Loading...
Loading...
This article provides steps to: Unenroll or remove a DEP device so that it can be re-enrolled with a new userReconfigure DEP when you want to associate the device with a different userRe-enroll a DEP device with a new userRemove DEP profile
To unenroll or remove a DEP device so that it can be re-enrolled with a new user: To unenroll a device from Workspace ONE is to completely remove the device from Workspace ONE management. To unenroll or remove a DEP device so that it may be re-enrolled (or placed under Workspace ONE management again) with a new user, send a Device Wipe command to the device from the Workspace ONE UEM Console and enter the new user credentials during configuration. Navigate to Devices > List View and search on the top right to locate your device.Click on the device name and select More Actions > Device Wipe to restore the device back to setup assistant.Once the wipe is completed you may delete the device record from UEM console. For more information on Enterprise wipes, see Enterprise Wipe versus Device Wipe for Workspace ONE. To reconfigure DEP when you want to associate the device with a different user: Within the Workspace ONE UEM Console, navigate to the Organization Group where DEP is configured. From here, select Groups & Settings > All Settings > Devices & Users > Apple > Device Enrollment Program.Select Disable and Save. Refresh the page.Click Configure and download the public key by selecting MDM_DEP_PublicKey.pem.Log into the Apple Business Manager (ABM) portal.Upload the public key to your AW MDM server.Sign in with your organization's Apple credentials. Confirm your identity by entering the verification code and the Device Enrollment Program portal screen will appear. Navigate to Settings > Device Management Settings > Add a MDM Server.Enter the MDM Server Name.In MDM Server Settings, upload the public key by browsing from your local repository.Click Save.Upload the Apple server token in the Workspace ONE UEM Console by clicking Upload. After clicking Upload, select Apple Server Token file (.p7m). Click Next. This action allows Workspace ONE and Apple to authenticate with each other. As a best practice, use only one token at the customer organization group. Multiple tokens should only be added if your organization has a complex configuration or if devices are being enrolled with multiple DEP accounts. Configure the Authentication settings. For additional details on this process, reference Create or Edit the DEP Enrollment Profile To re-enroll a DEP device with a new user: Two options are available for this process: Perform a factory reset of the device and enroll through DEP while setting up the iOS device. This locks the Workspace ONE MDM profile and ensures that the user cannot remove it.The device can be enrolled through DEP via web browser by browsing to the MDM enrollment URL located under Site URL in the Workspace ONE UEM Console or by utilizing Intelligent Hub. This will cause the device to be supervised but the users will be able to remove the profile by navigating to Settings > Device Management.
Remove DEP profile If you do not want to re-enroll the device within DEP: Complete the steps outlined in Resolution section > To unenroll or remove a DEP device so that it can be re-enrolled with a new user topic.Remove the DEP profile by navigating to Devices > Lifecycle > Enrollment Status > select the device > More > Remove Profile.Perform a Device Wipe. Disassociate devices from Apple Business Manager To disassociate devices from Apple Business Manager, log into the Apple Business Manager portal to manually disassociate from the MDM server that you initially created. Navigate to Device Assignments > Choose Devices.Enter the Serial Number of the device.In Choose Action, select Unassign Devices and click Done.To sync the devices in the Workspace ONE UEM, navigate to Devices > Enrollment Status.In the ADD dropdown menu, select Sync Devices and click Sync. Follow the prompt to complete the process. Please reference the following resources for related information: Configure the Apple Business Manager PortalAssociate and Disassociate Devices in Apple Business Manager Portal To reboot a DEP Mac without deleting any data: Run the following commands in Terminal: sudo rm /var/db/.AppleSetupDone sudo rm -rf /var/db/ConfigurationProfiles/ sudo rm /Library/Keychains/apsd.keychain sudo reboot Common DEP related workflows and issues: Renew the Apple Server token for DEP deployments Unable to assign or remove DEP profile“Invalid Profile” error in DEP deviceHow to unenroll, reconfigure, and re-enroll DEP devicesDEP Profile stuck in “Assignment in Progress”DEP devices not syncing with Workspace ONE UEM ConsoleHow to restrict users from uninstalling the Intelligent Hub
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.