Automated Device Enrollment

Automated device enrollment (also called zero-touch enrollment) helps simplify Apple device setup by automatically enrolling and configuring devices when they’re first powered on or after being erased. This feature is available through Apple Business Manager (ABM) or Apple School Manager and is supported in N-central.

When to use automatic enrollment

Automatic enrollment is recommended when:

• The customer has an active Apple Business Manager or Apple School Manager account.
• Most or all the customer’s Apple devices are new.

  Devices already in use can be automatically enrolled in DMA, but they must be erased first. Alternatively, you can use Manual device enrollment, which doesn’t require erasing the device.

• Devices are company-owned and should not be unenrolled by end users.

Benefits of automated enrollment

• Streamlined setup: When powered on and connected to the internet, new Apple devices automatically enroll in Device Management for Apple (DMA). To enable automated enrollment on existing devices, you must erase them before setup.
• Zero-touch provisioning: No manual setup is needed. Users can start using their devices right away.
• Always managed: The MDM profile stays in place and can’t be removed by the user.
• Automatic agent installation: The latest Mac Agent is installed on macOS devices without user intervention.
• Profile enforcement: Profiles are applied silently, with no user prompts.
• Enhanced supervision: iOS devices (13 or later) are automatically set up as supervised. This gives MSPs more control and flexibility, especially for company-owned devices.

  On macOS 11 and later, Macs are supervised— whether automatically or manually enrolled.

Mac Agent installation may take up to 20 minutes after device activation.

Requirements

To use automated enrollment:

• The customer must have an ABM or Apple School Manager account.
• You must add an ABM server token.
• Devices must be assigned to your Device Management for Apple MDM server in ABM.

The ABM server token is Apple's Device Management Service Token. The MDM server is a Device Management Service.

Important considerations

• Devices must be new or erased before auto-enrollment.
• Devices cannot be moved between sites if an ABM account is present.
• You determine whether to enroll devices manually or automatically for each customer.

Next Steps

• Add an ABM server token
• Assign devices to an MDM server

Related articles

• Unenroll devices from DMA

Updated: Sep 04, 2025