Device Enrollment Fact Sheet
Apple’s Device Enrollment Program (DEP) is a significant addition to enterprise mobile management, worthy of the attention of every mobility administrator. When combined with MDM and Apple’s VPP, a company can create a robust and complete solution for many situations.
Mobile Access Management provides three major advantages over DEP alone:
-
Mobile Access Management is quicker than DEP alone, often twice as fast.
-
Mobile Access Management is unattended setup, while DEP requires manual attention.
-
Mobile Access Management will automate DEP activation plus many additional actions.
There are many use cases where Mobile Access Management can work with DEP to form an almost perfect solution.
Example 1: Shared Devices
No more deployments by hand! Mobile Access Management’s unique automation engine can reliably and easily script virtually every deployment step you require, again and again and again. Mobile Access Management does not need attention while running. This means our deployments take half the time of doing DEP alone. Plus, you can easily scale to deploy many devices at the same time.
And because the deployments is fully automated you no longer need to troubleshoot individual devices. Really. Instead just "Nuke & Pave" — wipe the device and completely reprovision in 90 seconds or less, with true zero touch. Mobile Access Management remembers the initial, pristine device configuration and can re-apply that as often as you need.
Example 2: Highly Regulated Industries
Got HIPAA, SOX, or PCI? The greater the compliance need, the more careful you need to be with deployments. But DEP and MDM are asynchronous, so they can not guarantee that "step 1" comes before "step 2." Mobile Access Management’s sequential deployment engine ensures you deploy the steps in the right order every time, and even has an audit log to prove it.
-
Update iOS before quarantine
-
Add root CA certs before VPN starts
-
Install your in-house app before single-app mode starts
Comparison
| Feature | Mobile Access Management + DEP | DEP Only |
|---|---|---|
| MDM enrollment |
 MDM not removable by user |
|
| Skip Setup Screens |
Automatic |
|
| Update iOS before enrollment |
Automatic |
 Requires Configurator |
| Initiate full device erase |
Automatic |
Manual |
| Retire old device from MDM |
Automatic |
Manual |
| Add WiFi | Automatic |
Manual |
| Assign device to MDM user or service account | Automatic |
Manual |
| Set Icon Arrangement |
Automatic |
If in MDM |
| Set Name |
Automatic |
If in MDM |
| Set Timezone |
Automatic |
Manual |
| Set Language |
Automatic |
Manual |
| Preload Trust Certificates |
Automatic |
Manual |
| Installed locally-cached enterprise apps |
Automatic |
Manual |
| Action triggered by | Connect to USB | Erase and tap screens |
If your organization has Supervision Identity features enabled, you will be able to do even more with MAM & DEP.
| Feature | Mobile Access Management + Supervision Identity | DEP Only |
|---|---|---|
| Set Wallpaper |
Automatic |
If in MDM |
| Launch App |
Automatic |
If in MDM |
| Hide Apps |
Automatic |
If in MDM |
Conclusion
It is true that there is some overlap between DEP and Mobile Access Management. But rather than see them as competitors, we have worked hard to make them work great together. For more information about DEP + Mobile Access Management, reach out to support.imprivata.com.
