Minimum OS version for enrolling Apple devices via ADE

What

MDM servers have the ability to enforce a minimum operating system version on enrolling devices when using Automated Device Enrollment (ADE). This feature was added in FileWave version 15.1.0 for macOS 14.0 Sonoma and iOS/iPadOS 17.0. Apple does not support this feature on older versions of macOS or iOS/iPadOS.

When/Why

Minimum OS version allows to ensure that devices are on the necessary OS version before being put into production. The MDM will send a JSON 403 response when the device requests the enrollment profile. If the minimum operating system version is needed, the user will be guided through a process of updating the device. Restarts will be performed automatically. Once completed, the device returns to Setup Assistant and the user can finish the enrollment and setup process.

How

With FileWave 15.1.0 support of minimum OS version was added. To specify minimum OS versions open DEP profile and go to Options → Requirements section. There are separate fields for macOS and iOS / iPadOS minimum OS versions.

The supplemental version identifiers can be specified in addition to standard MAJOR.MINOR.PATCH format (for example “17.1 (a)“).

What is displayed on the device?

When minimum OS version is requested by MDM server specific dialog appears on the device.

For macOS:

For iPadOS:

If macOS device cannot install requested OS version next dialog appears:

On iPadOS there is no specific dialog in this case, just “Next“ button is grey and no way to pass.

Automated Device Enrollment (ADE)

Digging Deeper

MachineInfo from the device is parsed on server side during DEP profile handling. If it contains MDM_CAN_REQUEST_SOFTWARE_UPDATE flag and it’s True, the specified minimum OS version from DEP profile is compared with OS_VERSION from MachineInfo according to the device type (macOS or iOS/iPadOS). Software update request is sent to the device by MDM server in 2 cases:

If current OS version is less than minimum OS version
If current OS version equals minimum OS version but current supplemental version identifier is less than required supplemental version identifier.

The software update request from the server looks like 403 JSON response with next body:

{
    "code": "com.apple.softwareupdate.required",
    "details": {"OSVersion": <minimum OS version> }
}

In this case enrollment is interrupted by dialogs mentioned above.

Apple's Automated Device Enrolment

Working with Apple’s Device Enrollment Program (DEP)

Add or Renewing your ADE (DEP) Account Token

DEP Naming

Automatically Assign DEP profiles

Control Await Configuration state (DEP enrolled devices)

Apple TV Automatic Advance (DEP)

DEP Notify - How to provide progress visibility during DEP activation (macOS)

Minimum OS version for enrolling Apple devices via ADE

Test macOS ADE (DEP) Enrolments with a Virtual Machine

DEP Troubleshooting

DEP Forbidden Error

Apple’s Volume Purchase Plan and License Management

VPP Token Renewal

VPP App Updates for macOS / iOS / tvOS devices

Redeeming VPP/Gift Codes

VPP Application Upgrade Timing

VPP User Assignment for iBooks with Managed Apple IDs

Unremovable VPP Applications

VPP Notifications (Apple VPP API v2)

Migration to VPP Location Based Tokens

VPP Token Revoked Error

VPP Kiosk Error Details

VPP Device Assignment

VPP Licensing Reservations (v14+)

Minimum OS version for enrolling Apple devices via ADE

What

When/Why

How

What is displayed on the device?

Digging Deeper

No Comments

Apple's Automated Device Enrolment

Working with Apple’s Device Enrollment Program (DEP)

Add or Renewing your ADE (DEP) Account Token

DEP Naming

Automatically Assign DEP profiles

Control Await Configuration state (DEP enrolled devices)

Apple TV Automatic Advance (DEP)

DEP Notify - How to provide progress visibility during DEP activation (macOS)

Minimum OS version for enrolling Apple devices via ADE

Test macOS ADE (DEP) Enrolments with a Virtual Machine

DEP Troubleshooting

DEP Forbidden Error

Apple’s Volume Purchase Plan and License Management

VPP Token Renewal

VPP App Updates for macOS / iOS / tvOS devices

Redeeming VPP/Gift Codes

VPP Application Upgrade Timing

VPP User Assignment for iBooks with Managed Apple IDs

Unremovable VPP Applications

VPP Notifications (Apple VPP API v2)

Migration to VPP Location Based Tokens

VPP Token Revoked Error

VPP Kiosk Error Details

VPP Device Assignment

VPP Licensing Reservations (v14+)

Minimum OS version for enrolling Apple devices via ADE

What

When/Why

How

What is displayed on the device?

Related Content

Digging Deeper

No Comments