To create an enrollment package for setting up a Mac for pre-stage enrollment, particularly for an environment that uses mobile device management (MDM) solutions like Jamf Pro or Apple School Manager, you’ll follow a series of structured steps. Here’s a guide to help you through the process:
1. Prerequisites
Before setting up the enrollment package, ensure the following prerequisites are met:
- MDM Solution: You have an MDM solution (like Jamf Pro, Apple Business Manager, or another MDM) set up and configured.
- Apple DEP (Device Enrollment Program): Your organization should be registered with Apple DEP.
- Admin Credentials: Have administrative credentials for the MDM solution and Apple DEP.
2. Create an Enrollment Profile
For Jamf Pro:
- Log in to Jamf Pro:
- Navigate to your Jamf Pro server and log in with your admin credentials.
- Create a PreStage Enrollment Profile:
- Go to Devices > PreStage Enrollments.
- Click New to create a new PreStage Enrollment profile.
- Configure the Profile:
- General: Name your profile and set the scope (which devices will use this profile).
- User and Location: Assign default user information if necessary.
- Account Settings: Define account creation settings for users.
- Options: Customize which setup steps users will see or skip (e.g., location services, Apple ID setup, etc.).
- Assign Devices:
- Under Devices, you can add specific serial numbers or use the search function to include devices in this profile.
- Save and Distribute:
- Save the profile. It will be assigned to the devices during their next setup.
For Apple Business Manager (ABM):
- Log in to ABM:
- Go to Apple Business Manager and log in.
- Configure MDM Server:
- In Settings > MDM Servers, ensure that your MDM server is set up and linked.
- Assign Devices to MDM Server:
- Navigate to Devices and select the devices you wish to assign.
- Click Edit Device Management and select your MDM server.
- Configure DEP Profile:
- In your MDM solution, create or configure a DEP profile to streamline device setup.
3. Create an Enrollment Package
An enrollment package is a customized package that might include additional scripts or configuration profiles. Here’s how to set it up:
Using a Tool like Jamf Composer:
- Download and Install Composer:
- If using Jamf Pro, download Jamf Composer.
- Create the Package:
- Open Composer and create a new package.
- Include scripts or configuration files necessary for your enrollment.
- For example, a script to configure Wi-Fi settings, install specific apps, or set up additional configurations.
- Build the Package:
- Save and build the package in Composer.
Using Scripts and Config Profiles:
- Write Enrollment Script:
- Create a script that configures the Mac according to your needs (e.g.,
enrollment.sh
). - Example script for configuring network settings:bashCopy code
#!/bin/bash networksetup -setairportnetwork en0 "Your_SSID" "Your_Password"
- Create a script that configures the Mac according to your needs (e.g.,
- Configuration Profiles:
- Use Apple Configurator 2 or a similar tool to create custom configuration profiles.
- Example: A Wi-Fi profile, VPN settings, etc.
4. Deploy the Enrollment Package
- Upload to MDM:
- Log in to your MDM solution (e.g., Jamf Pro).
- Go to Packages and upload your newly created enrollment package.
- Assign to PreStage Enrollment:
- Link the package to the PreStage Enrollment profile you created earlier.
5. Test the Enrollment
- Factory Reset a Test Device:
- Perform a factory reset on a test device.
- Ensure it’s registered in Apple DEP.
- Enroll the Device:
- Turn on the device and proceed through the setup assistant.
- The device should automatically enroll into your MDM solution and apply the pre-stage profile along with the enrollment package.
6. Documentation and Communication
- Document the Process: Create detailed documentation for your enrollment setup.
- Communicate with Users: Inform users about what to expect during device setup.
Example Enrollment Script (enrollment.sh
):
bashCopy code#!/bin/bash
# Configure network
networksetup -setairportnetwork en0 "Your_SSID" "Your_Password"
# Install necessary software (example)
softwareupdate --install-rosetta --agree-to-license
installer -pkg /path/to/YourApp.pkg -target /
# Run custom setup commands
defaults write /Library/Preferences/com.yourcompany.setup Done -bool true
echo "Enrollment completed!"
Example Configuration Profile (XML Snippet):
xmlCopy code<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<!-- Wi-Fi Configuration -->
<dict>
<key>PayloadType</key>
<string>com.apple.wifi.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>SSID_STR</key>
<string>Your_SSID</string>
<key>HIDDEN_NETWORK</key>
<false/>
<key>AutoJoin</key>
<true/>
<key>EncryptionType</key>
<string>WPA</string>
<key>Password</key>
<string>Your_Password</string>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Wi-Fi Configuration</string>
<key>PayloadIdentifier</key>
<string>com.yourcompany.wifi</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>UNIQUE-UUID</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
With these steps, your Mac should be ready for a streamlined pre-stage enrollment process, reducing the manual effort required for setting up new devices.
Picture: jamf.com