Technical overview of DEP

DEP stands for Device Enrolment Program and it’s Apple’s way of trying to meet the modern enterprise requirements of iOS device management. That’s quite a mouthful so we need break it down into each smaller feature set.

The Good Old Days

For those of us that are used to Ghost or SCM to build corporately managed kit, DEP is a good step towards regaining a large amount of control over iOS devices and improving the user Out of Box experience.

So what does DEP offer?
Apple DEP simplifies initial setup by automating Mobile Device Management (MDM) enrolment. The device requires MDM enrolment as the final stage of the Out of Box experience and means the device is unusable until enrolled. This is great for busy IT staff who may not have time to configure devices.

Another great feature is wireless over the air (OTA) supervision of devices and again this is enabled during setup, and allows you to force corporate device configurations down the devices without the need to touch them.

Other features include simplifying the setup process for the user by skipping certain Setup Assistant screens so users can start using their devices straight out of the box whilst being fully MDM enrolled.

Force MobileIron Registration Out of the Box

MDM out of the box. Awesome.

Wireless/OTA Supervisor Mode

Supervision provides a higher level of device management for corporately owned iOS devices. It allows access to the additional restrictions configuration in MobileIron and its wealth of options. With Apples’ DEP you can wirelessly enable supervision mode on a device as part of the setup process.

Hassle Free Device Deployments

With Apples’ DEP features enabled deployments of iPad, iPhone and Mac are hassle free. Once users activate their devices, you can immediately configure devices to the corporate standard without touching the device.

Great User Experience

DEP also makes it easier for users to set up their own corporately owned iOS devices and Mac computers. Using MobileIron to configure your devices, users have hassle free out of box experience.

How to configure DEP?

The DEP configuration in MobileIron is mainly an admin exercise. You need to head over to deploy.apple.com and follow the instructions. Note if you have a VPP account you can use this for DEP as well.

You will need to talk to your iOS hardware vendor too, to check they support DEP.

DEP Setup and Core Configured – What Restrictions to Enable?

The iOS Restrictions menu is the next place to have a look. In there are a number of features that require Supervisor Mode to enable. Here are two to start with that almost all companies will want to enable.

1. Stop removal of apps. This is probably the most useful feature as it stops users removing anything including the Mobile@Work app.
2. Dis-allow erase all settings – no more iPads being sold on eBay

There are many more configurable items too, and Apple DEP. Whether you are trying to make users happy, reduce IT costs by not having to pre-configure devices or wanting more control, DEP is a great place to start.