Skip to main content
Matrix42 Self-Service Help Center

Apple Deployment Programs III: Configure DEP in Silverback

Before you Start

Before you start:

Configure Device Enrollment Program

Apple’s Device Enrollment Program allows you to enroll devices into Silverback during the first setup of the device. For the configuration perform the following steps:

  • Login to Silverback
  • Navigate to Admin 
  • Navigate to Device Enrollment Program
  • Review your options and configure your Device Enrollment Program according to your requirements
  • Save your settings.

Home Section 

The main page gives an overview of the status and information relating to your Device Enrollment Program account. The organization and server information is displayed after a successful import of your token. The Account Overview section indicates how many devices are currently in your DEP account and how many are currently enrolled in Silverback.

Devices Section

Overview

The Devices section lists the devices in your DEP account and an associated username after enrollment. The table shows a list of all users in your DEP program, regardless of whether they are enrolled in Silverback. The list can also be exported by clicking the Export button. The table contains the following details:

Column Description
MDM Username If the serial number matches a currently enrolled user, it will be displayed here.
Serial Number The serial number of the device in your DEP program.
Model The model description of the device.
Profile Name Displays the assigned profile for the device.
Profile Status

Shows the profile status for the device. 

  • Assigned: Apple DEP has received a profile and it is ready to be assigned to the device.
  • Empty: A profile has never been assigned to the device.
  • Pushed: A profile has been delivered to the activated device.
  • Removed: A profile was assigned to the device but has been removed.
Profile Assigned Time Displays the timestamp for the profile assigned time. 
Disown Removes the device from the current and future DEP accounts.

The disown function will permanently remove a device from your current DEP. It takes an unknown grace period until the device can be added again. Please do this only if you feel confident. 

Actions

Action Description
Assign Profile Select first a range of devices and assign a specific profile. 
Bulk Assignment Use Bulk Assignment to assign profiles via a *.csv file. Please refer to our Knowledge Base article.
Export This will generate an *.csv report.

General Settings Section

The Settings section allows you to configure your integration with Apple’s DEP program and determine the device behavior for the standard profile.

Settings

Control Description
Company Token The token file provided by Apple.
Valid Until Displays the expiration date for the Company Token. 
Authentication

Determines the authentication method for the enrollment during the out-of-the-box experience. After a successful authentication, the MDM profile will be downloaded, installed and the devices will be enrolled. The following methods are available:

  • Username + Password: During the out-of-the-box experience users can authenticate with their local or LDAP user credentials to perform the enrollment. 
  • Username + OTP: If this option is selected, users are requested to authenticate with their local or LDAP username and with the One Time Password. Use this method if you have integrated any Identity Provider.
User Prompt Text Contains the text presented to the user prior to the enrollment.

Default Profile

Control Description
Name Displays the default profile name.
Allow Pairing Determines if the device can be paired with a computer. In iOS 13, this property was deprecated.
Supervised Determines whether the device will be supervised during enrollment. In iOS 13, all DEP devices will be supervised and this setting will be ignored.
Force Enrollment Determines if the user can skip the enrollment process. Note: The device will be unusable unless enrolled in Silverback. In iOS 13 and later, all DEP enrollments are mandatory.
Profile Removable Determines whether the MDM profile can be removed by the user after enrollment. This setting can be disabled only if Supervised is enabled.
Language Define the Language to provide a language designator that represents a language. Supported on tvOS and macOS 11 and later.
Region Define the Region in a ISO 3166-1 standard, a two letter, capitalized code. Used to provide a region designator that represents a country and supported on tvOS and macOS 11 and later.
Support Phone Number Displayed to the user in the About section on enrollment.
Department Displayed to the user in the About section on enrollment.
Activate Apple Location Location for the devices to activate on enrollment. This should be changed to reflect your server address.

Account Configuration (macOS)

Control Description
Prompt User to Create a Primary Account If disabled, Setup Assistant skips the user interface for setting up primary accounts and disables auto login. This scenario enables by default the Create an Admin Account option as minimum one Administrator must be available on the device.
Primary Account Type Determines if the primary account type will be an Administrator or Standard (User) account.
Define the Short Name Enabling this option will allow to define the Short Name (Account Name) for the primary account with the Primary Account Short Name field below.
Primary Account Short Name Setup Assistant uses this value to prefill the Short Name (Account Name) for the primary account. This will be used as the name for the users home folder and is available in macOS 10.15 and later.
Define the Full Name Enabling this option will allow to define the Full Name for the primary account with the Primary Account Full Name field below.
Primary Account Full Name Setup Assistant uses this value to prefill the Full Name field. This value is available in macOS 10.15 and later.
Lock Modification Of The Fields If enabled, and you provided values for Primary Account Short or Full Name, Setup Assistant disables editing for the corresponding field. The user's Password or One Time Password will be captured during the Authentication process and Setup Assistant automatically creates the primary account with that information and skips showing the user interface to view or edit these fields. This option is available in macOS 10.15 and later.
Create An Admin Account Allows you to preconfigure an Administrator Account. This option will be automatically activated if Prompt User to Create a Primary Account is disabled or Primary Account Type is set to User.
Admin Account Short Name Determines the required Administrator's Account Short Name (Account Name) 
Admin Account Full Name Determines the required Administrator's Account Full Name.
Password Determines the required Administrator's Password. For security reasons, the password is only displayed when entered and will be masked after saving the profile. We recommend the use of a password safe for saving the password securely.
Admin Account Password Confirmation Confirms the provided Administrator's password. With Silverback 22.0 Update 1, it is required to add the Password again into both fields when editing the profile. This field will be removed for convenience reasons in upcoming Silverback versions. 
Hidden By enabling, you can hide that account in the Users & Groups pane of System Preferences/Settings so that users of a Mac don’t interfere with the managed administrator account.

Skip Setup Items

Control Description Minimum Requirement
Location Skips the Location Services setup.
  • iOS 7
  • macOS 10.11
Restore Disables restoring from backup.
  • iOS 7
  • macOS 10.9
Apple ID Skips the Apple ID setup.
  • iOS 7.0
  • tvOS 10.2
  • macOS 10.9
Terms and Conditions Skips the Terms and Conditions agreement.
  • iOS 7
  • tvOS 10.2
  • macOS 10.9
App Store Skips the App Store pane.
  • iOS 14.03
  • macOS 11.1
Siri Skips the Siri setup.
  • iOS 7
  • tvOS 10.2
  • macOS 10.12
Diagnostics Skips the Send Diagnostics prompt.
  • iOS 7
  • tvOS 10.2
  • macOS 10.9
Passcode Skips the Passcode setup.
  • iOS 7
Touch ID Skips the Touch ID setup.
  • iOS 8.1
  • macOS 10.12.4
Apple Pay Skips the Apple Pay setup.
  • iOS 8.1
  • macOS 10.12.4
Zoom Skips the Zoom setup.
  • iOS 8.3
Move from Android Skips the migration from Android prompt if the Restore pane is not skipped. 
  • iOS 9
DisplayTone Setup

Skips the DisplayTone setup.

This setting is deprecated.

  • iOS 9.3.2
  • macOS 10.13.6
Privacy Pane Skips the privacy pane.
  • iOS 11.13
  • tvOS 11.13
  • macOS 10.13.4
Add Cellular Plan Pane Skips the add cellular plan SIM Setup pane.
  • iOS 12
Home Button Screen

Skips the Home Button Sensitivity screen.

This setting is deprecated.

  • iOS 10
iMessage and FaceTime Screen Skips the iMessage and FaceTime screen.
  • iOS 12
On-boarding Screen

Skips on-boarding informational screens for user education (Cover Sheet, Multitasking & Control Center, for example).

This setting is deprecated.

  • iOS 11 - 13.6
Screen Time Skips the screen for Screen Time.
  • iOS 12
  • macOS 10.15
Software Update Screen Skips the mandatory Software Update screen.
  • iOS 12
Watch Migration Screen Skips the screen for Watch Migration.
  • iOS 11
Choose Your Look Screen  Skips the Choose Your Look appearance screen. 
  • iOS 13
  • macOS 10.14
Keyboad Pane Skips the Keyboard Pane.
  • iOS
Express Language Setup Skips the Express Language Setup.
  • iOS 13
Preferred Language Order Skips the Preferred Language Order.
  • iOS 13
Get Started Pane Skips the Get Started Pane.
  • iOS 13
Device to Device Migration Skips the Device to Device Migration pane.
  • iOS 13
Restore Completed Skips the Restore Completed pane.
  • iOS 14
Software Update Completed Skips the Software Update Completed pane.
  • iOS 14
iMessage Activation Using Phone Number Skips the iMessage pane.
  • iOS 12
Terms of Address Skips the Terms of Address pane.
  • iOS 16
  • macOS 13
Registration (macOS) Skips the Registration Pane.
  • macOS
FileVault Setup (macOS) Skips the File Vault setup.
  • macOS 10.10
iCloud Analytics Screen (macOS) Skips the iCloud Analytics screen.
  • maOS 10.12.4
iCloud Documents and Desktop Screen (macOS) Skips the iCloud Documents and Desktop screen.
  • macOS 10.13.4
Accessibility (macOS) Skips the Accessibility screen. 
  • macOS 11
Unlock with Apple Watch (macOS) Skips the Unlock Your Mac with Apple Watch screen.
  • macOS 
Tap To Set Up Option (Apple TV) Skips the Tap To Set Up Option.
  • tvOS 10.2
Aerial Screensavers (Apple TV) Skips the pane about using aerial screensavers.
  • tvOS 10.2
TV Home Sync Screen (Apple TV) Skips the TV Home Sync screen.
  • tvOS 11
TV Provider Sign In Screen (Apple TV) Skips the TV Provider Sign In screen.
  • tvOS 11
TV Room (Apple TV) Skips the “Where is this Apple TV?” screen.
  • tvOS 11.4

Certificates

Control Description
Anchor Certificates Additional root certificates to be trusted by the device. If provided, the device uses these certificates as trusted anchor certificates when evaluating the trust of the connection to the MDM server URL. Otherwise, the device uses the built-in root certificates.
Supervising Certificates If the restriction Allow Host Pairing is disabled, you can add your Supervision Identity certificates to allow devices to connect to certain machines that have the certificates in place. Please refer to this article for additional information. Added supervising certificates are applied to all additional profiles by default.
Save Saves settings.

Additional Notes for Account Configuration

During the enrollment, Silverback will pre-configure accounts and the user process through the account setup portion of the macOS Setup Assistant and the behaviour depends on the options selected. In general, the logic for the configuration is aligned with the requirements and options shown below: 

Configuration Description
No option to create an account The user doesn’t create any account using Setup Assistant. You must also create a managed administrator account. The user logs in using a network account or another account created outside of Setup Assistant.
Create an administrator account The user creates an administrator account on the Mac.
Create a standard account The user creates a standard account on the Mac. You must also create a managed administrator account.
Provide full name or username for the default account Fills the local account’s full name or username in Setup Assistant when the initial account is being created. The user can override these values if they wish. 
Lock the defaults account's full name or username The local account is created using the full name or username provided by Silverback. The user can’t override the values.
Hide the administrator account By enabling, you can hide that account in the Users & Groups pane of System Preferences/Settings so that users of a Mac don’t interfere with the managed administrator account.

In case you distribute a Passcode Profile to your macOS devices, the predefined password for the administrator account in the profile is considered as an initial password and must be updated after logging in.

Additional Profiles

With additional profiles you are able to assign specific profiles to specific devices. This will help as an example to configure the out-of-the-box experience for all iPhones in a different way as for iPads. Click new Profile to create a new profile and assign the profile in the Devices section.

Column Description
ID Displays a unique identifier for the device based on the database entry.
Profile Name Displays the given name for the Profile.
Registered in App This information shows if the profile has been successfully registered on Apple side.
Edit Edit your created profile.
Remove Remove your created profile.

Logs 

Clicking the Logs button will export a *.csv file of actions that have been performed specifically on the Device Enrollment Program. This covers changes made by administrators and also events that are related to the Silverback connection to Apple. 

The file will contain the following information:

  • Log ID
  • Date
  • User Name
  • Action
  • Action Destination 
  • Http Code
  • Http Text

Next Steps

  • Was this article helpful?