Skip to content

Workspace ONE Guide: DEP workflow

Required environment’s information

You need to first setup all general prerequisites before proceeding to this guide.

Overview

These prerequisites must be done if you have any devices enrolled using Apple's Device Enrollment Program (a.k.a. DEP).

Prerequisites

Access to Apple Business Portal

You first need to verify that you have access to the Apple Business Portal where both your source and target virtual EMM servers are configured.

This is mandatory so that you can upload the DEP device list CSV file generated by Exodus and associate those devices to the target EMM server.

Setup your Target DEP Profile

Before proceeding to the migration, you need to check the configuration of your DEP profile in your target's Workspace ONE console in Groups & Settings › All Settings › Devices & Users › Apple › Device Enrollment Program.

Setup your target DEP profile in Unauthenticated Single Staging User

In order to allow Exodus to migrate all your users without the need for them to authenticate once the migration is done, we need you to configure your target's EMM DEP profile with the following settings:

  • Set Authentication to OFF to disable authentication screen during enrollment (see fig. 1.1, step 1.)
  • Set Staging Mode to Single user device (see fig. 1.1, step 2.)
  • Set Default Staging User to the Default Staging User which is created by default on every Workspace ONE instances (see fig. 1.1, step 3.). This is the user that will authenticate automatically on the device during the re-enrollment.

figure 1.1

Note

If you decide to not wipe your devices immediately during Exodus's migration, you can setup your profile however you see fit. You just need a setup profile in order to be able to assign and sync your devices before starting their migration with Exodus.

Setup DEP default profile in Workspace ONE console

Next, you must have a default DEP profile in Groups & Settings › All Settings › Devices & Users › Apple › Device Enrollment Program (see fig. 2.1) or Exodus will not be able to synchronize your DEP devices correctly during the migration.

figure 2.1

Warning

If you omit this step, Exodus could have some trouble synchronizing your DEP devices correctly in your target's Workspace ONE console and some weird behavior can occurs in the Enrollment Status Page.

The same kind of problems can happen if you override a DEP configuration from a parent's Organizational Group (a.k.a. OG) so we don't recommend to use this kind of configuration with Exodus or at least, make sure that your target's OG is the only one which have a default DEP profile configured which will decrease the odds of having problems during synchronization.