Apple Configurator

admin



Not to sound rude, but what the hell? All of the documentation for Apple Configurator 2 is specifically for MAC. Why would this question even come up? Purchase a newer / used Mac and download Apple Configurator 2. Apple Configurator is a free app in the Mac App Store. If you are using Apple School Manager, the instructions are the same. Since Apple Configurator is only available in the Mac App Store, you will need access to a Mac in order to do this. Add an existing device to Apple Business Manager. Note: at the time of writing this, the version of Apple.

Apple Configurator 2 is an OSX program that allows one to create configuration profiles for Apple devices, including iPad, iPhone, Apple TV, and iPod Touch, for easily deploying in business or school. You can mass enroll and supervise devices with Apple Configurator. What is Apple Configurator? Apple Configurator is a free utility tool that enables configuring, enrolling and deploying corporate-owned iOS, iPadOS and tvOS devices in the enterprise through a USB connection. Apple Configurator 2 makes it easy to deploy iPad, iPhone, iPod touch, and Apple TV devices in your school or business. Use Apple Configurator 2 to quickly configure large numbers of devices connected to your Mac via USB with the settings, apps, and data you specify for your students, employees, or customers.

What is Apple Configurator ?

Abm

Apple Configurator is a free utility tool that enables configuring, enrolling and deploying corporate-owned iOS, iPadOS and tvOS devices in the enterprise through a USB connection. It aids in the automated bulk enrollment of Apple devices using MDM and pre-loading the devices with the associated profiles and distributed apps before handing them out to users.

Apple Configurator Abm

Apple Configurator 2 is the latest version of this tool available that makes the deployment process of corporate iOS devices easier and more efficient. You can also assign users to devices and supervise them, exercising additional control. Administrators can enforce mobile security on managed devices by importing existing profiles or creating new configuration profiles. You can use Apple Configurator 2 to enroll devices not purchased directly from Apple or its reseller with ABM as explained here.

Similarly, Mobile Device Manager Plus also supports enrollment of Apple TV using Apple Configurator 2. Follow the steps given here to learn how to use Apple Configurator 2 to enroll Apple TV.

Benefits of integrating MDM with Apple Configurator 2

The benefits of using Apple Configurator 2 is mentioned below:

  1. Push predefined configurations for corporate iOS devices.

  2. Automatic enrollment with Mobile Device Manager Plus.

  3. Enroll devices in bulk.

  4. Advanced control over the Supervised devices. For more details on Supervised devices and their benefits, refer this.

We have made your job simpler!
Learn how to set up and use Apple Configurator 2 in just 3 minutes through this demo video.

How to enroll iOS devices using Apple Configurator?

Prerequisites for enrollment:

  1. To use Apple Configurator 2, ensure your Mac is running on 10.7 or later versions of operating systems.

  2. It is recommended to update your iTunes before installing the Apple Configurator Utility.

  3. Apple Configurator 2 with MDM can be used only for devices running iOS 6 or later versions. If any device with lower versions is used, then the Operating System of the devices are automatically upgraded to the latest.

You can use Apple Configurator 2 to enroll multiple devices at the same time. Follow the steps mentioned below to learn how to use and enroll multiple devices using Apple Configurator.

Prepare Apple Configurator 2.0

After installing the Apple Configurator 2, you have to follow the steps mentioned below to Prepare Apple Configurator2.0:

  1. On Apple Configurator 2, click File, select New Profile and then select Wi-Fi. Do not modify any other profiles as this might affect the profiles distributed using MDM.
  2. Create a Wi-Fi profile and save it.
  3. Click File and choose New Blueprint and name it.
  4. Open the newly created Blueprint and click Profiles, you have to add the newly created Wi-Fi profile (which was created in step #2).
  5. Right-click and choose Prepare as shown in the below image.
  6. Specify the Configuration Type as Manual. If you wish to add mobile devices into your Apple Business Manager (ABM) portal from Apple Configurator 2, enable the Add to Device Enrollment Program option. Learn how, from this document.
  7. Add the new server details by specifying the Server Name and Enrollment URL, configured in the MDM server.

  8. Trust anchor certificates are automatically added. If Apple Configurator takes too long to fetch anchor certificates, skip and proceed directly to the Assign to organization step by clicking on Next.
  9. Specify the name and details of the organization by creating a new organization on Apple Configurator 2.

  10. Choose Generate a new supervision identity to create a new Supervision identity on Apple Configurator 2.
  11. If you had enabled the option to add devices to DEP using Apple Configurator, enter your ABM account credentials
  12. Configure iOS setup assistant by clicking Prepare.


  13. Once the configuration on Apple Configurator 2 is done, connect the devices to a Mac through USB. Now in Apple Configurator, select the device, choose the created blueprint and add it to the device to be enrolled. Once this is done, the device restarts and the process is completed by accepting the created profile in the device. After completion, the device gets added to the MDM Server from where the device can be assigned to the user.

Enroll Devices to the MDM server from Apple Configurator

In order to enroll devices, you have to specify the ME MDM server URL on Apple Configurator 2. You can find theURL, in the below-mentioned location:

  1. On the MDM Product server console, choose Enrollment.
  2. Under iOS choose Apple Configurator.
  3. Select Configuration Steps, navigate to the fifth slide and copy the URL.
  4. On Apple Configurator 2, provide the URL copied from the MDM server.

Assign Users

You can see all the devices are listed in the MDM server, under Apple Configurator. You can assign the devices to appropriate users. Once the users are assigned, you can seethe devices listed under Managed devices view on the MDM server.


Troubleshooting Tips

  1. During device activation, you encounter the error A cloud configuration is already present on this device [mctunnelerrordomain – 0x36b2 (14002)].

    Connect the device back to Apple Configurator. Right-click the device and select Restore. This re-downloads configurations into the device and fixes the problem.

  2. While configuring the Blueprint on Apple Configurator, you are prompted to enter the Apple ID and password and are unable to skip this step.

    This is a default screen which appears while configuring a Blueprint. You cannot skip this step if you have enabled the option to Add device to DEP portal in the first step. If you do not want to add the devices to ABM, uncheck the option and skip the step requesting for Apple credentials. Else, enter the ABM portal details and click on Next.

  3. When you choose Apply Configuration on Apple Configurator, you encounter a Session Time Out error.

    In this case, verify the Internet connectivity and retry applying configuration on Apple Configurator.

  4. While configuring the Blueprint, the screen gets stuck on Fetching Anchor Certificates or if the Certificates are not fetched

    You can safely click on Next as this step does not affect the blueprint creation.

  5. You are trying to enroll a device and get an unexpected error with Failed to retrieve IMEI.

    This error occurs when the device is already enrolled with Apple Configurator or when you enroll different types of devices like iPhones and iPads consecutively using Apple Configurator. Since an iPhone has an IMEI number (which is required for enrollment in some cases), it is automatically detected and the enrollment is completed. Since an iPad does not have an IMEI number this error is shown. Restore the device and try enrolling it again.
    NOTE: Certain iPads do have the IMEI number while enrolling, in which case this error does not occur.

  6. You are trying to enroll a device and encounter the error The device does not recognize the host.

    This error occurs when the restriction Allow iTunes pairing and other USB connections have been applied to the device. This restriction prevents the connection with all other devices except the one used for Supervising it. Remove the restriction from the device or enroll using the machine previously used for Supervising the device.

  7. If you are trying to enroll devices not purchased from Apple or authorized resellers.

    Apple now allows adding ios 11 devices not purchased directly from Apple or authorized resellers into ABM. Follow the steps given here to use Apple Configurator to add devices to ABM.

  8. While enrolling a device you encounter an error 'An unexpected error has occurred. Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ]

    This error Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ] occurs on Apple Configurator 2 if the device is currently enrolled in a different MDM solution. Remove the device from the MDM solution, factory reset, and try enrolling the device again to resolve the error Invalid Profile [MCProfileErrorDomain - 0x3E8 (1000) ].

    9. This happens only if the device cannot be upgraded to iOS 11 (refer this to know the list of iOS devices supporting iOS 11) or the device needs to be upgraded to iOS 11 manually and then added to DEP/ABM/ASM via Apple Configurator.

  9. If you're trying to add a device to DEP/ABM/ASM via Apple Configurator and receive the error An unexpected error has occurred: The device returned an unexpected status. (CommandFormatError) [com.apple.configurator.MobileDeviceKit.error – 0xfffffffff8028014...]

    You might encounter the error The device returned an unexpected status. (CommandFormatError) [com.apple.configurator.MobileDeviceKit.error – 0xfffffffff8028014...] only if the device cannot be upgraded to iOS 11 (refer this to know the list of iOS devices supporting iOS 11) or the device needs to be upgraded to iOS 11 manually and then added to DEP/ABM/ASM via Apple Configurator.

  10. Unable to verify the server’s enrollment URL. A server with the specified hostname could not be found.

    This message is shown on Apple Configurator when the MDM server is not reachable or the correct host URL is not entered. Verify if the MDM server, the Mac machine running Apple Configurator, and the devices to be enrolled are in the same network. Also, ensure that the host URL which is available on the MDM server, is entered correctly.

  11. While performing provisional enrollment of devices not purchased from authorized resellers, you receive the error Provisional enrollment failed: device is already in Device Enrollment Program.

    This error on Apple Configurator Provisional enrollment failed: device is already in Device Enrollment Program occurs when the device you are trying to enroll is already available in the ABM portal. Check if the device is available in the server titled Devices Added by Apple Configurator 2 or is assigned to a different server in the ABM portal.

  12. While performing provisional enrollment of devices not purchased from authorized resellers, you receive the error Provisional enrollment failed: Network error.

    This error on Apple Configurator, Provisional enrollment failed: Network error occurs when the device you are trying to enroll is already available in the ABM portal. Check if the device is available in the server titled Devices Added by Apple Configurator 2 or is assigned to a different server in the ABM portal. If you are unable to find the device, try connecting to a different network to enroll the device.

  13. While adding devices to the ABM portal via Apple Configurator you encounter the error 'Provisional enrollment failed... The Cloud configuration server is unavailable or busy [MCCloudConfigurationErrorDomain - 0x80EF (33007)]'.

    This error, Provisional enrollment failed... The Cloud configuration server is unavailable or busy [MCCloudConfigurationErrorDomain - 0x80EF (33007)], is shown on Apple Configurator if the device is unable to contact the ABM server. Factory reset the device and proceed until the Wi-Fi configuration step. Prepare the device using Apple Configurator and follow the steps for adding it to ABM.

  14. Why are my devices not listed under ABM tab when I add the devices to ABM using Apple Configurator?

    When devices are enrolled to ABM using Apple Configurator, the devices will be initially listed under Apple Configurator tab even though they are added to the ABM portal. When the user assignment is complete, these devices will be moved to Managed devices tab.

  15. While enrolling devices to the Device Enrollment Program or Apple Business Manager, you encounter an error Apple Configurator 2 cannot access the Device Enrollment Program

    You may encounter this error Apple Configurator 2 cannot access the Device Enrollment Program if there are network issues due to which https://mdmenrollment.apple.com is not reachable or when the Apple servers are down. Verify your network connectivity and try again after sometime.

To see the updated article for supervising and enrolling iOS 11+ devices with Apple Configurator 2.5+, including information on how to add devices into DEP via Apple Configurator, see here.

Meraki Systems Manager provides administrators the ability to mass enroll and supervise devices using Apple Configurator, a macOS application. Apple Configurator 2 allows for mass configuration of iOS 9+ devices while physically connected to a Mac computer. A USB hub can be used to configure dozens of devices at once. Follow these links to download the application, and view more Apple Configurator documentation.

With Apple Configurator 2.0 or later, Apple has allowed the use of the Device Enrollment Program (DEP) for automatic enrollment into Meraki Systems Manager, which can be used to speed up the process into a no-touch experience for mass enrollment of devices. Alternatively, if your iOS devices are not in Apple's DEP, you can use the manual enrollment method by configuring your Systems Manager MDM Server in Apple Configurator via enrollment URL. This article will cover both Apple Configurator 2 MDM enrollment options in detail: DEP automatic enrollment method and manual enrollment URL method.

iOS devices that are using Apple's Device Enrollment Program (DEP) can be supervised and enrolled over-the-air anytime they are factory reset. DEP is the best way to permanently force your devices to be owned and managed by your organization, and it is important to assign your DEP settings properly before deployment.

Device Supervision

During the enrollment process, it is possible to supervise iOS devices. Supervision enables many additional features including restrictions, which you can find listed in the Meraki Dashboard under Systems Manager > Manage > Settings > Restrictions > iOS restrictions (supervised).

If your iOS devices are not currently Supervised, they will be required to be factory reset to become Supervised. Therefore, it is recommended to Supervise devices (if desired) prior to performing any configuration or providing the device to users. Supervision steps are covered in detail in the guide below.

Prerequisites

  • Apple Configurator 2.0 or greater

  • macOS 10.11.0 or greater

  • iOS device(s) powered up and physically connected to Mac

  • The Mac and iOS device(s) are not locked

  • Internet access with unblocked access to Apple and Meraki Systems Manager

    • Refer to Help > Firewall info for a list of ports and IP addresses

  • For Automatic enrollment: iOS devices must be in Apple’s DEP program

Access to the internet is critical to the enrollment process. If an iOS device is not able to contact Meraki Systems Manager when trying to enroll, it will be unable to complete the process and/or receive any additional profiles and apps.

Apple configurator 2 manual pdf

Apple Configurator 2 - Automatic Enrollment

Automatic Enrollment through Apple Configurator only works on iOS devices that are in Apple’s Device Enrollment Program (DEP), and allows you to pre-provision wireless settings on devices to seamlessly enroll during the device's setup assistant. Please be sure to add your Apple DEP account to Meraki Systems Manager before beginning this process, and ensure your devices are visible in Systems Manager > Manage > DEP.

If you are not using Apple's DEP, please follow the steps for the 'Apple Configurator 2 - Manual Enrollment'.

  1. Open your Meraki Dashboard and go to Systems Manager > Manage > DEP.

  2. Checkmark the devices you want to assign DEP settings.

  3. Click on Assign settings:

  4. Configure your preferred DEP settings:

    Allow pairing: allow devices to connect to computers via USB cable.

    Supervise: allow device to become supervised by your organization.

    Mandatory: force device to always enroll in your Systems Manager network upon inital setup (when first powered on, or factory reset).

    Removable: If unchecked, the “Meraki Management” enrollment profile will not be visible for end users to remove on the iOS device in Settings > General > Device Management. Unchecking this prevents end users from un-enrolling themselves from Meraki management later.

  5. Click Assign x device(s) -- x is the number of devices that will receive these DEP settings. Now you will see these devices change to have an orange “Assigned” status next to it. The device is currently waiting to be turned on for the first time, or to be factory reset so it can receive these DEP settings.

  1. Now, you are ready to use Apple Configurator 2. Highlight the devices you want to automatically enroll in Apple Configurator 2 and click on Actions > Prepare…

  1. Choose Configuration: Automatic Enrollment. Click Next.

  2. Upload a wireless profile, so the iOS device(s) can connect to a SSID in range so iOS devices can automatically configure with Apple and Meraki.

    To create a wifi profile in Apple Configurator 2, go to File > New Profile, and add your wifi settings. Save this profile so you can upload it here.
    It is necessary to add a wifi profile during this step so each iOS device can communicate to Apple and Cisco Meraki to complete the automatic DEP settings assignment and Meraki Systems Manager enrollment.

  3. If your Meraki Systems Manager enrollment requires Active Directory authentication, input your domain credentials here. If not, leave these fields blank and click Prepare.

  4. Apple Configurator will now download the latest iOS version from Apple and install it on the connected devices. Be patient while the latest iOS version downloads and installs.

  5. Your devices will now be at the 'Hello' initial iOS setup screen. These devices now contain the wifi profile as well as the Meraki Management enrollment profile. These devices will skip the steps chosen in Step 4. Once these devices are at their homescreen, they can have apps and profiles installed through Meraki Systems Manager. All your devices can now be managed in Systems Manager > Configure > Clients.

At this point, the automatic enrollment process is complete - your devices are now managed and ready to be distributed to end users!

Configurator

Apple Configurator Profile

Apple Configurator 2 - Manual Enrollment

Manual Enrollment is the way to enroll iOS devices not in Apple’s Device Enrollment Program (DEP). First we will cover how to setup your Meraki MDM server in Apple Configurator. Then, Apple Configurator will factory erase the devices to prepare them with supervision and Meraki Systems Manager enrollment.

  1. Go to Apple Configurator 2 in the menu bar and choose Preferences...

  2. Click on the Servers tab.

  3. Click the “+” to add a new server.

  4. Define your MDM Server:

    • Name: Any name you choose.

    • Hostname or URL: Enrollment URL copied from your Meraki Dashboard found in Systems Manager > Manage > Add Devices > iOS > Apple Configurator > Enrollment URL (AC2+)

  5. Click Next.

    If you see the following error regarding “unsupported URL” do not be alarmed. Click Next again.

  6. Leave the Enrollment Profile and Trust Profile empty and click Next.

  7. You have now successfully configured your Systems Manager MDM Server. Close this window and now you can complete the enrollment using this MDM Server.

  8. Plug your iOS devices to this Mac. Highlight the device you would like to enroll and go to the menu bar and choose Actions > Prepare...

  9. Choose Configuration: Manual. Click Next.

  10. Choose your Meraki MDM Server (set up in Steps 1-7). Click Next.

  11. Choose if you would like the devices Supervised by your organization. Choose if you would like to allow pairing with other computers. Click Next.

    Supervision will allow many additional restrictions to be added to devices in Meraki later. Supervision helps keep your iOS devices managed by your organization.
    The 'pair' option will not allow these iOS devices to connect to other computers via USB cable. If you do not allow pairing here, they will be undetectable to other computers via iTunes, Apple Configurator, or any USB detection.
  12. Choose the Organization that you want to have Supervision of these devices. Click Next.
  1. Choose what steps you would like the iOS initial setup assistant to skip. Then click Prepare.
  1. Apple Configurator will now download the latest iOS version from Apple and install it on the connected devices. Be patient while the latest iOS version downloads and installs. All devices will now be prepared with these settings, which requires a device factory reset. All data saved on the device will be lost.
  2. Now, your devices will be at their iOS initial setup assistant 'Hello' screen. You will need to configure each iOS device from here one by one, just so it can connect to wifi and receive the enrollment profile. Slide to set up.
  3. Choose a wifi network in range.
  4. Now you should see a screen asking if you want to accept the automatic configuration. Apply configuration here and you will be enrolled in Systems Manager and your enrollment will go through.

Apple Configurator 2 For Windows 10 Download

The iOS device will skip all the steps chosen in step 13 of this guide. Accept the Apple terms & conditions, and now your device will be at the homescreen. It is now enrolled in Meraki Systems Manager where you can install apps and profiles remotely. Look for this client in Systems Manager > Monitor > Clients, and begin management!