Adding a profile to the Apple Device Enrollment Program (DEP)
The Add Profile option in the Apple Device Enrollment Program (DEP) workflow includes two tabs: Configuration (administrators configure device settings for a DEP profile) and Skip Items (administrators choose setup configuration settings that a device user can skip during DEP device enrollment).
From the MaaS360®
Home page, select , and then click Add Profile from the
You can also add a profile at DEP page.from theThe Add Profile window is displayed.
Click the Configuration tab, and then configure the following
Option Description Name The name of the profile. Require MDM Enrollment If this option is enabled, the user must enroll the device in MDM during the setup process. The user is not shown the option to skip the MDM profile during DEP enrollment.
Note: This option is automatically enabled for iOS 11.3+ devices.
Supervise Device If this option is enabled, the device is marked as a Supervised device. Supervised iOS devices provide more restrictions, enhanced profile features, and multiple device configurations. Note: iOS 13+ devices are supervised by default. This option is not supported for macOS.
- Lock MDM Profile: If this setting is enabled, the user profile cannot be unenrolled from the device. This option applies only if the Require MDM Enrollment setting is enabled and the device is supervised.
- Multi-user Device: If this setting is enabled, Apple Education devices are configured as shared devices.
- Max Resident Users: The number of active resident users that you want to
add to a shared device.
The Max Resident Users value defines the number of partitions that you want on the device. Valid values are 2 - 99.
If the Max Resident Users value is more than the available device space, Apple restricts the device-resident user allocation on the device based on the available device space. This value is supported only on iOS 9.3+ devices.The following list explains some of the benefits of supervising iOS devices:
- Automatically installs apps without user intervention.
- Restricts an iOS device from using AirDrop to transfer a file to another device.
- Allows or blocks web content on iOS devices.
- Restricts the use of iMessage on the device.
Authenticate User If this option is enabled, user authentication is required during device boot up in DEP enrollment. The Authenticate User option is supported on iOS 7.1+ and macOS 10.9 devices. The SAML-based authentication is supported on iOS 13 and macOS 10.15 devices. To set the authentication type that you want to use, go to the Authentication Mode for Enrollment section on the Basic Enrollment Settings page (Configuring directory and enrollment settings in the MaaS360 Portal).
If you choose to authenticate against the corporate Active Directory, a device user must provide their <domain>\<username or email> credentials and their password to enroll their device in DEP.
- Device Ownership: The device is either corporate-owned or corporate-shared. The device ownership option is available only if user authentication is selected.
- Corporate Usage Policy: If this option is enabled, the user is prompted to accept the corporate usage policy when a new DEP device is added in the MaaS360 account. The user must accept this policy and the standard End User License Agreement (EULA). You can add the corporate usage policy as a TXT or HTML file from .
Allow Pairing Pairs iOS devices. This option applies only to Supervised iOS DEP-enrolled devices. If this option is enabled, the iOS DEP devices are paired with any macOS device. If this option is disabled, iOS devices pair with macOS devices by using the pairing certificate that is provided in the Pairing Certificates option.
Note: This option is not supported on iOS 13+ devices. As an alternative, you can use the Allow Host Pairing setting in the .
Pairing Certificates When a pairing certificate is used, a device continues to pair with a host that also uses this certificate (even if Allow Pairing is not selected.) If Allow Pairing is not selected, the Pairing Certificates option is available.
Pairing certificates are chosen from the Certificates option on the Apple Device Enrollment page. This certificate is created by an administrator macOS device that uses the Apple Configurator with Organization Identity to pair iOS devices that are enrolled with the certificate.
Department The department name that the enrolled device belongs to. Support Phone Number The phone number that device users can contact for DEP setup support. The administrator can update this phone number when they add a DEP profile. Assign The token that is assigned to a profile. All devices that use this token are assigned to the profile. For this option, you can assign the profile to all unassigned devices, to all devices, or to none of the devices.
Click the Skip Items tab, and then select the options that you want
device users to skip during DEP enrollment.
- Click Add to save and add the profile configurations.
- Enter the administrator password to add the profile, and then click Submit.
The profile is added successfully and listed on the Profiles page.