Automated Device Enrollment (ADE) allows you to perform zero-touch deployment for Apple devices by integrating with Apple Business Manager (ABM). When a new device is unboxed, it automatically enrolls into SuperOps, becomes supervised, and receives its configurations without any manual intervention from IT.
Supervision Mode
Supervision provides enhanced management capabilities such as deeper restrictions, silent app installation, and remote actions.
iOS 12 and later: Devices are supervised by default as per Apple’s requirement.
iOS versions below 12: Supervision depends on the ADE profile configuration defined within your SuperOps portal.
Step 1: Configure an ADE Profile in SuperOps
Before enrolling devices, you need to define an ADE profile. This profile determines the setup experience for the end-user and the supervision settings for the device.
Note: For Advanced policy, you can configure the ADE profile within the policy set intended for the device’s enrollment
Navigate to Settings > Policy Management and select either Apple iOS Device policies or Apple iPad Device policies.
Create or edit a policy to configure your ADE profile.
If no ADE profile is configured, devices will be enrolled with a default profile.
Default ADE Profile CharacteristicsDevices will be Supervised
MDM profile cannot be removed
The following setup panes cannot be skipped
Location Services
Apple account setup
Terms and Conditions
Siri
App Analytics
Apple Pay
Privacy settings
FileVault settings
Step 2: Initiate ADE Setup in SuperOps
Now, let's begin the process of setting up zero-touch, automated enrollment for devices managed through Apple Business Manager.
Navigate to Settings->MDM configuration
In the Automated Device Enrollment section, click Setup ADE to begin.
In the 'Setup ADE' window, click Download public key to save the file to your computer.
Step 3: Configure Apple Business Manager (ABM)
Next, log in to your Apple Business Manager account to create an MDM server and link it to SuperOps using the public key.
In your Apple Business Manager account, click your profile name in the bottom-left corner and select Preferences.
Next to 'Device Management Services', click Add to create a new MDM server.
Enter a name for your MDM server (e.g., 'SuperOps MDM') and upload the public key file you downloaded from SuperOps.
After uploading the key, click Save. Then, download the server token that ABM provides. You will need to upload this file back into SuperOps.
Step 4: Assigning devices to Device Management Services
Assign your organization's devices to the new MDM server so they can sync with SuperOps.
To automatically assign new devices:
Navigate to Management Assignment in the left-hand menu. Set the default assignment for new iPhones and iPads to your newly created 'SuperOps MDM' server.
To manually assign existing devices:
Navigate to the Devices tab, select a device, open the actions menu (...), and choose Assign Device Management.
In the assignment window, select 'SuperOps MDM' from the dropdown list and click Continue.
Step 5: Finalize ADE Setup in SuperOps
Return to SuperOps to complete the connection using the server token from ABM.
In the SuperOps 'Setup ADE' window, upload the server token file (.p7m) you downloaded from Apple Business Manager.
Fill in the required contact details. The email address and phone number you enter here will appear on users’ devices during enrollment, providing them with a point of contact for assistance.
Managing Enrolled Devices
Once the setup is complete, devices from your ABM account will sync with SuperOps and appear under the Map Devices tab. Sync occurs automatically every 24 hours, or you can click Sync Devices to fetch the latest list manually.
Device Enrollment States
Synced devices are categorized into one of the following enrollment states:
All Devices: A complete list of all devices synced from ABM, regardless of their status.
Yet to Enroll: Devices that have been synced but require additional information (Site Name, Requestor, Department) before they can be enrolled and mapped to the correct policy.
Ready for Enrollment: Devices that are fully configured and are waiting for the end-user to unbox and activate them to complete the enrollment process.
Enrolled: Devices that have successfully completed enrollment and are fully managed by SuperOps.
Preparing Devices for Enrollment
To move devices from a pending state to an enrolled state, follow these steps:
Filter the device list by Yet to Enroll to see devices that need configuration.
Select the checkbox next to one or more devices and click Mark as ready for enrollment. You will be prompted to fill in the required details like Site Name and Requestor.
To track devices that are configured and awaiting user activation, filter the list by Ready for Enrollment.
To see all fully managed devices, filter the list by Enrolled.
Next Steps
Now that your Apple devices are enrolled via ADE, they are fully supervised and ready for management. You can begin applying policies to enforce security settings, deploy software, and monitor device health. To learn more about configuring these settings, see our guide on Policy Management.