Access Keys:
Skip to content (Access Key - 0)

IS&T Device Enrollment Program (DEP) for Macs

Apple provides the Device Enrollment Program (DEP) as a way of deploying institute-owned Mac or iOS devices. This process works by technicians providing the serial number of any Mac they would like enrolled into the DEP program to IS&T. IS&T will then upload the serial number to Apple and assign it to the correct Mobile Device Management (MDM) server. Once the computer has been booted, it will automatically receive any policies that have been supplied by the MDM server.

IS&T provides DEP as a service to the MIT community in conjunction with either IS&T's MDM server (Casper) or your department's own MDM server if you have one. If you are interested in our Casper offering, please visit our Casper page for more information. There is no cost associated with either the DEP or Casper service.

Please note machines must be purchased through an official MIT channel for this to work and it must have been purchased after March 2011.

IS&T will also provide training and one-on-one time for both DEP and Casper if requested.

Note:
If you choose not to use the DEP method, take a look at this alternate solution using DeployStudio. IS&T Mac Imaging & Tools

Contact Information

If you would like to enroll computers or have any questions regarding DEP they should be emailed to endpointmanagement@mit.edu.

DEP Process

  1. EPM team enrolls your Mac into DEP program and confirms your machine is enrolled.
  2. Boot your new or re-imaged Mac (not before above step!)
  3. Go through the Out of Box Experience. You must connect to the wireless SSID "MIT" or be on an already registered dongle.
  4. You will then see a screen that says Configured by MIT. If you do not see this screen, contact the EPM team to double check enrollment.
    If you missed the Configured by MIT screen
    • Run these commands from terminal and then reboot. Your machine will go through the Out Of Box Experience again.
      • sudo rm -rf /var/db/.AppleSetupDone
      • sudo rm -rf /var/db/ConfigurationProfiles
      • sudo rm -rf /Library/Keychains/apsd.keychain
  5. Create an account and log in. The below policies will apply if you are using IS&T Casper.
    • Software Installs
      • Sophos
      • CertAid
      • Kerberos Extras
      • Identity Finder
      • Microsoft Office
      • Firefox
      • Acrobat
      • VLC
      • Cisco VPN
      • Crashplan
      • Dropbox
      • Apple Software Updates
    • Configurations
      • Enable Filevault 2 file encryption
      • Add dock icons for Office, Firefox, and Crashplan
      • Enable firewall
      • Create a local admin account
      • Change hostname to serial number
      • Set password policy to minimum 8 characters
      • Force password change on next login
      • Configure 802.1x authentication for ethernet

When setup is complete, the computer will shut down, and the user will be prompted to change their password and begin encryption the next time they log in.

You can also set up machines to have additional software/scripts/printers installed through our Casper offering, or your own MDM policies if you have an MDM server.

Removal of machines from DEP

Machines that will be leaving your ownership should be removed from DEP. Send any serial numbers to IS&T for removal. A machine can only be enrolled in DEP once so once removed it can never be added again. Please note this is an Apple limitation that may or may not change in the future.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

October 12, 2017

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
casper casper Delete
dep dep Delete
imaging imaging Delete
mac mac Delete
c-casper c-casper Delete
endpoint endpoint Delete
management management Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki