How to add iOS devices manually in the Apple Business Manager (ABM) for automatic Microsoft Endpoint Manager – Microsoft Intune enrollment

It’s a best practice to enroll corporate owned iOS/iPadOS devices via the Apple Automated Device Enrollment (ADE) program (PKA Device Enrollment Program – DEP). It offers “out of the box” security because the enrollment with the MDM solution will start automatically and the user can’t work around it. Next to automatic device enrollment it makes it possible to set devices in supervised mode, which offers more policy settings to apply and in combination with the Apple Volume Purchase Program (VPP), no Apple ID is required during enrollment and for installing company published applications.

The good news is that this Apple services is free. The company needs to enroll in to the ADE and VPP programs via the Apple Business Manager (ABM). For more information see https://business.apple.com/#enrollment. Once the company is enrolled, devices purchased from that moment on can be automatically added by your authorized Apple reseller to your Apple Business Manager. However, adding devices that have already been purchased takes a little more effort.

In this blog

In this blog I will show you step-by-step how to add already purchased iOS/iPadOS devices to the Apple Business Manager. I will do that in the following steps.

  1. Create an Apple Configurator Enrollment Profile in Microsoft Intune
  2. Install the Apple Configurator 2 on a macOS device
  3. Create a Wi-Fi Profile
  4. Create a Blueprint
  5. Add an iOS/iPadOS device to the Apple Business Manager

Prerequisites

Before you start, keep in mind the following requirements and conditions.

  • Microsoft Intune environment up-and-running
  • Access to the Apple Business Manager with an Administrator account
  • A device running macOS 10.15.6 or later
  • Physical access to the iOS/iPadOS device
  • Devices needs to be connected to the macOS device via USB and will get a factory reset

Step 1 : Create an Apple Configurator Enrollment Profile in Microsoft Intune

The first step is to create an Enrollment Profile for the Apple Configurator (will be installed later on). Therefore, open a browser and go to the Microsoft Endpoint Manager admin center.

Navigate to Devices > iOS/iPadOS > iOS/iPadOS enrollment and click Apple Configurator

Open the Profiles page and click + Create

Fill in a Name for the profile, and optionally a Description. Click Next.

Select Enroll with user affinity (or without user affinity if you want to use the devices as a kiosk device or something). Set Select where users must authenticate to Company Portal. Click Next.

Click Create

After creation, open de Profile and click Export Profile. Copy the Profile URL and save it in a Notepad or something. We need this URL later when Configuring the Apple Configurator 2 application.

Step 2 : Install the Apple Configurator 2 on a macOS device

In this step we going to install the Apple Configurator 2 application from the Apple Store on a device running macOS. Open the Store and search for “Apple Configurator 2”.

Click Get

After the installation click Open

Click Accept

Click Get Started

The Apple Configurator 2 is now installed on the macOS device.

3. Create a Wi-Fi Profile

An internet connection is required on the devices when you add them to the Apple Business Manager via the Apple Configurator 2 application. Therefore, it is recommended to create a Wi-Fi profile so devices will connect automatically during the onboarding process.

If you not configuring a Wi-Fi profile you can still add devices, but you have to connect the device manually to a Wi-Fi network during the onboarding.

To create a Wi-Fi Profile, click File > New Profile

Open the Wi-Fi tab and click on Configure

Fill in the information of the Wi-Fi network, make sure Auto Join is selected and save the profile.

4. Create a Blueprint

A Blueprint is a template of settings within the Apple Configurator 2 application. Once you have created a Blueprint you can easily apply it to new connected devices. In this step I will show you how to create a blueprint.

Within the Apple Configurator 2 application go to File > New Blueprint

Give the Blueprint a name and open it.

Click the Prepare button

Select Prepare with : Manual Configuration. Make sure only Add to Apple School Manager or Apple Business Manager and Allow devices to pair with other computers is selected as shown in the screenshot above.

Select New Server and click Next

Fill in a name, for example Microsoft Endpoint Manager. In the Host name or URL field copy the MDM link from step one in this blog. Click Next

Select appleconfigurator2.manage.microsoft.com and click Next

Login with your Apple Business Manager admin account.

Select Generate a new supervision identity and click Next

Select Don’t show any of these steps and click Next

Click Choose to select the in step 3 created Wi-Fi profile.

Click Prepare

Click Done. The Blueprint is now ready to use.

5. Add an iOS/iPadOS device to the Apple Business Manager

In this step I will add my old iPhone 8 device to the Apple Business Manager. Connect the iOS/iPadOS device via USB cable to the macOS device.

If the device is correctly connected, it will be shown in the Apple Configurator 2 application.

How click on the Blueprints button and select the just created Blueprint (in this case “Futureworkplace”).

Click Apply (be aware that the device will get a factory reset!)

The device will now be added to the Apple Business Manager.

Within the Apple Business Manager, the new devices will automatically be assigned to “Apple Configurator 2”. This can be changed to the MDM server of Microsoft Intune.

Make sure your sync your Apple Business Manager with Microsoft Intune before enrolling the device.

1 comment

Leave a Reply to Steven Stronach Cancel reply

Your email address will not be published.

  • Very informative thank you for the details! Have you ever run into a situation where you’ve enrolled these and at some point needed to wipe/redeploy them back into the environment? I’m having an issue where a net new object gets created in AAD versus a merging with the existing object, so my enrollments go sideways until I manually go in and delete the original object. One device here and there isn’t an issue but when you’re about to repurpose a whack of them .. ouch!

About Robin Hobo

Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page. You can also join me on the following social networks:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close