Integrating with Apple's Device Enrollment

The Device Enrollment settings allow you to integrate with Apple’s Device Enrollment (formerly DEP). This is the first step to enrolling a device with Jamf Pro using a PreStage enrollment. After Jamf Pro is integrated with Device Enrollment, you can use Jamf Pro to configure enrollment and device setup settings.

To integrate with Device Enrollment, you need to do the following:

  1. Download a public key (.pem) from Jamf Pro.

  2. Obtain a server token file (.p7m) from Apple.

  3. Upload the server token file to Jamf Pro to configure a Device Enrollment instance.

For more information about Device Enrollment, see the following websites:

Requirements

To obtain a server token file from Apple, you need an Apple Deployment Programs account.

You can apply for an account at:

Downloading a Public Key

Before you can obtain the server token file from Apple, you need to download a public key from Jamf Pro.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/17105110/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/18787063/Device_Enrollment_Program.png .

  5. Click Public Key to download the public key.

The public key (.pem) is downloaded immediately.

Obtaining the Server Token File

To download the server token file, you need to upload your public key to the deployment program instance.

  1. Log in to the deployment portal, such as Apple School Manager or Apple Business Manager.

  2. (Optional) Follow the onscreen instructions to verify your identity.

  3. In the sidebar, select Manage Servers in the Devices category and then click Add New MDM Server.

  4. Enter a name for your MDM server.

  5. Click Upload File, and then upload the public key (.pem) you downloaded from Jamf Pro.

  6. Click Save.

The server token file (.p7m) is downloaded immediately.

Uploading the Server Token File to Configure Device Enrollment

This process creates one Device Enrollment instance in Jamf Pro. To meet the needs of your organization, you can repeat the process to create multiple instances.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/18787063/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/18787063/Device_Enrollment_Program.png .

  5. Click New images/download/thumbnails/17105124/Icon_New_Button.png .

  6. Enter a display name for the Device Enrollment instance.

  7. Click Upload Server Token File to upload the server token file (.p7m) you downloaded from Apple. This creates one instance of the program in Jamf Pro.
    The information contained in the server token file is displayed.

  8. (Optional) Choose a supervision identity to associate with the Device Enrollment instance. For more information, see Supervision Identities.

  9. Click Save.

  10. To configure another instance, repeat steps 5-9.

Refreshing Device Enrollment Instance Information

Jamf Pro allows you to manually refresh information in the Device Enrollment instance as needed.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/18787063/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/18787063/Device_Enrollment_Program.png .
    A list of program instances is displayed.

  5. Click the program instance you want to refresh.

  6. Click Refresh.

If there is updated information in Apple School Manager or Apple Business Manager, this information is displayed in Jamf Pro.

Further Considerations

  • If you upload a new server token file (.p7m) to renew an expired Device Enrollment instance, it is recommended that you do not delete the expired instance from Jamf Pro before uploading the new server token file.

  • Deleting a Device Enrollment instance removes the instance from Jamf Pro but does not delete the settings in Apple School Manager or Apple Business Manager.

  • If necessary, you can remove a device from Apple School Manager or Apple Business Manager by releasing the device using the Apple portal. In the Device Enrollment Program (DEP), this action is equal to disowning devices. Releasing or disowning a device that is currently enrolled with Jamf Pro does not remove the device from Jamf Pro.
    For detailed information on disowning devices or releasing devices, see Apple's documentation:

    • Release devices
      Find out how to release devices in Apple School Manager.

    • Release devices
      Find out how to release devices in Apple Business Manager.

    • Disown devices
      Find out how to disown devices from Device Enrollment Program.

Related Information

For related information, see the following Jamf Knowledge Base videos:

For related information, see the following sections in this guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2018 Jamf. All rights reserved.