Control Await Configuration state (DEP enrolled devices)

What

When Apple devices are enrolled via the Device Enrollment Program (DEP)—now known as Automated Device Enrollment (ADE)—they enter an “Await Configuration” state during the initial setup. In this mode, the user cannot interact with the device until the configuration process is complete, ensuring that devices are properly set up according to organizational policies before they are handed over to end-users.

Starting with FileWave 15.5.0, administrators have enhanced control over this process. You can now specify when a device is released from the “Await Configuration” state, rather than having FileWave automatically release it as soon as possible. This provides greater flexibility and control over the deployment and configuration of devices.

Supported Devices and OS Versions:

iOS Devices: iPhone and iPod touch running iOS 11 or later
iPadOS Devices: iPad running iPadOS 13 or later
macOS Devices: Mac computers running macOS 10.13 High Sierra or later
tvOS Devices: Apple TV running tvOS 11 or later

This feature is applicable to all the above device types enrolled via DEP/ADE and managed through FileWave 15.5.0 or later.

When/Why

Use this feature when you need devices to remain in the “Await Configuration” state until all necessary configurations, apps, and policies are fully deployed. This is particularly beneficial in scenarios where:

Security Compliance: Ensuring that all security measures are in place before the device becomes operational.
Standardization: Guaranteeing a consistent user experience by applying all organizational settings prior to device use.
Controlled Deployment: Managing the timing of device readiness, especially in large-scale rollouts or staged deployments.

By controlling the release of the device, you enhance security, ensure compliance with organizational policies, and provide users with a fully configured device from the moment they begin using it.

How

When enrolled via DEP, devices are in a specific mode where the user is not allowed to interact with the device, which will stay in this state until configuration is over. By default, FileWave releases the device as soon as possible to shorten initial setup times. FileWave 15.5 now allows controlling when the device is released:

You can edit the DEP Profile used for enrolling your devices and go to the Options tab where you can check the "Do not allow devices to complete Setup Assistant without FileWave approval" which will make it so that devices will not finish setup until they are released.

When creating a Profile to release devices you can see in the image below that there is a checkbox in Command Policy -> Security -> "Allow devices waiting for configuration to complete the Setup Assistant" and if a profile with this set is sent it will release the devices from setup to be able to be used.

It is also possible to send the Device Configured command either manually (context menu) by right clicking one or more devices in FileWave Central and picking MDM -> Send Device Configured Command.

Devices will report their "Awaiting Configuration" state so that you can check on a device or make a Query to report on many devices to track if they are still in the setup process.

Digging Deeper

The introduction of this feature in FileWave 15.5.0 provides administrators with enhanced control over the device enrollment and configuration process. By keeping devices in the “Await Configuration” state, you can ensure that:

All Required Configurations are Applied: Devices won’t be accessible to users until every necessary app, profile, and setting is installed.
Improved Security: Prevents users from accessing the device with incomplete security policies, reducing potential vulnerabilities.
Customized Deployment Workflow: Aligns device readiness with organizational schedules, training sessions, or specific events.

Automating the Release Process

Using Command Policy Filesets to send the Device Configured command allows for automation based on specific triggers or conditions, such as:

Time-Based Triggers: Release devices at a specific time as set in the Association or Deployment properties.
Configuration Completion: Automatically release once all deployments are confirmed as installed.
Event-Based Triggers: Release devices in batches aligned with department needs or project phases.

Considerations

User Experience: Communicate with end-users about the deployment timeline to manage expectations.
Testing: Before wide-scale implementation, test the process with a small group to ensure configurations apply as intended.
Monitoring: Utilize FileWave’s monitoring tools to track the status of devices in the “Await Configuration” state.

By leveraging this feature, organizations can enhance their deployment strategy, ensuring devices are secure, compliant, and fully configured right out of the box.