Automated Device Enrollment (ADE) allows you to perform zero-touch deployment for Apple devices by integrating with Apple Business Manager (ABM).
With SuperOps Mulit-tenant approach, you can set up automatic enrollment for each client within Superops's portal.
When a new device is unboxed, it automatically enrols into SuperOps, becomes supervised, and receives its configurations without any manual intervention.
Supervision Mode
Supervision provides enhanced management capabilities such as deeper restrictions, silent app installation, and remote actions.
iOS 12 and later: Devices are supervised by default as per Apple’s requirement.
iOS versions below 12: Supervision depends on the ADE profile configuration defined within your SuperOps portal.
Step 1: Create or select an ADE profile
Before we start with the enrollment process, you can define the ADE profile for the devices you're looking to enrol.
You can configure this for each client under Settings->Policy Management-> Apple IOS Device policies or Apple iPad Device policies and create your ADE profile
Note : For Advanced policy, you can configure the ADE profile within the policy set intended for the device’s enrollment.
If no ADE profile has been setup, devices will be enrolled with a default ADE profile.
Default ADE Profile Characteristics
Devices will be Supervised
MDM profile cannot be removed
The following setup panes cannot be skipped
Location Services
Apple account setup
Terms and Conditions
Siri
App Analytics
Apple pay
Privacy settings
File Vault settings
Step 2 : ADE enrollment
Now, let's begin the process of setting up zero-touch, automated enrollment for devices managed through Apple Business Manager.
To configure ADE, navigate to the Settings, select MDM Configurations and choose the appropriate client's MDM configuration.
Under the Automated Device Enrollment section, click Setup ADE to begin the integration process.
The first step in the 'Setup ADE' window is to download the public key. Click Download public key to save the file to your computer. You will need this file for the next steps in the Apple Business Manager portal.
Step 3: Configuring Apple Business Manager (ABM)
Next, you'll need to log in to your client's ABM account to create an MDM server and link it to SuperOps.
In your client's Apple Business Manager account, click on the profile name in the bottom-left corner and select Preferences.
Next to 'Device Management Services', click Add to create a new MDM server.
Enter a name for your new MDM server, such as 'SuperOps MDM'. Then, click to upload the public key file you downloaded from SuperOps.
4. After uploading the key, click Save. Your new MDM server is now created. Download the token provided on the top. This needs to be uploaded into SuperOps's ADE configuration page
Step 4 : Assigning devices to Device Management Services
Devices assigned to the MDM server will be synced to SuperOps.
To automatically assign new devices to this MDM server, navigate to Management Assignment in the left-hand menu.
Here, you can set the default assignment for different for iPad and iPhone . Select your newly created 'SuperOps MDM' server for iPads and iPhones.You can also manually assign existing devices. Navigate to the Devices tab, select a specific device, open the actions menu (...), and choose Assign Device Management.
In the assignment window, select 'SuperOps MDM' from the dropdown list and click Continue.
Step 5 : Finalizing ADE Setup in SuperOps
Return to SuperOps to complete the connection using the token from ABM.
In the SuperOps 'Setup ADE' window, upload the server token file (.p7m) you just downloaded from Apple Business Manager.
Fill in the required contact details. The email address and phone number you enter here will appear on users’ devices during enrollment, so they can reach out if they need assistance.
Managing Enrolled Devices
Once the setup is complete, you can view and manage your devices synced from ABM under 'Map Devices'. Devices from your ABM get synced every 24 hours. Alternatively, you can also manually click Sync Devices to fetch the latest list of devices from your Apple Business Manager account.
Device Enrollment States in SuperOps
When devices are synced from Apple Business Manager (ABM), they appear in one of the following enrollment states within SuperOps:
All Devices
Displays a complete list of all devices that have been synced from Apple Business Manager, regardless of their enrollment status.Yet to Enroll
Devices that have been synced but are not yet ready for enrollment. You’ll need to fill in the Site Name, Requestor, and Device Category (for advanced policy sets) to ensure the device maps to the correct policy once it’s enrolled. The ADE profile will be assigned to the devices based on the policy associatedReady for Enrollment
Devices in this state have been assigned an ADE profile and a policy set and are awaiting completion of the enrollment process. Admins can review this list to track which devices are pending final user activation.Enrolled
Devices that have successfully completed enrollment and are now connected to SuperOps.
These devices are fully managed and ready for monitoring and policy enforcement.
Moving devices to "Ready for enrollment
To prepare a device for enrollment, filter by Yet to Enroll. This shows devices that have been synced from ABM but are not yet configured with a site or category in SuperOps.
Select the checkbox next to one or more devices and click Mark as ready for enrollment.
To view devices that are now configured and waiting for the user to unbox and activate them, filter the list by Ready for Enrollment.
To see devices that have successfully completed the enrollment process and are now managed by SuperOps, filter the list by Enrolled.
Next Steps
Now that your Apple devices are enrolled via ADE, they are fully supervised and ready for management. You can begin applying policies to enforce security settings, deploy software, and monitor device health. To learn more about configuring these settings, see our guide on Policy Management.