1. Apple Configurator 2.0
  2. Apple Configurator 2.2
  3. Apple Configurator 2

Not to sound rude, but what the hell? All of the documentation for Apple Configurator 2 is specifically for MAC. Why would this question even come up? Purchase a newer / used Mac and download Apple Configurator 2. What's new in Apple Configurator. Download Apple Configurator 2. Use Apple Configurator to configure your devices. Preserve or migrate data for Apple Configurator 2.

  1. Apple Configurator Apple Configurator is the management solution used by CPS schools who have iOS deployments. Using Configu   rator to update, sync and install profiles on devices requires that the devices are supervised to a MacBook laptop. In order to use Configurator, the MacBook must be running Mac OS X 10.11.6 and iTunes 12.5.1.
  2. Apple wants to hear from you. Send us your comments and feedback about Apple Configurator.
-->

Intune supports the enrollment of iOS/iPadOS devices using Apple Configurator running on a Mac computer. Enrolling with Apple Configurator requires that you USB-connect each iOS/iPadOS device to a Mac computer to set up corporate enrollment. You can enroll devices into Intune with Apple Configurator in two ways:

  • Setup Assistant enrollment - Wipes the device and prepares it to enroll during Setup Assistant.
  • Direct enrollment - Does not wipe the device and enrolls the device through iOS/iPadOS settings. This method only supports devices with no user affinity.
Apple

Apple Configurator enrollment methods can't be used with the device enrollment manager.Note- Enrolling devices with Apple Configurator is only applicable to iOS/iPadOS Devices. This method does not work for enrolling macOS devices.

Prerequisites

  • Physical access to iOS/iPadOS devices
  • Device serial numbers (Setup Assistant enrollment only)
  • USB connection cables
  • macOS computer running Apple Configurator 2.0

Create an Apple Configurator profile for devices

A device enrollment profile defines the settings applied during enrollment. These settings are applied only once. Follow these steps to create an enrollment profile to enroll iOS/iPadOS devices with Apple Configurator.

  1. In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS/iPadOS enrollment > Apple Configurator.

  2. Choose Profiles > Create.

  3. Under Create Enrollment Profile, type a Name and Description for the profile for administrative purposes. Users do not see these details. You can use this Name field to create a dynamic group in Azure Active Directory. Use the profile name to define the enrollmentProfileName parameter to assign devices with this enrollment profile. Learn more about Azure Active Directory dynamic groups.

  4. For User Affinity, choose whether devices with this profile must enroll with or without an assigned user.

    • Enroll with user affinity - Choose this option for devices that belong to users and that want to use the company portal for services like installing apps. The device must be affiliated with a user with Setup Assistant and can then access company data and email. Only supported for Setup Assistant enrollment. User affinity requires WS-Trust 1.3 Username/Mixed endpoint. Learn more.

    • Enroll without User Affinity - Choose this option for devices unaffiliated with a single user. Use this for devices that perform tasks without accessing local user data. Apps requiring user affiliation (including the Company Portal app used for installing line-of-business apps) won't work. Required for direct enrollment.

    Note

    When Enroll with user affinity is selected, make sure that the device is affiliated with a user with Setup Assistant within the first 24 hours of the device being enrolled. Otherwise enrollment might fail, and a factory reset will be needed to enroll the device.

  5. If you chose Enroll with User Affinity, you have the option to let users authenticate with Company Portal instead of the Apple Setup Assistant.

    Note

    If you want do any of the following, set Authenticate with Company Portal instead of Apple Setup Assistant to Yes.

    • use multifactor authentication
    • prompt users who need to change their password when they first sign in
    • prompt users to reset their expired passwords during enrollment

    Super powereds--year 1 pdf free download. These are not supported when authenticating with Apple Setup Assistant.

  6. Choose Create to save the profile.

Setup Assistant enrollment

Add Apple Configurator serial numbers

  1. Create a two-column, comma-separated value (.csv) list without a header. Add the serial number in the left column, and the details in the right column. The current maximum for the list is 5,000 rows. In a text editor, the .csv list looks like this:

    F7TLWCLBX196,device details
    DLXQPCWVGHMJ,device details

    Learn how to find an iOS/iPadOS device serial number.

  2. In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS/iPadOS enrollment > Apple Configurator > Devices > Add.

  3. Select an Enrollment profile to apply to the serial numbers you're importing. If you want the new serial number details to overwrite any existing details, choose Overwrite details for existing identifiers.

  4. Under Import Devices, browse to the csv file of serial numbers, and select Add.

Reassign a profile to device serial numbers

You can assign an enrollment profile when you import iOS/iPadOS serial numbers for Apple Configurator enrollment. You can also assign profiles from two places in the Azure portal:

  • Apple Configurator devices
  • AC profiles

Assign from Apple Configurator devices

  1. In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS/iPadOS enrollment > Apple Configurator > Devices > choose the serial numbers > Assign profile.
  2. Under Assign Profile, choose the New profile you want to assign, and then choose Assign.

Assign from profiles

  1. In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS/iPadOS enrollment > Apple Configurator > Profiles > choose a profile.
  2. In the profile, choose Devices assigned, and then choose Assign.
  3. Filter to find device serial numbers you want to assign to the profile, select the devices, and then choose Assign.

Export the profile

After you create the profile and assign serial numbers, you must export the profile from Intune as a URL. You then import it into Apple Configurator on a Mac for deployment to devices.

  1. In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS/iPadOS enrollment > Apple Configurator > Profiles > choose the profile to export.

  2. On the profile, select Export Profile.

  3. Copy the Profile URL. You can then add it in Apple Configurator to define the Intune profile used by iOS/iPadOS devices.

    Next you import this profile to Apple Configurator in the following procedure to define the Intune profile used by iOS/iPadOS devices.

Enroll devices with Setup Assistant

  1. On a Mac computer, open Apple Configurator 2. In the menu bar, choose Apple Configurator 2, and then choose Preferences.

    Warning

    Devices are reset to factory configurations during the enrollment process. As a best practice, reset the device and turn it on. Devices should be at the Hello screen when you connect the device.If the device was already registered with the Apple ID account, the device must be deleted from the Apple iCloud before starting the enrollment process. The prompt error appears as 'Unable to activate [Device name]'.

  2. In the preferences pane, select Servers and choose the plus symbol (+) to launch the MDM Server wizard. Choose Next.

  3. Enter the Host name or URL and enrollment URL for the MDM server under Setup Assistant enrollment for iOS/iPadOS devices with Microsoft Intune. For the Enrollment URL, enter the enrollment profile URL exported from Intune. Choose Next.
    You can safely disregard a warning stating 'server URL is not verified.' To continue, choose Next until the wizard is finished.

  4. Connect the iOS/iPadOS mobile devices to the Mac computer with a USB adapter.

  5. Select the iOS/iPadOS devices you want to manage, and then choose Prepare. On the Prepare iOS/iPadOS Device pane, select Manual, and then choose Next.

  6. On the Enroll in MDM Server pane, select the server name you created, and then choose Next.

  7. On the Supervise Devices pane, select the level of supervision, and then choose Next.

  8. On the Create an Organization pane, choose the Organization or create a new organization, and then choose Next.

  9. On the Configure iOS/iPadOS Setup Assistant pane, choose the steps to be presented to the user, and then choose Prepare. If prompted, authenticate to update trust settings.

  10. When the iOS/iPadOS device finishes preparing, disconnect the USB cable.

Distribute devices

The devices are now ready for corporate enrollment. Turn off the devices and distribute them to users. When users turn on their devices, Setup Assistant starts.

After users receive their devices, they must complete Setup Assistant. Devices configured with user affinity can install and run the Company Portal app to download apps and manage devices.

Direct enrollment

Configurator

When you directly enroll iOS/iPadOS devices with Apple Configurator, you can enroll a device without acquiring the device's serial number. You can also name the device for identification purposes before Intune captures the device name during enrollment. The Company Portal app is not supported for directly enrolled devices. This method does not wipe the device.

Apps requiring user affiliation, including the Company Portal app used for installing line-of-business apps, cannot be installed.

Export the profile as .mobileconfig to iOS/iPadOS devices

  1. In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS/iPadOS enrollment > Apple Configurator > Profiles > choose the profile to export > Export Profile.

  2. Under Direct enrollment, choose Download profile, and save the file. An enrollment profile file is only valid for two weeks at which time you must re-create it.

  3. Transfer the file to a Mac computer running Apple Configurator to push directly as a management profile to iOS/iPadOS devices.

  4. Prepare the device with Apple Configurator by using the following steps:

    1. On a Mac computer, open Apple Configurator 2.0.

    2. Connect the iOS/iPadOS device to the Mac computer with a USB cord. Close Photos, iTunes, and other apps that open for the device when the device is detected.

    3. In Apple Configurator, choose the connected iOS/iPadOS device, and then choose the Add button. Options that can be added to the device appear in the drop-down list. Choose Profiles.

    4. Use the file picker to select the .mobileconfig file that you exported from Intune, and then choose Add. The profile is added to the device. If the device is Unsupervised, the installation requires acceptance on the device.

  5. Use the following steps to install the profile on the iOS/iPadOS device. The device must have already completed the Setup Assistant and be ready to use. If enrollment entails app deployments, the device should have an Apple ID set up because the app deployment requires that you have an Apple ID signed in for the App Store.

    1. Unlock the iOS/iPadOS device.
    2. In the Install profile dialog box for Management profile, choose Install.
    3. Provide the Device Passcode or Apple ID, if necessary.
    4. Accept the Warning, and choose Install.
    5. Accept the Remote Warning, and choose Trust.
    6. When the Profile Installed box confirms the profile as Installed, choose Done.
  6. On the iOS/iPadOS device, open Settings and go to General > Device Management > Management Profile. Confirm that the profile installation is listed, and check the iOS/iPadOS policy restrictions and installed apps. Policy restrictions and apps might take up to 10 minutes to appear on the device.

  7. Distribute devices. The iOS/iPadOS device is now enrolled in Intune and managed.

NOTE: All references to iOS in this article can be considered to include iPadOS

Meraki Systems Manager provides administrators the ability to mass enroll and supervise devices using Apple Configurator, a macOS application. Apple Configurator 2 allows for mass configuration of iOS 11+ devices while physically connected to a Mac computer. A USB hub can be used to configure dozens of devices at once. Follow these links to download the application, and view more Apple Configurator documentation.

With Apple Configurator 2.5 or later, Apple has allowed the use of the Device Enrollment Program (DEP) for automatic enrollment into Meraki Systems Manager, which can be used to speed up the process into a no-touch experience for mass enrollment of devices. DEP is accessible to all devices in the Apple Business Manager and Apple School Manager portals. Alternatively, if your iOS devices are not in Apple's DEP, you can use the manual enrollment method by configuring your Systems Manager MDM Server in Apple Configurator via enrollment URL, or provisionally move non-DEP devices into an existing DEP account! This article will cover both Apple Configurator 2.5 MDM enrollment options in detail: DEP automatic enrollment method and manual enrollment methods.

iOS devices that are using Apple's Device Enrollment Program (DEP) can be supervised and enrolled over-the-air anytime they are factory reset. DEP is the best way to permanently force your devices to be owned and managed by your organization, and it is important to assign your DEP settings properly before deployment.

Device Supervision

During the enrollment process, it is possible to supervise iOS devices. Supervision enables many additional features including restrictions, which you can find listed in the Meraki Dashboard under Systems Manager > Manage > Settings > Restrictions > iOS restrictions (supervised).

If your iOS devices are not currently Supervised, they will be required to be factory reset to become Supervised. Therefore, it is recommended to Supervise devices (if desired) prior to performing any configuration or providing the device to users. Supervision steps are covered in detail in the guide below.

Prerequisites

  • Apple Configurator 2.5 or greater

  • macOS 10.12.5 or greater

  • iOS device(s) powered up and physically connected to Mac

  • The Mac and iOS device(s) are not locked

  • Internet access with unblocked access to Apple and Meraki Systems Manager

    • Refer to Help > Firewall info for a list of ports and IP addresses

  • For Automatic enrollment: iOS devices must be in Apple’s DEP program.

Access to the internet is critical to the enrollment process. If an iOS device is not able to contact Meraki Systems Manager when trying to enroll, it will be unable to complete the process and/or receive any additional profiles and apps.

Apple Configurator 2.5+ Automatic Enrollment

Automatic Enrollment through Apple Configurator only works on iOS devices that are in Apple’s Device Enrollment Program (DEP), and allows you to pre-provision wireless settings on devices to seamlessly enroll during the device's setup assistant. Please be sure to add your Apple DEP account to Meraki Systems Manager before beginning this process, and ensure your devices are visible in Systems Manager > Manage > DEP.

If devices are not currently in Apple's Device Enrollment Program, please follow the steps for the Apple Configurator 2.5 - Manual Enrollment later in this guide.

  1. Open your Meraki Dashboard and go to Systems Manager > Manage > DEP.

  2. Checkmark the devices you want to assign DEP settings.

  3. Click on Assign settings.

  4. Configure your preferred DEP settings.

    For a full zero touch automatic device setup, it is recommended to Skip everything.

    For a full explanation of DEP setting options check out this article.

  5. Click Assign. Now you will see these devices change to have an orange “Assigned” status next to it. The device is currently waiting to be turned on for the first time, or to be factory reset so it can activate with Apple and receive the new DEP settings.

  6. Download and open Apple Configurator 2.5 on a Mac OS X workstation. Connect your iOS devices to your workstation via USB, they should automatically appear in Apple Configurator. Highlight the devices you want to automatically enroll in Apple Configurator 2 and click on Actions > Prepare…

  7. Choose Prepare with: Automatic Enrollment. Click Next.

  8. [Optional] Upload a wireless profile, so the iOS device(s) can automatically connect to an SSID in range.

    For a true automatic / no touch enrollment, Step 8 is very important!
    To create a wifi profile in Apple Configurator 2, go to File > New Profile, and add your wifi settings. Save this profile as a .mobileconfig file then upload it during Step 8.
    It is necessary to add a wifi profile during this step so each iOS device can communicate to Apple to activate and complete the automatic DEP settings assignment for automatic Meraki Systems Manager enrollment.
  9. [Optional] If your Meraki Systems Manager enrollment requires User Authentication (SM > Configure > General), you may input your username/password here to automatically enroll and assign a device user. If these fields are left blank, the device will prompt for username/password credentials during the provisioning process.

  10. Apple Configurator will now download the latest iOS version from Apple and install it on the connected devices. Be patient while the latest iOS version downloads and installs.

  11. These devices now contain the wifi profile as well as the Meraki Management enrollment profile. These devices will skip the steps chosen in Step 4. Once these devices are at their homescreen, they can have apps and profiles installed through Meraki Systems Manager. All your devices can now be managed in Systems Manager > Configure > Devices.

At this point, the automatic enrollment process is complete - your devices are now managed and ready to be distributed to end users!

Apple Configurator 2.5+ Manual Enrollment

Manual Enrollment is the way to enroll iOS devices not currently in Apple’s Device Enrollment Program (DEP). First we will cover how to setup your organization and server in Apple Configurator. Then, Apple Configurator go through the Manual Enrollment process to factory erase the device(s) and supervision and enroll into your Meraki Systems Manager dashboard.

Apple Configurator 2.0

New In Apple Configurator 2.5 and iOS 11: You can now move non-DEP devices into an existing DEP account! This is an optional step during the Manual Enrollment process to move non-DEP devices into your current DEP account.
If you do not have a DEP account, you can still enroll & supervise devices through the manual enrollment process.

Create Organization and Supervision Identity

  1. Go to Apple Configurator 2 in the menu bar and choose 'Preferences'
  2. Click on the Organizations tab.
  3. Sign in with an Apple ID.
    If you want to move a non-DEP device into your DEP account, be sure to sign in with your Apple Business Manager or Apple School Manager Apple ID during this step, so the supervision identity can be pulled from Apple automatically. If not, Skip this step and manually fill in your Name, Phone, Email, and Address on the next page.
  4. Generate a new supervision identity.
    The supervision identity will be pulled automatically from your Apple ID if the Apple ID you signed in with on Step 3 is a deploy.apple.com DEP account.

Apple Configurator 2.2

Add MDM Server URL

  1. Go to Apple Configurator 2 in the menu bar and choose Preferences..

  2. Click on the Servers tab.

  3. Click the “+” to add a new server.

  4. Define your MDM Server:

    • Name: Any name you choose.

    • Hostname or URL: Enrollment URL copied from your Meraki Dashboard found in Systems Manager > Manage > Add Devices > iOS > Apple Configurator > Enrollment URL (AC2+)

  5. You have now successfully configured your Systems Manager MDM Server. Close this window and now you can begin the Manual Enrollment process.

Manual Enrollment - Add device(s) to Device Enrollment Program (DEP)

Now that you have added the organization's supervision identity and MDM server URL, you are ready to being the manual enrollment process. New to iOS 11 and Apple Configurator 2.5+ is the ability to move non-DEP devices into an existing DEP account. These steps will show you this process.

Note that after initially adding devices into DEP through Apple Configurator, there is a 30-day provisional period where the management profile can still be removed. After this period, the management profile will no longer be removable.

Apple Configurator 2

If you do not have a DEP account, skip this section and move to the Manual Enrollment - Enrollment & supervision without Apple Device Enrollment Program (DEP) section further below.

  1. Plug your iOS devices to the Mac running Apple Configurator 2.5+. Click the device you would like to enroll and go to the menu bar and choose Actions > Prepare..

  2. Choose Prepare with: Manual Configuration

    If you signed into a DEP account in 'Create Organization and Supervision Identity' - Step 3 (above), you can check the new Add to Device Enrollment Program option. This is a new feature for iOS 11 and Apple Configurator 2.5+ that allows you to move non-DEP devices into your existing DEP account. If you do not have a deploy.apple.com DEP account with Apple, leave the Add to Device Enrollment Program checkbox unchecked.
    Furthermore, if you have a school.apple.com account as your DEP account, you can enable Shared iPad mode.

    Supervision will allow many additional restrictions to be added to devices in Meraki later.
    The Allow devices to pair with other computers option will not allow these iOS devices to connect to other computers via USB cable. If you do not allow pairing here, they will be undetectable to other computers via iTunes, Apple Configurator, or any USB data detection.

    Click Next.

  3. Choose your Meraki MDM Server (set up in the Add MDM Server URL steps above).
    Click Next.

  4. Choose the organization that you want to have supervision of these devices.
    Click Next.
  5. Choose what steps you would like the initial iOS Setup Assistant to skip.
    Click Next.
  6. If you selected 'Activate and complete enrollment' in step 2, upload a .mobileconfig wireless profile so the device can automatically connect to an SSID in range and be self-configure with Apple and Meraki.
    Click Next.
  7. If your Meraki Systems Manager network requires enrollment authentication (SM > Configure > General), input your username/password here. If not, leave these fields blank.
    Click Prepare.

    You may be asked to re-authenticate the DEP account's Apple ID during this step, so the device(s) can be successfully moved into this DEP account with Apple.
    Apple Configurator will now download the latest iOS version from Apple and install it on the connected device(s). iOS 11+ is required for this process to complete. Be patient while the latest iOS version downloads and installs. All devices will now be prepared and all data saved on the device will be lost during this process.
  8. After this process completes, login to the Apple Business Manager or Apple School Manager portal and access 'Assignment History.' You will find the iOS device(s) assigned to a new “Devices Added by Apple Configurator 2” MDM server.
  9. In the Apple Business Manager or Apple School Manager portals, click on 'Device Assignments' to assign all devices to your Meraki MDM server.
  10. A 30 day provisional period begins when the device is subsequently activated. During the 30 day provisional period the lock screen and setup assistant on the device(s) indicate that it is provisionally enrolled. End users can remove the device(s) from DEP during this provisional period (which also factory erases the device). However, after the 30 days provisional period expires, end users can no longer remove the device(s) from DEP.

Devices are now ready to go through the Automatic Enrollment steps in the guide or over the air DEP enrollment!

Manual Enrollment - Enrollment & supervision without Apple Device Enrollment Program (DEP)

Now that you have added the Organization's supervision identity and MDM server URL, you are ready to being the manual enrollment process. If you want to simply supervise and enroll devices with Apple Configurator, you can easily do this without access to a Apple Device Enrollment Program account.

  1. Plug your iOS devices to the Mac running Apple Configurator 2.5+. Highlight the device you would like to enroll and go to the menu bar and choose Actions > Prepare..

  2. Choose Prepare with: Manual Configuration

    Supervision will allow many additional restrictions to be added to devices in Meraki later.
    The Allow devices to pair with other computers option will not allow these iOS devices to connect to other computers via USB cable. If you do not allow pairing here, they will be undetectable to other computers via iTunes, Apple Configurator, or any USB data detection.

    Click Next.

  3. Choose your Meraki MDM Server (set up in the Add MDM Server URL steps above).
    Click Next.

  4. Choose the Organization that you want to have Supervision of these devices.
    Click Next.
  5. Choose what steps you would like the initial iOS Setup Assistant to skip.
    Click Prepare.
  6. Apple Configurator will now download the latest iOS version from Apple and install it on the connected devices. Be patient while the latest iOS version downloads and installs. All devices will now be prepared with these settings, which requires a device factory reset. All data saved on the device will be lost.
  7. Now, your devices will be at their iOS initial setup assistant 'Hello' screen. You will need to configure each iOS device from here one by one, just so it can connect to wifi and receive the enrollment profile. Slide to set up.
  8. Choose a wifi network in range for device to connect to.
  9. The iOS device will now show a Remote Management page during the iOS Setup Assistant. Apply configuration here and you will be enrolled in Systems Manager.
  10. After you Apply configuration and get to the Homescreen of the device, it is now enrolled. Look for this client in Systems Manager > Monitor > Devices, and begin mobile device management!
⇐ ⇐ Disk Graph
⇒ ⇒ ZipSplit