Replacement devices and DEP: What is your experience?
Lately I’ve seen more and more DEP devices whose data in WS1 isn’t accurate and the controls in WS1 aren’t working properly. Particularly when we tried moving all devices to >= iOS 14.8. The devices in the Console would show older versions, but the users would tell us that the devices were running the latest iOS at the time. Beyond that, the installed managed apps weren’t being updated or accurately managed, profiles aren’t being accurately managed, etc.
After a support round with VMware, it turns out somewhere along the way of having WS1 for many years, DEP device management “changed” from what my previous experiences were. The problem turned out to be:
User has iPhoneA (DEP).
User wants a replacement iPhoneB (DEP).
User backs up iPhoneA.
User brings iPhoneA in to Wireless to swap it for iPhoneB.
User enrolls in iPhoneB as normal part of DEP.
WS1 gets a notion of what iPhoneB is, what it’s OS is, etc.
User leaves Wireless with iPhoneB.
User restores backup of iPhoneA onto iPhoneB. Despite the app settings saying don’t back up Hub data, the iPhoneA enrollment data is getting restored back onto iPhoneB, so now it’s more like iPhoneAB.
WS1 is now confused because iPhoneB doesn’t really match or respond as expected.
User is happy, does their thing. I am not happy because WS1 cannot properly manage DEP device, the one thing I should be able to properly manage of all the janky devices in WS1.
I have a “solution” from a support call with VMware, but I wanted to know what other admin's experiences were with DEP devices and getting a replacement DEP device. For us, we manage the device but don’t disallow users to have their own AppleID on the device and/or install what they want (probably to our detriment). But we can’t be the only ones that are experiencing this issue.1)
What is your experience with replacement DEP devices?
I've seen similar issues, not just with AirWatch but with MobileIron as well.
I've always had to do an enterprise/selective wipe (or just delete the device from the console) prior to backing up the source phone A. That helps to ensure there are no dregs of the prior enrolment contaminating the target phone B.