalised contact information for support

In addition, you can add a Mobile Device Management (MDM) profile for each device. The MDM allows the centralised control and deployment of software. Using an MDM gives you the ability to configure access to corporate services, account setting, and even which apps can be used. This removes the need to deploy your devices manually and means that your staff can get working as soon as the device is turned on. There is no need to have someone from your IT team physically set up each device individually.
This is only offered by Apple Authorised Sellers or direct from the Apple Store. HardSoft have provided roll outs to such organisations as the Marie Curie cancer charity as well as Dee Valley Water.
If you lease from HardSoft, with a minimum of 15 users, we use the Airwatch MDM software solution – which costs 80p per week extra on a three year lease. The Benefits of an MDM solution are massive but if you want to know more take a look at the FAQs below, or give our sales team a call on 020 7111 1643 and they will be happy to talk you through why DEP and MDM make sense for your business or school. Ask for a free Demo on Airwatch.

FAQ’s on the Apple Device Enrolment Program

Does HardSoft manage the whole DEP process? Not entirely. HardSoft role in the device enrolment process consists of order management functions, such as providing device serial numbers or IMEI numbers, creating a customer’s DEP Customer ID, providing our DEP Reseller ID, and a few other order details. Further actions in the programme — such as claiming and assigning devices in the DEP website and or to MDM servers — are the responsibility of the customer.
What resellers, distributors or carriers are eligible to support Device enrolment for their customers? Any Apple Authorised Reseller such as HardSoft, or Telecoms carrier, such as O2, EE is eligible to participate in the programme.
Can adding devices into the DEP resolve issues with the new law General Data Protection Regulation (GDPR)? No though DEP is the first stage in adding a Mobile Device Management Solution such as Airwatch that would conform. The new GDPR law states you must implement “appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including…encryption of personal data” (Article 32, Security of processing).  In the event of a data breach, the organisation is not required to inform individuals of the breach if measures that “render the personal data unintelligible” were in place, including encryption (Article 34, Communication of a personal data breach to the data subject). GDPR is a concern to all Companies with the potential for heavy fines. Mobile devices such as iPads ‘roaming;’ the country with Data on are a hole in an IT security set up that needs addressing.
What customers are eligible to sign up for the device enrolment program? DEP is available to qualifying businesses. Generally, a client with 10 or more mobile devices feels the benefit. The device enrolment service of Apple School Manager is available to state, independent, primary and secondary schools, colleges and eligible educational organisations…
What does the customer need to provide to Apple to enrol devices? We require the customer’s DEP Customer ID (Apple will provide this to the customer after on line registration), the HardSoft DEP ID, the device IDs of the devices sold (serial numbers or IMEI numbers), and a few details about the order, such as delivery date.
Does HardSoft specify in the terms of sale that the device must be removed from device enrolment when the customer no longer owns it? No but the Apple device enrolment terms agreed to by the customer at sign up require a customer to remove devices that they no longer own from their DEP. Be aware that any devices lost, stolen will need removing.
Is there a charge to participate in Apple device enrolment? Apple does not charge customers to participate in DEP or the device enrolment service or Apple School Manager scheme. An MDM solution such as Airwatch would be at extra cost.
Can HardSoft help by enrolling devices into Device enrolment? Unfortunately no. End users must enrol in DEP or the device enrolment service of Apple School Manager and accept the terms and conditions themselves. Customers who request HardSoft to perform additional integration or management services (such as an MDM) can latterly create an admin account within their DEP portal or Apple School Manager portal to add and manage these services on the customers behalf.
Could customers create their own API? Organisations should be able to develop functional integration with Apple’s device enrolment APIs using two or three developers in about 10 weeks. Alternatively an off the shelf solution should be considered. HardSoft offer VMWare Airwatch.