In this article, you will learn how to enroll devices in Apple School Manager’s Device Enrollment Program (DEP) and manage them using Mobile Guardian.
#Note: Apple's DEP is now part of Apple School Manager (ASM)
Once your devices are set up within Apple School Manager and Mobile Guardian, you can manage them easily and effectively with Mobile Guardian.
What Will You Learn?
- Step 1: How to Download the Public Key from Mobile Guardian
- Step 2: Creating an MDM Server on Apple School Manager
- Step 3: How to Upload the DEP Token to Mobile Guardian
- Step 4:Assigning devices on ASM to the MDM
- Step 5: Syncing Devices on Your Mobile Guardian Dashboard
- Step 6: Device Enrollment
- Step 7: Keeping Your DEP Token Up to Date
By following this guide, you'll be able to efficiently manage your devices using Apple School Manager and Mobile Guardian.
Step 1: How to Download the Public Key from Mobile Guardian
Firstly, you'll download a public key from Mobile Guardian, which you will then upload to Apple School Manager's Device Enrollment Program (DEP) in Step 2: Creating an MDM Server on Apple School Manager.
- Log in to your Mobile Guardian dashboard.
- Click on "Settings," then select "iOS MDM Settings."
- Scroll down to the "APPLE DEVICE ENROLLMENT PROGRAM (DEP)" heading.
- Under "Getting Started" on the right-hand side of your screen, download your public key: Mobile_Guardian_Apple_DEP_cert.pem, and save it to an easily accessible location.
#Note: The default file name is Mobile_Guardian_Apple_DEP_cert.pem. If you're downloading multiple keys, be sure to name them according to their applicable server.
Great job! You have now downloaded the public key and are ready to move on to the next step.
Step 2: Creating an MDM Server on Apple School Manager
In this step, you'll learn how to use your freshly downloaded Mobile Guardian public key to create an MDM server on Apple School Manager (ASM). After completing this step, you will have uploaded the Mobile Guardian public key to ASM's Device Enrollment Program (DEP) and downloaded an Apple DEP token. This Apple DEP token will then be uploaded to Mobile Guardian in Step 3: How to Upload the DEP Token to Mobile Guardian.
- Log in to Apple School Manager.
#Note: You may need to go through a verification process while logging in. If this is your first time signing in on your device, we recommend selecting "Trust" when asked, “Trust this browser?”
- Click on the User icon, then click on "Preferences.”
- Click on "MDM Server Assignment."
- Select "Add MDM Server."
- Specify your MDM Server Name. We suggest naming the server after the relevant school and Mobile Guardian for future clarity.
- Click the "Choose File" button under "MDM Server Settings," and locate the public key file ending in .pem.
- Select the file and click "Open" to upload the public key downloaded in Step 1, then click the "Save" button to save the settings and configure the server.
- Once the server is configured, select "Download Token" below the name of the server and save the token to an easily accessible location. (The file name will end with .p7m)
Great job! You have now created an MDM server on Apple School Manager and downloaded the Apple DEP token, ready for the next step.
Step 3: How to Upload the DEP Token to Mobile Guardian
In this step, you'll learn how to upload the DEP token to Mobile Guardian, which we created in Step 2.
- Log in to your Mobile Guardian dashboard.
- Click on "Settings," then select "iOS MDM Settings."
- Click the "Upload Server Token" button”.
- Select the file downloaded in part Step 2 (the file name ending in .p7m).
The file will upload, and a completion message will appear at the top right of your screen, indicating you have successfully uploaded the DEP token to the dashboard.
Congratulations! You have successfully uploaded the DEP token to Mobile Guardian.
Recommended DEP Settings for Mobile Guardian
Mobile Guardian is easily adaptable to your specific Mobile Device Management needs. Below are our minimum recommended device management settings for Mobile Guardian. If you have specific setup requirements, please contact us for guidance on achieving the best results.
Let's learn more!
For effective Mobile Device Management, we recommend the following DEP Settings for Apple School Manager.
- Log in to your Mobile Guardian dashboard.
- Click on "Settings," then select "iOS MDM Settings."
- Recommended Settings for iOS Devices:
Allow Pairing
- Recommended: Enable this to allow admins to retrieve device logs and sync devices with a computer.
- Recommended: Enable this to ensure all devices are supervised.
- Optional: Enable this for shared devices to allow multi-user management.
- Recommended: Enable this to ensure devices re-enroll if they are wiped or reset.
Allow Removal of MDM
- Optional: Enable this to allow users to remove Mobile Guardian if needed.
Show These Screens
- Optional: Choose which screens to display upon device reset.
After making any changes to your APPLE DEVICE ENROLLMENT PROGRAM settings, click on "Update Settings."
We recommend these settings as a foundation for your MDM setup. Additionally, further customization to align with your policies at the grade, school, or district level is recommended.
Don't hesitate to contact us if you wish to learn more about setting up an MDM solution suitable for your learning environment.
Step 4: Assigning Devices on ASM to the MDM server
Once you have successfully uploaded the DEP token to Mobile Guardian, you will now assign Devices on Apple School Manager to the MDM server(Mobile Guardian)
- On Apple School Manager on the navigation panel click on Devices
- Select the device/s that you would like to add to the MDM
- Once you have selected your chosen devices click on "Edit MDM Server"
- You will get a pop-up screen on ASM that says "Edit MDM server assignment"
- Tick Assign to the following MDM
- In the drop-down box select the MDM that you would like to assign the device too
- Once you have selected the MDM server (Which was the name you specified in Step 2) Click Continue
- You will get another pop-up after to confirm the assignment of the device/s click Confirm
- Once the devices are successfully assigned you will receive a message stating that "All devices were successfully updated"
- Click Done
Step 5: Sync Devices on Your Mobile Guardian Dashboard
Whenever new devices are added to your Apple School Manager profile, you’ll need to manually sync these devices with Mobile Guardian. Let’s find out how!
- Log in to your Mobile Guardian dashboard.
- Click on "Settings," then select "iOS MDM Settings."
- Scroll down to the “APPLE DEVICE ENROLLMENT PROGRAM (DEP)” heading.
- Select "Resync Devices" to update your new Apple School Manager devices with Mobile Guardian.
- The new devices will appear in your device list, but they will be greyed out and will need to be reset before enrollment.
Your new devices are now added to both Apple School Manager and Mobile Guardian! Next, we will learn about device enrollment.
Step 6: Device Enrollment
- Before enrollment, devices will need to be reset.
- Once reset, follow the steps in our article DEP Device Enrollment after Device Reset.
To learn more about adding devices to an MDM server or moving existing devices between servers, see this article on How to Add or Move Devices.
#Note: Remember, any time a new device is added to an MDM server, you’ll need to Resync Devices as shown in Step 4 above.
Congratulations! You’re almost done setting up your Apple Device Enrollment Program with Apple School Manager.
Step 7: Keeping Your DEP Token Up to Date
A DEP token has a 12-month lifespan and needs to be updated annually.
In this section, you’ll learn how to easily update your DEP token to ensure continued management of your devices.
You can view the expiration date of your DEP token within your APPLE DEVICE ENROLLMENT PROGRAM settings as shown below:
Well done, you have now learned how to upload a new DEP token and update an expiring one.
Adding Devices to an MDM Server
Adding devices to an MDM server is essential for successful synchronization with the dashboard.
To learn how to add devices to an MDM server or move existing devices, please refer to this article on How to Add or Move Devices.
#Note: Devices can be moved into the MDM server at any time but must be followed by a Resync of Devices from the Mobile Guardian Dashboard as shown in Step 5.
Congratulations, you have learned a considerable amount about the Apple Device Enrollment Program, Apple School Manager, and Mobile Guardian!
Please let us know if you found this article helpful
Thanks for reading 🙂