Quick tip: Manually adding devices to Apple Business Manager

This week a quick extra post. I noticed that there was not a lot of information available regarding manually adding devices to Apple Business Manager (ABM) for usage with Automated Device Enrollment (ADE). That makes sense, because the idea is that devices are automatically added to ABM after purchase. However, sometimes it’s useful to be able to manually add devices. Manually adding devices, can be achieved the easiest by following the two steps described below. Before starting with those steps make sure that:

  • an enrollment program token is available and that the synchronization between ABM and Microsoft Intune is active,
  • Find My {AppleDevice} is disabled, and that
  • a mobile configuration is available that contains the WiFi configuration to simplify the enrollment

Step 1: Create an Apple Configurator enrollment profile

The first step is to create an Apple Configurator enrollment profile. That profile will not actually be used, but that’s a relatively easy action to retrieve the URL that is required in the second step. To retrieve that URL, simply follow the next seven steps.

  1. Open the Microsoft Endpoint Manager admin center portal navigate to Devices iOS/iPadOSiOS/iPadOS enrollment Apple Configurator to open the Apple Configurator | Profiles blade
  2. On the Apple Configurator | Profiles blade, click Create to open the Create Enrollment Profile wizard
  3. On the Basics page, provide a valid Name and (optional) a Description and click Next
  4. On the Settings page, select Enroll without user affinity and click Next

Note: The actual configuration doesn’t really matter – this configuration simply requires the least steps – as we only need the enrollment URL

  1. On the Review + create page, click Create to finish the wizard
  2. Back on the Apple Configurator | Profiles blade, open the just created profile and click Export Profile to open the Setup Assistant Enrollment blade
  3. On the Setup Assistant Enrollment blade, copy the Profile URL

Step 2: Prepare the Apple device

The second step is to prepare the Apple device. That preparation will make sure that the Apple device will be registered in ABM and that the device will be prepared for the out-of-the-box experience. To prepare the device, simply follow the next ten steps on a MacBook.

  1. Open Apple Configurator 2 on a MacBook, connect the Apple device that should be prepared, select the device and click Prepare
  2. On the Prepare Devices page, provide the following information and click Next
  • Prepare with: Select Manual Configuration as value
  • Select Add to Apple School Manager or Apple Business Manager
  • Select Allow devices to pair with other computers
  1. On the Enroll in MDM Server page, verify that New Server is selected and click Next
  2. On the Define an MDM Server page, specify the following information and click Next
  • Name: Provide a valid name for the enrollment server
  • Host name or URL: Specify the URL that was copied from the Apple Configurator profile in step 1
  1. On the Define an MDM Server page, select DigiCert Global Root G2 and click Next
  2. On the Sign in to Apple School Manager or Apple Business Manager page, sign in with a Managed Apple ID and click Next
  3. On the Create an Organization page, select Generate a new supervision identity and click Next
  4. On the Configure iOS Setup Assistant page, click Next

Note: The actual configuration doesn’t really matter – this configuration simply requires the least steps – as the configuration will be controlled by Microsoft Intune

  1. On the Choose Network Profile page, select the mobile config and click Next
  2. On the Automated Enrollment Credentials page, click Prepare to bring the device to Apple Business Manager and to prepare the device for Apple ADE

14 thoughts on “Quick tip: Manually adding devices to Apple Business Manager”

  1. You can actually skip creating the Apple Configurator enrollment profile in intune. Within the Apple configurator just add http://localhost as mdm server.

    When preparing the device just skip the mdm registration. The device will be added to Apple Business and from there you can sync it to Intune and assign the appropriate Enrolment profile.

    Reply
  2. Hi Peter
    in step 1.4 you mention: On the Settings page, select Enroll without user affinity and click Next.
    Do you know the resulting difference if user affinity is set?

    Reply
  3. Hi Peter and John

    I have two issues with this type of enrollment compared to Supplier DEP/ADE added devices.

    Do you know any ways of avoiding:

    1. Intune enrollment options for which screens should be visible at first device startup is overruled by Apple configurator settings for visible steps in the setup assistant configuration, and it seems mandatory in Apple configurator

    2. i’m pretty sure theres no workaround this choice from Apple.
    When using Apple configurator there will be a 30 day period after enrollment, where the user is able to unenroll corporate owned devices as if they where BYOD, when using AC. even worse it’s mentioned at the bottom of the login screen on the device for the period.

    Reply
  4. Hi Peter!

    I’ve followed you guide to the letter and also tried the ‘localhost’ server address as suggested in one of the comments, but I can’t get it to work. I keep seeing the error “Provisional Enrollment Failed. The cloud configuration server is unavailable”.

    I have access to 2 iPhones and also 2 different ABM tenants and I get the same error for both devices and both ABM tenants. Googling the error doesn’t really help.

    Any idea? Have you seen this before?

    Thanks and keep going with your blogs, they relly are very good 🙂

    Reply
  5. Hi Peter,

    A user have unenrolled a corporate iPad whitin 30 days. How can i add this device to ABM again? I get a error, ProvisionalEnrollmentRejected.

    Greetings Tinus

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.