Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
When attempting to enroll with or assign a profile to ADE (Automated Device Enrollment), formerly known as DEP (Device Enrollment Program), devices within the Workspace ONE UEM console, one of the following errors during the remote management section of the Apple Setup Assistant: "Invalid Profile" error"The configuration for your iPad could not be downloaded from [Organization Name]. Invalid Profile" error Note: The "DEP" (Apple Device Enrollment Program) is now commonly referred to as "ADE" (Automated Device Enrollment Program) or (automated enrollment via Apple Business Manager) and exists as part of Apple Business Manager. At this time, Workspace ONE documentation may use "DEP", "ADE", "Automated Device Enrollment", or "Automated Enrollment via Apple Business Manager" but these terms are functionally equivalent.
This behavior may occur when: The Organization Group "OG" where the profile has been configured and assigned does not have a Group ID.The Apple Business Manager ADE (formerly DEP) token has expired, or revoked.The latest terms on Apple Business Manager (ABM) portal have not been accepted.
To resolve this issue, perform the following actions:Important: You must proceed to the next step ONLY if the previous option does not resolve the issue. Option 1: Ensure that your Device Enrollment Program token is still valid and has not expired, or has been revoked by Apple. If the token has expired, or the token is suspected as being revoked, best practice is to renew the token by following these step-by-step instructions: Renew the Apple Server token for DEP deployments. This has no negative impact on enrolled devices in the console. Note: Revocation of the token can happen periodically without explicit warning from Apple. A common reason is newly released terms and conditions from Apple prior to the token expiration date. Please Accept new 'Terms & Conditions' on the Apple Business Manager (ABM) portal. Disclaimer: VMware is not responsible for the reliability of any data, opinions, advice, or statements made on third-party websites. Inclusion of such links does not imply that VMware endorses, recommends, or accepts any responsibility for the content of such sites. Option 2: Remove the assigned profile from the UEM console lifecycle status page and refresh this page, then attempt to re-assign the profile.Option 3: Create a new DEP profile and apply it.Option 4: Navigate to the console lifecycle status page. Select the device using the check box on the left and click Reset Token from the More Actions on the top. When completed, click Remove Profile from More actions and refresh the page.Assign the profile back from the More actions menu. Option 5: Ensure that if Authentication is turned 'On' within the DEP Profile and that credentials being entered are not for a Workspace One Administrator account. Administrator accounts are unable to undergo ADE/DEP enrollment. Additionally, check that the User credentials being used are for a user residing within the same Organization Group as the DEP configuration or above.Option 6: Within the Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Apple > Device Enrollment Program. Select the DEP profile to which you have assigned to the device and check that the Custom Prompt option has been turned off. If the custom prompt is turned on, edit the DEP profile, and turn off the custom prompt. When the custom prompt has been turned off, factory reset your device. Option 7: Verify that the device has been assigned a DEP profile. Navigate to the Enrollment Status page (Devices > Lifecycle > Enrollment Status). You can search for the specific device by typing in the serial number. When you have found the device, click on the device, and see if there is a DEP profile assigned. If the device is not assigned, select the more option located at the top right side of the page and select Assign Profile. Select the profile you would like to assign and save the page. When the device has been assigned a profile, factory reset the device. Option 8: Verify that the OG has a Group ID assigned and that the user is located in an OG in which the DEP profile is assigned.Option 9: If all troubleshooting steps have not resolved the issue, factory reset the device and attempt enrollment again.
If you are experiencing an "Assignment in Progress" status/error, refer to VMware Knowledge Base article DEP Profile stuck in “Assignment in Progress”.Refer to these articles for additional information on DEP devices: DEP devices not syncing with Workspace ONE UEM ConsoleUnable to assign or remove DEP profileHow to unenroll, reconfigure, and re-enroll DEP devices