- Setup DEP/ABM in the Fleetsmith Admin Console under Setup > MDM & DEP.
- If enforcing FileVault via Fleetsmith, make sure to skip FileVault in Setup Assistant, and instead allow it be enforced by Fleetsmith. This allows key escrow to occur. If FileVault is enabled manually, the FileVault Recovery Key can not be escrowed by Fleetsmith.
- Purchase all new devices through Apple or an Apple Authorized Reseller that supports DEP/ABM.
- Pre-assign and approve DEP/ABM devices within Fleetsmith while they’re still in transit to the destination. Devices will show up in Fleetsmith within 24 hours of placing an order.
- When using the , be sure to assign specific device(s) to specific employees based on serial number. You can check device specifications and Serial Numbers on individual device approval page and cross compare against Apple order info / shipping destination.
- Make sure to communicate the the randomized account password to the employee before they receive the device. The randomized password is available in Fleetsmith as soon as device has been approved & assigned. It can be found on the individual device page and sent to the new employee out of band, so they already have the username and password by the time the machine arrives.
- Make sure the employee knows they need to have internet connectivity during Setup Assistant, otherwise both DEP/ABM and macOS account creation will fail and Fleetsmith Agent will not automatically be installed.
Apple’s documentation for DEP/ABM can be found here.