Microsoft Intune Guide: DEP workflow
Required environment’s information
You need to first setup all general prerequisites before proceeding to this guide.
Overview
These prerequisites must be done if you have any devices enrolled using Apple's Device Enrollment Program (a.k.a. DEP).
Prerequisites
Access to Apple Business Portal
You first need to verify that you have access to the Apple Business Portal where both your source and target virtual EMM servers are configured.
This is mandatory so that you can upload the DEP device list CSV file generated by Exodus and associate those devices to the target EMM server.
Setup your Target DEP Profile
Before proceeding to the migration, you need to check the configuration of your DEP profile in your Microsoft 365 Device Management console in Device enrollment › Apple enrollment › Enrollment program tokens, then select the corresponding DEP configuration.
Setup your target DEP profile in Enroll with User Affinity
In order to allow your users to re-enroll correctly after their device is wiped, we need you to configure your target's EMM DEP profile with the following settings:
- Set
User AffinitytoEnroll with User Affinityto enable authentication screen during enrollment. - Select one of the authentication method to either
Setup Assistantto let Apple display the authentication screen, orCompany Portalto force your user to authenticate using the Microsoft Intune Agent app.
Setup DEP default profile in Microsoft Intune console
Next, you must have a default DEP profile in Microsoft 365 Device Management console in Device enrollment › Apple enrollment › Enrollment program tokens:
- Select the corresponding DEP configuration.
- Click the
Set default profile(see fig. 1.1, step 1.). - Select the corresponding profile in the
iOS Enrollment Profile(see fig. 1.1, step 2.). - Click
Save.
figure 1.1
Warning
If you omit this step, Exodus could have some trouble synchronizing your DEP devices correctly in your target's Microsoft Intune console.