What is the Apple Device Enrollment Program?

Quick Definition: Automated Device Enrollment (ADE), formerly known as the Device Enrollment Program (DEP), is Apple's automated device management solution that lets IT teams configure and deploy iPhones, iPads, and Macs without touching each device. It's part of Apple Business Manager and Apple School Manager, giving organizations zero-touch deployment for their Apple devices.

Managing a fleet of Apple devices can feel like herding cats. You've got new employees starting every week, each needing their iPhone configured to work with your systems. Students need iPads with specific apps and restrictions that prevent non-school activities on educational devices. 

With all of this going on, you're also trying to keep everything secure while not spending your entire day setting up devices one by one. All management now happens through the Apple Business Manager portal at business.apple.com or the Apple School Manager portal at school.apple.com, replacing the legacy deploy.apple.com portal that was retired in 2019.

Automated Device Enrollment (ADE) makes all of these processes much easier to complete. ADE transforms device deployment from a manual chore into an automated process that just works. The goal is to get Apple devices into users' hands quickly and securely.

What is Apple’s Automated Device Enrollment (ADE)?

If you have ever wondered how businesses that use Apple devices exclusively for their users manage and deploy everything, then ADE is usually the answer. It's enterprise device management at scale for Apple hardware, similar to how Windows Autopilot works for Microsoft devices. It's part of Apple Business Manager (ABM) and Apple School Manager (ASM). It automates device setup so IT teams can focus on bigger things like projects and processes.

When businesses buy devices through authorized channels, the device serial numbers get associated with your organization's Apple Business Manager or Apple School Manager account. The actual enrollment happens when the device first powers on and contacts Apple's servers. The moment someone powers on their new iPhone or iPad, it automatically connects to your servers, downloads your configurations, and sets itself up with your policies. No manual intervention is needed.

This approach is similar to Windows Autopilot, where devices are configured dynamically with policies rather than using old-school disk imaging.

This isn't just for big corporations. Schools, small businesses, and start-ups use ADE to lock down client-facing devices, set up new devices, and prepare everything for the end user before it is handed to them. ADE can save serious time for anyone who manages more than a few Apple devices.

How ADE Works: A Step-by-Step Overview

ADE feels like magic—probably because most of what it does happens behind the scenes. Here's what it looks like:

Purchasing Devices

You buy devices directly from Apple or an authorized reseller. They register these devices to your ADE account within Apple Business Manager or Apple School Manager before shipping them out. This link between the device and your organization is permanent, even a factory reset won't break it.

Device Enrollment

When someone unboxes their new device and turns it on, it connects to Apple's servers. Apple sees it as an ADE device and points it to your MDM (Mobile Device Management) server. All this happens during the setup process.

MDM Integration

Your MDM solution takes over from here. It pushes configs, apps, and security policies onto the device. Two of the most popular MDM solutions are Microsoft Intune and Jamf, which work extremely well with ADE. The device gets everything it needs without the user doing anything difficult.

Zero-Touch Deployment

Users get devices that are ready to go from the time they are powered on. This includes emails, apps, and security policies. They can generally start working immediately without waiting for IT to set things up.

Ongoing Management

Since the device stays enrolled in your MDM, you can update policies, push new apps, or wipe devices remotely if the need ever arises. Even if someone tries to bypass your controls with a factory reset, the device re-enrolls automatically.

What are the Benefits of Using Apple's ADE?

Some of the benefits are already clear—ADE is very simple to use and gives companies more control with less work. Let's look at the benefits in a bit more detail. 

• Automated Deployment: IT doesn't have to handle each device, and users don't have to wait for devices to be set up. This allows companies to ship a device directly to a remote employee's home, and it configures itself when they turn it on. If that isn’t magic, then what is?

• Security and Compliance: Devices can't escape management because their serial numbers are registered in Apple's cloud infrastructure, and ADE enables supervised mode over the air. This makes the MDM profile non-removable. Every device stays compliant with your security policies, no matter what users try to do.

• Streamlined User Experience: This means happier employees and students. Nobody likes waiting around while IT configures their device. With ADE, they unbox, power on, and start using their device in minutes. All the apps they need are there, passwords are synced, and everything just works.

• Scalability: This is the icing on the cake with ADE. The hands-on setup time per device stays the same regardless of scale, but ADE eliminates the manual labor that would normally start to add up with larger deployments.

ADE vs. Other Apple Device Management Methods

Each method has its place. Manual enrollment works fine for a few devices. Configurator 2 gives you supervised mode but requires physical access to devices. ADE gives you the best of both: supervised capabilities with zero-touch deployment.

Common Use Cases for ADE

ADE can be used in a variety of industries and use cases. Here's a look at the most common, including the specific benefits for different industries. 

• Enterprise IT Departments: New hire starting next week? Ship their iPhone directly to them. It'll be configured with corporate email, VPN profiles, and security policies in a few minutes.

• The Education Sector: ADE makes it easier to manage classroom iPads, which usually involves large device counts at scale. Teachers get devices with educational apps pre-installed, and students get locked-down devices that can't access social media during school hours (or at all). IT admins manage thousands of devices without leaving their desk, which is what nature intended.

• Retail and Hospitality: These businesses use ADE for point-of-sale systems and customer service devices. iPads can be locked down to only run a POS (Point of Sale) or any other hospitality app. You can configure devices for different store locations automatically, which is handy if Location A needs different functionality to Location B. The added bonus is that replacing broken or damaged devices is quick without store visits from technical staff.

• Healthcare: Health organizations need extra-tight security for patient data. ADE helps enforce the technical controls needed for HIPAA compliance, like disabling iCloud backups, restricting AirDrop, and deploying HIPAA-compliant apps. But you'll still need proper Business Associate Agreements and other compliance measures beyond just device management. Patient-facing iPads stay locked to specific apps, and staff devices get configured with secure communication tools, especially if there is patient record access.

How to Get Started with ADE

Getting started with Automated Device Enrollment isn't hard, but you need to follow the right steps:

1. Enroll in Apple Business Manager or Apple School Manager: This free service is where you should start with ADE. Sign up at business.apple.com or school.apple.com. You'll need your organization's D-U-N-S number and someone with legal authority to sign the agreements.

2. Purchase Devices from an Authorized Reseller: Not every seller can add devices to ADE. You might need to work with Apple directly or find an authorized reseller who participates in the program. After that, they'll need your Organization ID to link devices to your account.

3. Assign Devices to an MDM Solution: Before devices arrive, connect your Apple Business Manager account to your MDM server. Microsoft Intune, Jamf, and other MDM platforms now have built-in ADE support. This connection lets your MDM automatically claim and configure new devices quickly and easily. 

4. Configure Deployment Policies: An added bonus is that you can set up your enrollment profiles in the MDM, and decide which apps to install. You can also look at which restrictions to enforce and how devices should be configured. There’s an option to create different profiles for different user groups, which makes sense because executives might need different settings than warehouse workers.

5. Deploy Devices to Users Without Manual Setup: Ship devices directly to users or hand them out in person without setting anything up. The setup process is the same - users turn on the device, and it configures itself. Your IT team can focus on support instead of setup, which is better for everyone.

Conclusion

Automated Device Enrollment takes the pain out of device deployment. You don’t have to spend hours configuring devices one by one. No more worrying about devices escaping management or being repurposed if they’re stolen. No more delays getting new employees up and running and losing valuable working hours, it's all handled automatically.

Scaling is important, and you get the same experience if you're managing a handful of devices or thousands. When you combine ADE with a solid MDM solution like Microsoft Intune, you've got everything you need to manage Apple devices at any scale.

For IT teams that are tired of manual device setup, ADE is a game-changer. Users get devices that work right out of the box, and you get centralized control with solid security. Everyone wins. 

Want to learn more about managing Apple devices in the enterprise? This CBT Nuggets Microsoft Intune Online Training course covers Apple ADE integration and much more.