Automated Device Enrollment in Jamf Now

Automated Device Enrollment using Apple Business Manager or Apple School Manager allows you to automatically download Jamf Now management settings to hardware immediately upon activation. This means you can deploy new hardware without any IT action needed. The first time these devices turn on, they will automatically enroll with Jamf Now.

Once a device has been added to your MDM Server with Apple and linked with Jamf Now, the device's serial numbers will appear in Jamf Now in the Auto-Enrollment tab, under View Devices.

With supervision, you can push operating system updates, leverage advanced security options, and restrict core functionality of the devices like iTunes and Safari.

Setting Up Automated Device Enrollment

Requirements

An Apple Business Manager or Apple School Manager account

Note:

Requesting access to one of these deployment programs is a short sign up process, but you should expect a waiting period after signing up. Apple reviews your credentials and application, which typically takes 5 to 10 days.

  1. Log in to Jamf Now.
  2. Click Auto-Enrollment.
  3. Select Apple Business Manager or Apple School Manager and click Next.
  4. Download your Token Public Key and click Next. You will use this to create your server token with Apple.
  5. In Apple School Manager or Apple Business Manager, follow these steps:
    1. If prompted, follow the onscreen instructions to verify your identity.
    2. Click on your account name in the lower-left corner, and then select Preferences from the pop-up menu.
    3. Click the (+) Add button to the right of the Your MDM Servers heading.
    4. Enter a unique name for your MDM server in the MDM Server Name text field.
    5. Select or deselect the Allow this MDM Server to release devices checkbox.
      Note:

      Jamf recommends deselecting the checkbox. For more information, see Release Devices in Apple Business Manager.

    6. Under MDM Server Settings, click Choose File, and then upload the public key you downloaded from Jamf Now.
    7. Click Save.
    8. Select your server name listed under Your MDM Servers.
    9. Click Download Token.
    10. Choose Download Server Token from the pop-up window and save to your computer.
  6. In Jamf Now, drag and drop or click browse to select the new token from your directory and upload it to Jamf Now.
  7. Click Done.
  8. (Optional) Click Choose Setup Assistant Steps to choose the screens displayed when devices enroll.

Ensuring Jamf Now Can Access Devices

  1. Log in to Jamf Now.
  2. Click Auto-Enrollment.
  3. Click View Devices.
  4. Confirm device serial numbers are displaying on this page.

Reassigning Devices to Your Jamf Now MDM Server

If a device is not displaying its serial number in Jamf Now, edit the device's management in Apple Business Manager or Apple School Manager, and ensure it is assigned to your Jamf Now MDM server.

  1. Log in to Apple Business Manager or Apple School Manager.
    1. Click Devices.
    2. At the top of the pane, search for a device's serial number using the search field.
    3. Click on the device you want to edit, and then click Edit Device Management to reassign the device.
  2. Log in to Jamf Now.
    1. Click Auto-Enrollment.
    2. Click View Devices.
    3. Click Sync Devices.

Enrolling Devices using Automated Device Enrollment

To enroll a device, turn on the device and connect to Wi-Fi. The built-in Setup Assistant will detect that the device is associated with Jamf Now, and it will automatically enroll.

Screenshot of Setup Assistant and Remote Management by Jamf.