Apple Configurator 2 Enrollment

The following steps will assist you in the enrollment process for iOS devices with Apple Configurator 2 into FileWave.

This guide assumes you've already set up DEP in FileWave and that your devices are assigned to a MDM server within Apple School/Business Manager. If not, please review the KB article to add devices to Apple School/Business Manager.

Prepare

Before starting be sure you have:

A running FileWave server with your HTTPS certificate, APN, and DEP (if using DEP) settings in the preferences completed
- To set up DEP, see "VPP and DEP preferences" and "Working with Apple’s Device Enrollment Program (DEP)"
- For HTTPS certificate and APN setup, follow the Quick Start— MDM guides for OS X or Win, according to which OS your Admin is installed on: Apple General Settings (APN)
Wi-Fi profile: This can be created in AC2 File > New Profile > Wifi; alternatively, you can create this in FileWave.
An OS X 10.11 device with Apple Configurator 2 installed
iOS device 7.0+ and lighting cable
Access to the ports specified below

Network Considerations

Clients and the FileWave server need to be able to connect to each other and to Apple with the following ports:

20443-20445
2195-5223

DEP AC2 Enrollment

1. Make sure you've created your association in FileWave, in the DEP Association Management window under the Assistants menu (between the DEP profile and devices). Simply click and drag the devices over to the right pane, on top of the profile you created. This profile contains settings such as whether the device will be supervised, setup items, and how the device will be named.
2. You're now ready to work in AC2, so connect the iPad to your Mac with a lightning cable and launch AC2.
3. When you see the device in the Connect Device pane, left-click the device and hit the Prepare button at the top, with the gear icon.
4. Select the Automated Enrollment option from the drop-down menu and hit Next.

ac2autoenroll

1. You'll then need to upload a Wi-Fi profile. Hit Choose and locate the profile via Finder. When you create the Wi-Fi profile, select the "(iOS8 or later except Apple TV)" option for your WPA2 security types.

ac2wifi

1. Choose the Security Type

wifisecurity

1. You'll now be prompted for Automated Enrollment Credentials, which should have been created during your FileWave MDM setup using the Quick Start guides (linked to in the Prepare section at the top of this article). If you want to use LDAP authentication, you'll need to type in one set of credentials. If you have multiple devices connected, you won't be able to use a different user name/password for each device with AC2.

ac2enrollcreds

After you type in your credentials, hit Prepare, which will start the configuration. If you've already prepared the device, you'll be prompted to hit Restore or Stop. You must hit Restore to allow AC2 to finish the process as follows:
1. Downloading iOS
2. Unzipping iOS
3. Installing iOS
4. Downloading activation record for the iPad
5. Activating iOS on the iPad
6. Downloading and applying cloud configuration
7. Awaiting final MDM configuration
The iOS device will prompt you to "Slide to continue" at the Hello screen. Next, go through the setup options (such as Location Services) that you previously set up to enable or skip in the DEP profile in FileWave. Completing these steps will land you on the home screen of the iOS device, where you'll see the FileWave App Portal.
If you don't have auto-enrollment set up in FileWave (located in the Checked-in Clients section), go into the Admin to bring the device into the system.

Congratulations! You have now enrolled a DEP iOS device with Apple Configurator 2 into FileWave!

Non-DEP AC2 Enrollment

1. Copy the URL at the bottom of the Device Enrollment tab in the Enroll iOS Device window. (Assistants > Enroll iOS).

EnrolliOSDeviceURL

1. Under the AC2 Preferences, create an organization

ac2organizations

1. Under the Servers tab, hit the + sign at the bottom left.
2. Name the server, and then paste the Enrollment URL you got from the FileWave Enroll iOS window. Hit Save. Note: AC2 tries to change the URL to "DEP" instead of "device_enrollment," so after you save the server, hit the Edit button, paste the enrollment profile, and save again.

ac2servers

1. You're now ready to connect the iPad to your Mac with a lighting cable and launch AC
2. When you see the device in the Connect Device pane, left-click the device and hit the Prepare button at the top, with the gear icon.
3. Select the Manual option from the drop-down menu and hit Next.

ac2preparemanual

1. You will then be at the "Enroll in MDM Server" screen, use the drop-down menu to select the server you created in step 4

ac2enrollserver

1. On the next screen, choose whether to supervise your device. Supervision determines the amount of control you have over your device in FileWave. If you decide to start supervising the device later, the device will first have to be wiped.

ac2supervise

1. On the Assign to Organization screen, pick the organization you created in Step 2

ac2assignorganization

Your final task in AC2 is to configure the iOS setup screen. This will allow you to skip certain steps during the configuration on the Hello screen. Note: If you're planning to use the location-tracking feature in FileWave, you'll want to enable Location Services during setup.

ac2configuresetup

Hit Prepare to start the configuration. If you've already prepared the device, you'll be prompted to hit Restore or Stop. You must hit Restore to allow AC2 to finish the process as follows:
1. Downloading iOS
2. Unzipping iOS
3. Installing iOS
4.Downloading activation record for the iPad

Note: If you get the AC2 error "This operation couldn't be completed. (NSCocoaErrorDomain - 0x64 91000))," hit Stop and try to prepare the device again. The preparation will go more quickly this time, taking only two steps.

The iOS device will now be at the Hello screen. Hit Next and enter the Wi-Fi.
Next, go through the setup options (such as Location Service) that you previously set up to enable or skip.
Prompted now will be "your organization can automatically configure your iOS device". You'll be asked to apply or skip the configuration.
After you hit Apple Configuration, you'll be prompted for a user name and password. This needs to be created on your FileWave server. To create a new user, use the following command on your FileWave Management Server, where [username] is the name you would like to use:

fwcontrol mdm adddeuser [username]

Then submit a password for the new user.

After you accept the Terms and Conditions from Apple, hit Get Started. The iOS device will be on the home screen.
If you don't have auto-enrollment set up in FileWave (located in the Enrolled Mobile Devices section), go into the Admin to bring the device into the system.

Congratulations! You have now enrolled a Non-DEP iOS device with Apple Configurator 2 into FileWave!

Working with Apple’s Device Enrollment Program (DEP)

Add or Renewing your ADE (DEP) Account Token

DEP Naming

Automatically Assign DEP profiles

Apple TV Automatic Advance (DEP)

DEP Notify - How to provide progress visibility during DEP activation (macOS)

Minimum OS version for enrolling Apple devices via ADE

Test macOS ADE (DEP) Enrolments with a Virtual Machine

DEP Troubleshooting

DEP Forbidden Error

Apple’s Volume Purchase Plan and License Management

VPP Token Renewal

Managing VPP App Updates for macOS / iOS / tvOS devices

Redeeming VPP/Gift Codes

VPP Application Upgrade Timing

VPP User Assignment for iBooks with Managed Apple IDs

Unremovable VPP Applications

VPP Notifications (Apple VPP API v2)

Migration to VPP Location Based Tokens

VPP Token Revoked Error

VPP Kiosk Error Details

VPP Device Assignment

VPP Licensing Reservations (v14+)

Apple Configurator 2 Enrollment

Prepare

Non-DEP AC2 Enrollment

No Comments