1. SimpleMDM Help Center
  2. Documentation
  3. Enrolling Devices

Enrollment Settings

Account-Wide Enrollment Settings

To find these settings, navigate to Devices > Enrollments and click the 'Settings' tab.

Activation Lock

This field allows you to set a default state for Activation Lock on newly enrolled devices. The options are:

  • Enabled - turn on activation lock devices when they enroll
  • Disabled - turn off activation lock on devices when they enroll
  • User Enabled - do not turn on activation lock, but allow user to enable it

Apple Remote Desktop

When set to "Yes", this setting allows you to have the "Enable Remote Desktop" command sent automatically after a macOS device enrolls in your MDM account. The command enable the Apple Remote Desktop service without user interaction.

Bootstrap Tokens

Store Bootstrap Tokens: when enabled, this setting allows MDM to retrieve and store Bootstrap Tokens on Macs running 10.15 or greater that are enrolled via Automated Enrollment (DEP). Bootstrap Tokens enable mobile accounts and user accounts created non-interactively to receive a Secure Token.

Create Cached Accounts: by default, network-authenticated accounts are destroyed when signed out. When enabled, this setting will install a profile on macOS that creates cached mobile accounts, which support Secure Tokens.

New Device Name Format

This field allows you to customize the format for the SimpleMDM name (the name shown in the Devices list) of new devices enrolled in your account. This feature supports the use of custom attributes. The default value is "{{device_name}}".

Example use: "{{device_name}} - {{serial_number}}". This would set new devices' SimpleMDM name to a value such as "Eric's iPhone - EXAMPLE0001"

Rosetta 2

When "Install Rosetta" is set to "Yes", SimpleMDM will automatically install Apple's Rosetta 2 on macOS devices with ARM architecture. This allows applications designed for Intel-based Macs to run on ARM-based Macs.

Automated Enrollment (DEP) Settings

To find these settings, navigate to Devices > Enrollments and click the name of the Automated Enrollment object you would like to modify the settings for. The

DEP Info tab

  • DEP Account Details: basic information about the connected server
  • DEP Devices: list of serial numbers assigned to the server in Apple Business Manager
  • 'Sync with Apple' button: click this to force sync changes to device assignments in ABM
  • 'Update Token' button: click this to update your server token

DEP Settings tab

  • Setup Panes: a list of Setup Assistant options for automated enrollments
  • Organization Details: information displayed to the user during enrollment
  • macOS Account Setup: options relating to local user account creation during macOS enrollment
  • macOS Host Pairing: see explanation here
  • Minimum OS Version Requirement: When enabled, this setting will force devices to update to the specified OS version in order to complete Setup Assistant and enroll in MDM. If devices do not meet the required version, they will be forced to update, reboot, and restart Setup Assistant automatically. Note: There is a bug that breaks this in iOS/iPadOS 17.0.x if a Welcome Screen and/or Authentication is enabled for the enrollment. It has been resolved in iOS 17.1.

One-Time / Group Enrollment Settings

Enrollment Info tab

Displays the Enrollment URL, QR code, and other information/options related to enrolling devices manually or via Apple Configurator.

All Types of Enrollment

General Settings tab

  • Set the name of the device
  • Select the group devices will be enrolled into initially
  • Specify whether the enrollment profile will be eligible for User Enrollment (One-Time and Group Enrollments only)

Welcome Screen tab

This feature allows you to create custom welcome screens that will be displayed to users during enrollment. Usage:

  1. Select 'New Welcome Screen' from the dropdown.
  2. Provide a name for the welcome screen.
  3. Enter a message to display to users.
  4. Choose a logo/image to be displayed to users.
  5. Save.
  6. Once created, select the welcome screen name from the dropdown list and save.

Forms on Welcome Screens

Forms with fields mapped to custom attributes can be created and displayed on the welcome screen. This makes it easy for admins to collect input from their end-users during the enrollment process, store information on device records, and automatically insert these values elsewhere, such as within configuration profiles that may require user-specific information (email accounts, VPN, Login Window, etc.). Usage: 

  1. Create the custom attributes under Configs > Attributes.
  2. On the “New Welcome Screen” page, click the “+” button to add a new form field.
  3. Form configuration options:
    1. Label Name: the label for the field on the user-facing form
    2. Custom Attribute: the custom attribute that the value will be stored in on the device record
    3. Dropdown (yes/no): check this box to make the form field a dropdown select
    4. Dropdown Options: if Dropdown is enabled, enter a comma-separated list of values to be displayed in the dropdown list
    5. Required (yes/no): check this box to make the form field required (eg. user cannot submit/continue with enrollment until they have entered something in this field)
  4. Save the changes once finished. 

 

Authentication tab

Configure SAML or LDAP authentication settings used for enrollment authentication. For more information on configuring authentication for device enrollments, see this page.

 

Sid DeVins
Updated

Related articles

Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.