antherITguy
Enthusiast
Enthusiast

DEP Token Renewal

I have a DEP token coming up for renewal fairly soon. Are there any gotcha that anyone has come across when renewing this? This is the process that I am planning on following:


    1. Log into the Apple Deployment Programs site and select Get Started for the Device Enrollment Program.


    2. Confirm your identity with a verification code by selecting the phone number to receive the four-digit code and select Send. When received, enter the code. Select Continue.


    3. Select Manage Servers from the left panel.


    4. Select the Server Name of your MDM server with the token file you want to renew.


    5. Select Generate New Token > Generate and Download Server Token.


    6. Select Done > OK.


    7. Navigate to the DEP settings page in the AirWatch Console.


    8. Go to Groups & Settings > All Settings > Devices & Users > Apple > Device Enrollment Program.


    9. Select the Renew button.


    10. Upload your newly generated server token to AirWatch.


 


Thanks

Labels (1)
7 Replies
KEVINSCHELLINGE
Contributor
Contributor

Hey Derek, I had this on my list to do today also. Your steps look spot on.
I just did this moments ago with no issue on these steps, You can always put a ticket in with the helpdesk, I did that for the longest time. I am working on doing these on my own now. The APN for MDM is the one that is a problem for me due to the previous administration set it up.

anyways good luck!
0 Kudos
GaryCutriGaryCu
Contributor
Contributor

Hi, whilst you are renewing it is a good to to upgrade to Apple Business Manager.  Once updated you renew the DEP token and then review or update your DEP profiles as new features are added to the profiles with each major iOS update.
0 Kudos
LukeDC
Expert
Expert

Looks good. It's good to note that the DEP token is only there to enable secure communications with the DEP portal. It won't break anything except synchronization if it somehow fails. Happy trails!
CharlesTchia
Contributor
Contributor

Hi

I'm about to renew my token as well and was looking at making changes since I'm updating anyway. My structure is kind of like this:

Global

Under Global are 4 sub location groups (Business Group 1, Business Group 2,Business Group 3, Business Group 4)

Under each of these Business Groups are other location groups which is where the devices actually enrol into. (eg. Business Group 1 has sub location groups IOS Corporate, IOS BYO, Android Corporate and Android BYO).

Currently my DEP is setup at Global and the assigned profile for devices is to enrol into IOS Corporate anyway. If I want to move DEP setup down to IOS Corporate, i'm thinking following steps:

1. Disable DEP at Global

2. Change location down to IOS Corporate

3. Reconfigure DEP again (download PEM file, upload to Apple, download token using same location as before)

4. Setup default assigned DEP profile again

That's about it?

Reason why the move down is that we share the environment with another IT team who do their own thing and own one of the other Business Group under Global. This will give us the flexibility in future when they want to setup DEP as well for their own devices, as we don't want to share the same location groups and token.

0 Kudos
CharlesTchia
Contributor
Contributor

Hi again.

Following on, I've made the change and all looks ok. When I look in Devices > Lifecycle > Enrollment status, devices have re-synced but devices that are already enrolled, now just show as "Registered" under Enrollment status. Does this matter?

0 Kudos
chengtmskcc
Expert
Expert

Devices previously enrolled under the old DEP profile will show as such until they are re-enrolled from scratch to receive the new DEP profile.

0 Kudos
CharlesTchia
Contributor
Contributor

Cool, thanks Thomas, hope all is safe and well your way in these crazy times.

0 Kudos