Enrollment package for setting up a Mac for pre-stage enrollment

To create an enrollment package for setting up a Mac for pre-stage enrollment, particularly for an environment that uses mobile device management (MDM) solutions like Jamf Pro or Apple School Manager, you’ll follow a series of structured steps. Here’s a guide to help you through the process:

1. Prerequisites

Before setting up the enrollment package, ensure the following prerequisites are met:

  • MDM Solution: You have an MDM solution (like Jamf Pro, Apple Business Manager, or another MDM) set up and configured.
  • Apple DEP (Device Enrollment Program): Your organization should be registered with Apple DEP.
  • Admin Credentials: Have administrative credentials for the MDM solution and Apple DEP.

2. Create an Enrollment Profile

For Jamf Pro:

  1. Log in to Jamf Pro:
    • Navigate to your Jamf Pro server and log in with your admin credentials.
  2. Create a PreStage Enrollment Profile:
    • Go to Devices > PreStage Enrollments.
    • Click New to create a new PreStage Enrollment profile.
  3. Configure the Profile:
    • General: Name your profile and set the scope (which devices will use this profile).
    • User and Location: Assign default user information if necessary.
    • Account Settings: Define account creation settings for users.
    • Options: Customize which setup steps users will see or skip (e.g., location services, Apple ID setup, etc.).
  4. Assign Devices:
    • Under Devices, you can add specific serial numbers or use the search function to include devices in this profile.
  5. Save and Distribute:
    • Save the profile. It will be assigned to the devices during their next setup.

For Apple Business Manager (ABM):

  1. Log in to ABM:
  2. Configure MDM Server:
    • In Settings > MDM Servers, ensure that your MDM server is set up and linked.
  3. Assign Devices to MDM Server:
    • Navigate to Devices and select the devices you wish to assign.
    • Click Edit Device Management and select your MDM server.
  4. Configure DEP Profile:
    • In your MDM solution, create or configure a DEP profile to streamline device setup.

3. Create an Enrollment Package

An enrollment package is a customized package that might include additional scripts or configuration profiles. Here’s how to set it up:

Using a Tool like Jamf Composer:

  1. Download and Install Composer:
  2. Create the Package:
    • Open Composer and create a new package.
    • Include scripts or configuration files necessary for your enrollment.
    • For example, a script to configure Wi-Fi settings, install specific apps, or set up additional configurations.
  3. Build the Package:
    • Save and build the package in Composer.

Using Scripts and Config Profiles:

  1. Write Enrollment Script:
    • Create a script that configures the Mac according to your needs (e.g., enrollment.sh).
    • Example script for configuring network settings:bashCopy code#!/bin/bash networksetup -setairportnetwork en0 "Your_SSID" "Your_Password"
  2. Configuration Profiles:
    • Use Apple Configurator 2 or a similar tool to create custom configuration profiles.
    • Example: A Wi-Fi profile, VPN settings, etc.

4. Deploy the Enrollment Package

  1. Upload to MDM:
    • Log in to your MDM solution (e.g., Jamf Pro).
    • Go to Packages and upload your newly created enrollment package.
  2. Assign to PreStage Enrollment:
    • Link the package to the PreStage Enrollment profile you created earlier.

5. Test the Enrollment

  1. Factory Reset a Test Device:
    • Perform a factory reset on a test device.
    • Ensure it’s registered in Apple DEP.
  2. Enroll the Device:
    • Turn on the device and proceed through the setup assistant.
    • The device should automatically enroll into your MDM solution and apply the pre-stage profile along with the enrollment package.

6. Documentation and Communication

  • Document the Process: Create detailed documentation for your enrollment setup.
  • Communicate with Users: Inform users about what to expect during device setup.

Example Enrollment Script (enrollment.sh):

bashCopy code#!/bin/bash
# Configure network
networksetup -setairportnetwork en0 "Your_SSID" "Your_Password"

# Install necessary software (example)
softwareupdate --install-rosetta --agree-to-license
installer -pkg /path/to/YourApp.pkg -target /

# Run custom setup commands
defaults write /Library/Preferences/com.yourcompany.setup Done -bool true

echo "Enrollment completed!"

Example Configuration Profile (XML Snippet):

xmlCopy code<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadContent</key>
    <array>
      <!-- Wi-Fi Configuration -->
      <dict>
        <key>PayloadType</key>
        <string>com.apple.wifi.managed</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>SSID_STR</key>
        <string>Your_SSID</string>
        <key>HIDDEN_NETWORK</key>
        <false/>
        <key>AutoJoin</key>
        <true/>
        <key>EncryptionType</key>
        <string>WPA</string>
        <key>Password</key>
        <string>Your_Password</string>
      </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Wi-Fi Configuration</string>
    <key>PayloadIdentifier</key>
    <string>com.yourcompany.wifi</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>UNIQUE-UUID</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
  </dict>
</plist>

With these steps, your Mac should be ready for a streamlined pre-stage enrollment process, reducing the manual effort required for setting up new devices.

Picture: jamf.com

Comments

comments

Ankur Bharadwaj

I’m Ankur Bharadwaj, Freelance blogging scientist and Engineer by profession from Bangalore, India. Here at Speaking Dots, I write about starting & managing a blog, Entertainment, Technology, Life Style, social media, SEO, and Digital Marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *