What is DEP?

Posted by Charles Edge on August 8th, 2014

Apple’s Device Enrollment Program (DEP) allows organizations to automatically setup large numbers of devices without lifting a finger. Well, per device at least. What we mean by this is that if you use a Mobile Device Management (MDM) solution, such as Bushel, you will be able to configure that solution to configure your devices automatically once they’re on a wireless network. Each of your coworkers, students or employees can take the wrapper of their own device, log into the wireless network and have the device setup mail, apps and apply security settings! Cool, right?!?!

The Device Enrollment Program does this through enabling device supervision, allowing  over-the-air management and is the only way to force a Mobile Device Management solution on devices (if you aren’t using DEP, devices can unenroll from an MDM solution). DEP is good for pretty much any environment, including those running various COPE (corporate owned, personally enabled) models for mobile device integration. BYOD (bring your own device) devices won’t necessarily qualify because DEP requires the organization purchase any devices being managed. Philosophically, BYOD devices should be allowed to unenroll from an MDM solution at any time.

DEP was introduced to help solve some of the pain points organizations have faced since iOS management was introduced in 2008, back when the iPhone 3G was the coolest device on the planet. The initial focus was on ActiveSync configuration and basic security policies, such as enforcing passcodes on devices. The initial plan was to put profiles on devices manually. After a little while, MDM itself was released relieving the hassle of having to manually distribute profiles (and to resolve the issue where every change required replacing the whole profile). MDM was then extended to allow for new features and device supervision was introduced for completely locking down organizationally owned devices. In 6 short years, Apple has changed the way IT looks at managing devices, and DEP is one of the most substantial of these changes.

So now that you think DEP is pretty cool, here are some requirements to be able to leverage the program:

  • Your organization must have a terms account setup with Apple. If you are in Education, your account team will handle this for you. If you are a retail customer, the Apple Business team in the stores can help you out!
  • You must buy devices on a PO using your terms account. This acts as an authenticator of sorts, letting Apple confirm that yes, you own a device and are allowed to make changes for users who get to use those devices. This means any devices you purchased prior to joining the DEP program will not work in a DEP-based workflow.

You must have an MDM solution that supports DEP. Luckily Bushel is such a solution!

Once you meet all of the prerequisites, you can upload your DEP token to your MDM portal (such as ours) and then get to supervising devices in a no-touch scenario! Good luck!