Add Apple devices to ABM Using Apple Configurator App

Add Apple devices to ABM Using Apple Configurator App

Introduction
  • This article will guide you through the steps of adding a device to Apple Business Manager. In the event a device isn't added to ABM during purchase, it can be added afterwards with the Apple Configurator App. This app is not to be confused with Apple Configurator 2 which is used to add iPhones, iPads, or AppleTV devices to ABM.
  • You can add a Mac computer with Apple silicon or with an Apple T2 Security Chip running macOS 12 or later to Apple Business Manager using Apple Configurator on your iPhone, even if the devices weren’t purchased directly from Apple or an Apple Authorized Reseller. When a Mac is set up this way, it behaves like any other Mac already in Apple Business Manager, with mandatory supervision and mobile device management (MDM) enrollment. For these Mac computers that weren’t purchased directly, the user has a 30-day provisional period to release the device from Apple Business Manager, supervision, and MDM. This 30-day provisional period begins after the Mac restarts and is successfully enrolled in an MDM server linked to Apple Business Manager.
  • See the useful links section at the bottom of this document for these instructions and more from Apple Support.
  • Note:  For these instructions, you can also use an iPad.

Prerequisite

  • Connect the iPhone to WiFi. Download and install the Apple Configurator App onto the iPhone running iOS 15 or later. Sign into ABM on the app using an account that has device manager permissions or higher.

  • You can pass the iPhone's WiFi to the Mac during setup (recommended) or you can use the alternative option below:
    • Connect Mac to internet via Ethernet cable and appropriate adapters.

Assign a new Mac

If you’ve purchased a new Mac and haven’t yet started it up, you can begin. Otherwise, the Mac will need to be erased and reset.

  1. If you’re assigning a Mac laptop, plug the Mac into a power source so it doesn’t go to sleep during the process.
  2. If the Mac is connecting to the internet using Ethernet, plug in all necessary cables and adapters.
  3. Start up the Mac.
  4. Select the language in Setup Assistant, click Continue, then stop when you see the Country or Region pane.
    • Note: You must restart the Mac if you go past the Country or Region pane.
  5. Bring your iPhone close to the Mac, then do one of the following:
    • Scan the image that appears in Setup Assistant. The WiFi on the iPhone will be passed to the Mac.
    • Or, Click Pair Manually in the lower-left corner of the Setup Assistant, then tap Manual Pairing in Apple Configurator and enter the six-digit code that appears.
    • The serial number and other information about the Mac are uploaded to Apple Business Manager.
    • Important:  Only attempt connecting 1 MacBook at a time. All other new MacBooks in the vicinity should be fully turned off.

  1. Wait for the assignment process to complete.
    • Important: If you want the Mac to enroll in MDM, don’t restart or shutdown the Mac until you complete the task “Assign the Mac to an MDM server”.

Assign the Mac to an MDM server

  1. Make sure you’ve properly configured your MDM solution so that it contains enrollment settings and an enrollment profile for the Mac.
  2. Sign into Apple Business Manager .
  3. Select Devices from the sidebar, then use the filter to show only “Devices added by Apple Configurator.”

The Mac should appear in the list. You may need to refresh the list of devices before the newly assigned Mac appears.

  1. You can now transfer the Mac to an existing MDM server in Apple Business Manager. For more information, see the next section below.
  2. After the Mac is assigned to an MDM server, you can restart the Mac to enroll it in MDM.

 

Assign, reassign, or unassign devices in ABM

  1. In Apple Business Manager , sign in with a user that has the role of Administrator or Device Enrollment Manager.
  2. Click Devices  in the sidebar, search for a device in the search field, then select the device from the list.
  3. After you’ve searched for the devices, select the total number of devices at the top of the list, then click Edit next to Edit MDM Server .
  4. Do one of the following:
    • Choose “Assign to server,” then choose the MDM server you want to assign or reassign the device to.
    • Choose Unassign to unassign the device from an MDM server.

Note: If you select a device that is unassigned, you won’t see the unassigned option.

  1. Click Continue.
  2. Carefully read the dialog, then click Continue.

A new activity appears in the bottom right and generates a list of the devices that are assigned or reassigned to the selected MDM server or unassigned from an MDM server. You can wait for the activity to complete, or click Close to close the window.

Final Touches

  • Return to the Mac device and restart it.
  • To confirm that all of the above steps have been completed successfully, begin the Out Of The Box (OOTB) experience. After the device connects to the internet (WiFi or Ethernet) a message will appear on screen with this logo , confirming the device is configured to be managed by your organization’s MDM.
    • Optional:  Continue the OOTB and create a user profile.
  • Shutdown the Mac and prepare for it to be handed off or shipped to the end user before their start date.

Troubleshooting

If the device fails to prompt to install MDM profile after performing all the steps above, follow these troubleshooting steps:

  1. Restart the device again.
  2. Give it time. In some cases, the Apple Business Manager server doesn’t respond to recent changes. Wait an hour, then try again.
  3. Confirm the device isn't low on battery or overheating.
  4. Use alternate WiFi such as mobile hot spot or a WiFi without a splash page.
  5. Erase and reset the Mac again.

If all of the above fail, proceed with the advanced troubleshooting steps below.

  1. Device should be in the OOTB (Out-of-the-Box) process and still failing to prompt to install the MDM profile.
  2. Boot device into recovery mode, open terminal, and run the following commands. Then restart and try the setup again.
    • rm -f /Volumes/Macintosh\ HD/Library/Keychains/apsd.keychain
    • rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloud*
  3. Finish the OOTB as an un-managed device. Make sure the local profile is set for the new user. Open terminal and run the following:
    • sudo profiles renew - type enrollment
      • Enter the user account password. (no * will appear when typing the password)
      • Even if this command fails, run the next one.
    • sudo profiles -Nv
      • Check for a notification in the top right. Select details to open the Profiles page in System preferences.
      • Allow the profile to be assigned to the device. The list of profile settings will then populate momentarily.

Useful links

Edited:  12.21.2022