Skip to main content
Cisco Meraki Documentation

Enrolling and Supervising Apple Devices using the iOS Apple Configurator app

  1. Last updated
  2. Save as PDF

Some Apple devices can be manually added to ADE (Apple School Manager / Apple Business Manager) using the Apple Configurator app for iOS. This document explains the requirements and processes to add devices to ADE using the iOS application.

The Apple Configurator application can be downloaded from the Apple App store, more documentation can be found on the Apple Configurator User Guide for iPhone.

 

Prerequisites

  • Apple School Manager (ASM) or Apple Business manager (ABM) instance.
  • User account within the ASM or ABM with the "Device Enrollment Manager" role.
  • MDM server created within ASM or ABM.
  • ADE token for the desired MDM server added to the Meraki Systems Manager network (Linking Systems Manager to Apple ADE).
  • iPhone device running iOS 16 or later with the Apple Configurator app downloaded from the App Store.
  • New or factory reset target device to be enrolled. Supported target devices include:
    • iPhone devices running iOS 16 or later
    • iPad devices running iOS 16.1 or later
    • MacOS devices running MacOS 12.0.1 or later with Apple Silicon processors
    • MacOS devices running MacOS 12.0.1 or later with Apple T2 security chip

The target device must not have an existing relationship with an Apple School Manager (ASM) or Apple Business Manager (ABM) account. If the device is already associated to an existing organization and it is being transitioned to another organization it must be released first. This can be done using the "Release from Organization" button within the respective ASM or ABM portal.

Considerations

  • The Apple Configurator iOS app does not support simultaneous MDM and ASM / ABM enrollment. This can be accomplished for iOS target devices by using the Apple Configurator desktop application. (Enrolling and Supervising iOS Devices using Apple Configurator 2.5 or Later). The process listed below will enroll a device into ASM / ABM first, then separately enroll the device into Meraki Systems Manager.
  • A 30 day provisional period begins when the device enrolls with Systems Manager. During this period the enrollment profile can be removed via the settings app which will release the device from ASM / ABM.

Enrollment Process

Preparing the Apple Configurator App

Initial configuration

Open the Apple Configurator app and proceed through through initial setup. The app must be signed in with a user account from the ASM or ABM account which has been assigned the "Device Enrollment Manager" role. Grant the Bluetooth and camera permissions when prompted, both are required for the enrollment process.

IMG_8842.PNGIMG_8843.PNG
 

Target Device Network Configuration (optional)

During the ADE enrollment process, the target device requires an internet connection. Three options exist for configuring Wi-Fi on the target device:

  1. Share Wi-Fi (Default). This option shares the current Wi-Fi connection from the iPhone to the target device.
  2. Configuration Profile. This option allows you to select a .mobileconfig profile from the iOS files app that will be used by the target device.
  3. Don't share. This option will require the target device to manually connect to a Wi-Fi network.

Access the network configuration by tapping the gear icon in the bottom left of the Apple Configurator iOS app:


IMG_20FC414FBB30-1.jpegIMG_8B770C042790-1.jpeg


MDM Server / ADE Token Selection (optional)

An MDM server (aka, ADE token) can be pre-selected using the Apple Configurator application. Setting this option removes the need to manually assign an MDM server later via the ABM / ASM portal.

Pre-select an MDM server by tapping the gear icon in the bottom left of the apple configurator iOS app, then specifying an MDM server:

IMG_20FC414FBB30-1.jpegScreenshot 2023-08-03 at 2.29.24 PM.jpeg

Pre-selecting an MDM server requires the enrolling iPhone to be running iOS 17 or higher. The "MDM Server Assignment" section will not populate on older iOS versions

If an MDM server is selected during this stage, the section of this document titled "Assign Target Device to an MDM Server" can be skipped

Begin Enrolling Target Device

On the target device begin the setup assistant. The process varies slightly between iOS and MacOS devices.

MacOS Target Device enrollment

  1. Begin setup assistant and proceed through the language selection:

    LWScreenShot 2023-04-06 at 9.12.23 AM.png
     
  2. When asked to select a country or region stop on this page (do not select a country or region): 

    LWScreenShot 2023-04-06 at 9.12.30 AM.png
     
  3. Open the Apple Configurator app to begin enrollment. With the Apple Configurator app opened, the MacOS device will present the pairing screen:

    LWScreenShot 2023-04-06 at 9.12.41 AM.png
     
  4. Place the graphic within the viewfinder of the Apple Configurator camera to complete pairing. After pairing has succeeded the device will begin enrollment with the ASM or ABM organization:

    LWScreenShot 2023-04-06 at 9.12.49 AM.png
     
  5. Once enrollment is complete the MacOS device will present the following confirmation screen. At this stage the device has been enrolled with ASM or ABM but is not yet associated with Meraki Systems Manager. Do not continue on the target device until the next sections in this guide are completed:

    LWScreenShot 2023-04-06 at 9.14.33 AM.png
     

iOS Target Device Enrollment

  1. Begin setup assistant and proceed through the step "Select Your Country or Region":

    Screenshot 2023-04-06 at 8.01.33 AM.png
     
  2. When asked to connect to a Wi-Fi network stop on this page (do not select a wifi network):

    Screenshot 2023-04-06 at 8.03.17 AM.png
     
  3. Open the Apple Configurator app to begin enrollment. With the Apple Configurator app opened, the iOS device will present the pairing screen:

    Screenshot 2023-04-06 at 8.04.14 AM.png
     
  4. Place the graphic within the viewfinder of the Apple Configurator camera to complete pairing. After pairing has succeeded the device will begin enrollment with the ASM or ABM organization:

     Screenshot 2023-04-06 at 8.04.41 AM.png
     
  5. Once enrollment is complete the iOS device will present the following confirmation screen. At this stage the device has been enrolled with ASM or ABM but is not yet associated with Meraki Systems Manager. Do not continue on the target device until the next sections in this guide are completed:

    Screenshot 2023-04-06 at 8.05.04 AM.png

Assign Target Device to an MDM Server

Skip this step if an MDM server was pre-selected in the earlier section "MDM Server / ADE Token Selection (optional)"

Once the device has been enrolled into the ASM or ABM organization the device must be assigned to the desired MDM server within the ASM or ABM portal. To complete this step:

  1. Sign in to the portal via school.apple.com or business.apple.com.

  2. Navigate to the "Devices" tab.
  3. Select the target device. The target device will have a current MDM server of "Devices Added by Apple Configurator 2"
  4. Select the "Edit MDM Server" button, then associate the device with the MDM server that has been added to Meraki Systems Manager:

    Screenshot 2023-04-05 at 10.14.40 AM.png
     

Associate Target Device to Meraki Systems Manager

Once the device has been associated with the MDM server (aka ADE token), Dashboard must perform a synchronization to import the new device to Systems Manager:

  1.  Log in to the Meraki Dashboard and navigate to the target Dashboard network.

  2. Navigate to the ADE page (Systems manager > ADE). This will trigger a sync between Dashboard and ASM / ABM and populate the target device. If the device does not appear in the device list, use the "full sync" button to trigger a force sync of ADE data.
  3. Assign an ADE profile to the target device. (Assigning Settings)

Completing Enrollment on Target Device

The target device can now proceed to complete enrollment into Meraki Systems Manager. The process varies slightly between MacOS and iOS devices.

Completing Enrollment on MacOS Target Device

  1. On the MacOS device, continue by clicking the "restart" button within setup assistant:

    LWScreenShot 2023-04-06 at 9.14.23 AM.png
     
  2. After reboot, the device will present the language selection once again. Select the language to continue:

    LWScreenShot 2023-04-06 at 9.15.38 AM.png
     
  3. When asked to select a country or region, continue to the next step:

    LWScreenShot 2023-04-06 at 9.15.52 AM.png 
     
  4. Setup assistant will present a "Remote Management" screen indicating that the device can automatically be configured. Continue to the next step:

    LWScreenShot 2023-04-06 at 9.17.51 AM.png
     
  5. Setup assistant will retrieve the ADE profile from Apple completing enrollment into Systems Manager:

    LWScreenShot 2023-04-06 at 9.17.53 AM.png
     
  6. At this stage the MacOS device will appear in the Systems Manager device list. Continue through setup assistant to reach the MacOS desktop.

Completing Enrollment on iOS Target Device

  1. On the iOS device, continue by clicking the "Erase" button within setup assistant:

    Screenshot 2023-04-06 at 8.05.04 AM.png
     
  2. After reboot, the device will present the language selection once again. Select the language to continue:

    Screenshot 2023-04-06 at 10.33.39 AM.png
     
  3. When asked to select a country or region, continue to the next step:

    Screenshot 2023-04-06 at 10.33.45 AM.png
     
  4. When asked to connect to a Wi-Fi network connect to a network and proceed to the next step:

    Screenshot 2023-04-06 at 8.03.17 AM.png
     
  5. The device will begin the activation process:

    Screenshot 2023-04-06 at 10.34.29 AM.png
     
  6. Setup assistant will present a "Remote Management" screen indicating that the device can automatically be configured. Continue to the next step:

    Screenshot 2023-04-06 at 10.35.19 AM.png
     
  7. Setup assistant will retrieve the ADE profile from Apple completing enrollment into Systems Manager:

    Screenshot 2023-04-06 at 10.36.00 AM.png
     
  8. At this stage the iOS device will appear in the Systems Manager device list. Continue through setup assistant to reach the device homepage.

 

Troubleshooting

Issue Cause(s) Solution(s)

Apple Configurator error "User Not Authorized" when attempting to sign in.

The user account signing in to the Apple Configurator app does not have the needed "Device Enrollment Manager" role

Access the Apple School Manager or Apple Business Manager portal and grant the "Device Enrollment Manager" role to the account being used to sign in.

Pairing screen does not populate on target device.
  1. The target device proceeded too far in the setup assistant, Apple Configurator pairing may no longer be possible
  2. The devices are not able to successfully pair via Bluetooth connection.
  1. Reboot the target device to restart setup assistant. Complete factory reset may be required.
  2. Ensure the iPhone running the Apple Configurator app is within close proximity to the target device in an environment with low Bluetooth interference.
Target device is unable to download remote configuration The target device was not correctly assigned to an MDM server within the Apple School Manager or Apple Business Manager portal and/or linked correctly with Systems Manager Ensure the steps from sections "Assign Target Device to an MDM Server" and "Associate Target Device to Meraki Systems Manager" have been followed correctly. Reboot the target device to re-attempt configuration download after the steps are taken.