Skip to content

Microsoft Intune Guide: DEP workflow

Required environment’s information

You need to first setup all target prerequisites before proceeding with this guide.

Overview

These prerequisites must be done if you have any devices enrolled using Apple's Device Enrollment Program (or DEP).

Prerequisites

Access to Apple Business Manager portal

You must have access to the Apple Business Manager portal where both your Source and Target Tenants are configured.

This is mandatory so that you can upload the DEP device list CSV file generated by Exodus and associate those devices to the Target Tenant virtual server.

Setup your Target Tenant's DEP Profile

Before proceeding with the migration, you need to check the configuration of your DEP profile in your Target's Microsoft Endpoint Manager admin center in DevicesEnroll device > Apple enrollment > Enrollment program tokens, then select the corresponding DEP configuration.

Configure the DEP profile

In order to allow your users to re-enroll correctly after their device is wiped, you need to configure your Target Tenant's DEP profile with the following settings:

  • Set User Affinity to Enroll with User Affinity to enable authentication screen during enrollment.
  • Select one of the authentication method to either Setup Assistant to let Apple display the authentication screen, or Company Portal to force your user to authenticate using the Microsoft Intune Agent app.

Setup the DEP default profile

Next, you must set a default DEP profile in DevicesEnroll device > Apple enrollment > Enrollment program tokens or Exodus will not be able to synchronize your DEP devices correctly during the migration:

  • Select the corresponding DEP configuration
  • Click on Set default profile
  • Select the corresponding profile in the iOS Enrollment Profile
  • Click Save.

Declare your DEP devices as Corporate devices

Any DEP devices following the Legacy workflow (without Full Device Wipe) will be registered as Personnal once re-enrolled.

To avoid this situation and ensure your devices will be declared as Corporate once re-enrolled, you should use the Corporate Device Identifier feature with the DEP device list CSV file generated by Exodus before the devices migrations.

Go to DevicesEnroll device > Corporate device identifiers

  • Click Add
  • Select Upload CSV file
  • Choose Serial number in the Select identifier type dropdown menu
  • Fetch the .csv by clicking on Select a file
  • Click on Add

To learn more about the Corporate Device Identifier feature, please consult the official documentation.