Configure BlackBerry UEM for DEP
BlackBerry UEM
for DEPYou can configure
BlackBerry UEM
to synchronize with the Apple
Device Enrollment Program (DEP) if you want to use the UEM
management console to manage the activation of the iOS
devices that your organization purchased for DEP.- In the management console, navigate toSettings > External integration > Apple Device Enrollment Program.If you are usingUEMon-premises, click
and type a name for the account. - In section1 of 4: Create an Apple DEP account, clickCreate an Apple DEP account.
- Complete the fields and follow the prompts to create your account.
- In section2 of 4: Download a public key, clickDownload public key.
- Save the public key on your local machine.
- In section3 of 4: Generate server token from Apple DEP account, clickOpen the Apple DEP portal.
- Sign in to your DEP account. In the preferences for your account, download the server token for the MDM server.
- In section4 of 4: Register the server token with BlackBerry UEM, clickBrowse.
- Navigate to and select the .p7m server token file. ClickOpenthen clickNext.
- In the enrollment configuration window, type a name for the configuration.
- If you wantUEMto automatically assign the enrollment configuration to devices when you register them withAppleDEP, select theAutomatically assign all new devices to this configurationcheck box. Do not select this option if you want to use theUEMmanagement console to manually assign the enrollment configuration to specific devices.
- Optionally, type a department name and support phone number to be displayed on devices during setup.
- In theDevice configurationsection, select any of the following options:
- Allow pairing: Users can pair the device with a computer.
- Mandatory: Users can activate devices using their company directory username and password.
- Allow removal of MDM profile: Users can deactivate devices.
- Wait until device is configured: Users cannot cancel the device setup until activation withUEMis complete.
- In theSkip during setupsection, select the items that you do not want to include in the device setup:OptionImpact if selectedPasscodeUsers are not prompted to create a device passcode.Location servicesLocation services are disabled on the device.RestoreUsers cannot restore data from a backup file.Move fromAndroidData cannot be restored from anAndroiddevice.AppleIDUsers are prevented from signing in toAppleID andiCloud.Terms and conditionsUsers do not see theiOSterms and conditions.SiriSiriis disabled on devices.DiagnosticsDiagnostic information is not automatically sent from the device during setup.BiometricUsers cannot set up Touch ID.PaymentUsers cannot set upApplePay.ZoomUsers cannot set upZoom.Home button setupUsers cannot adjust the Home button's click.Screen TimeThe option to set up Screen Time is skipped during DEP enrollment.Software updateUsers do not see the mandatory software update screen on the device.iMessageandFaceTimeUsers do not see theiMessageandFaceTimescreen on the device.Display toneUsers do not see the Display tone screen on the device.PrivacyUsers do not see the Privacy screen on the device.OnboardingUsers do not see the informational onboarding screen on the device.Watch migrationUsers do not see the watch migration screen on the device.SIM setupUsers do not see the screen to set up a cellular plan on the device.Device-to-device migrationUsers do not see the device-to-device migration screen on the device.
- ClickSave. If you selectedAutomatically assign new devices to this configurationclickYes.
- ActivateiOSdevices. For more information about activating devices that are enrolled in DEP, see Activating iOS devices that are enrolled in DEP.
- The server token is valid for one year. You must renew the token each year before it expires. To see the status of the token, see the Expiry date in theAppleDevice Enrollment Program window. To renew the token, inSettings > External integration > Apple Device Enrollment Program, click the DEP account and clickUpdate server token. Complete both steps to generate a new server token and register it withUEM.
- You can remove any DEP connection that you create. If you remove all DEP connections, you cannot activate newAppleDEP devices. If you assigned enrollment configurations to devices and the configurations have not been applied,UEMremoves the enrollment configurations assigned to the devices. Removing the connection does not affect devices that are active onUEM.