Add to Device Enrollment Program

I cant even sign in to DEP in configurator

Either can I... I sign in to authenticate, get the veri code for 2 factor, then fails.

Same here. Assuming it's not functional yet.

With AC 2.5 beta 4 I am still not able to add device to DEP..

Anybody managed to make it work?

No luck here either. When I setup my server details it says it cannot verify my enrolment server. BUT when I click edit on the newly added server, it has a list of certificates so it DID find something. Then after trying to prepare manually with apple enrolment server it gets the Provisional Enrollment failed error Network communication error. [MCCloudConfigErrorDomain – 0x80EF (33007)]

I may be missing something here but sounds like it's still a issue or not enabled just yet. Apple Support advised me to wait until iOS 11 Beta 5 as there were some DEP changes but I've tried iOS 11 Beta 8 and configurator 2.5 beta 4 with no luck.

Same problem I keep getting:

Provisional Enrollment failed.

Failed to verify baa cert. [MCCloudConfigErrorDomain – 0x80EF (33007)]

As of 9-15-17 and Apple Configurator Version 2.5 (3F34)

I just updated configurator 2 and got this message. Did you get a resolutiion for the error?

I too just updated to latest Apple Configurator 2.5 (3F60) .. and also getting the same "Provisional Enrollment Error".

There must be something needed to be done in the DEPLOY.Apple.com portal,. because when I login there,.. I'm seeing a new Server named "Devices added by App...." (which must be "Devices added by Apple Configurator" ?)... and it does NOT have a Key or Token... so the Provisional Enrollment might be failing because no Key or Token ?.. I wonder what the correct process is to generate those ?... -jason

I see that as well. Are there new ports that need to be opened for this?

Well, I got mine to work. First thing I had to fix was my wireless. I added a profile to a network that we use here that goes right to the internet without any firewall rules. Someone in Jamfnation posted this (which is how I got it to work for me):

" Updated/Restored iPads to iOS 11 -- a prerequisite action for adding to DEP.

1. In Apple Configurator 2.5
   -> Click Prepare Button
   -> Ticked the Option "Add to Device Enrolment Program"
   -> unticked the automate enrolment (I like to setup from the iPad for a true OTA config).
   -> Created a DEP Wifi profile that uses the MacBook Pro Internet Sharing SSID
   -> Configured the remaining steps relating to supervision and iOS steps (i selected: don't show any).
   -> When it asked for the Apple ID to add to DEP, I chose the account that has the 'Device Manager' or 'Administrator' role in Apple School Manager (ASM).
2. In ASM, go to MDM Server -> Devices added by Apple Configurator 2
   -> Keep an eye on the number of devices added on the "Devices added by Apple Configurator", if it changed from 0, the above action has added the devices into DEP server.
   -> Click on the blue 'download' link next to the device type and quantity added which downloads a csv file.
   -> Open the CSV file, copy the Serial Numbers (first column, row 2 onwards) and use a text editor to format the serial numbers in comma versions, e.g. SN1, SN2
3. In ASM, go to Device Assignment
   -> Put the formatted serial numbers from the text editor in previous step and put them in the Serial Number textbox.
   -> Below, chose the option 'Assign to server' dropdown, and then on the right my institution Jamf Pro MDM server
4. In Jamf Pro, go to Mobile Devices and then PreStage Enrolment
   -> Click on the existing PreStage enrolment or create a new PreStage enrolment
   -> Go to scope & click refresh button
   -> Click edit and assign the iPads that has the modified date: "added less than a minute ago"
5. In Apple Configurator 2.5
   -> Performed another restore onto the iPads and then setup the freshly restored iPad without the Apple Configurator just as you would setup a DEP iPad.
   -> This step was to remove any supervision profiles that was performed during the prepare stages, the idea is to see "Activating iPad" message -- and if you performed step 3 to 5 correctly, you should see "Looking for configuration/Downloading Configuration" and then "Remote Management" screen showing up -- this means DEP is working and applied.

My PreStage enrolment has user authentication to an Active Directory, so when an AD account is used, e.g. a student account, it gets assigned to the iPad record in Jamf along with Department, Job Position, Building info etc, which triggers all the Apps and configuration profiles that has been scoped to the Department/Smart Group.

This has worked pretty well for me. My 2 cents of experience.
(Apologies for the long post)

EDIT: If only there was an option to add MacBook/iMacs to the DEP servers.

Thanks,
Nuno
Pymble Ladies College - Technical Support Officer"

Now I have a device added to DEP!

So Having the same issue as everyone else, I found that the step listed here of "-> unticked the automate enrolment (I like to setup from the iPad for a true OTA config)." was the real key. There was no need to create a WiFi Profile since I too just want to set devices in DEP and then do OTA enrollments. Configurator is just a way to get the device setup in DEP.

I find it REALLY upsetting though that it creates a new Server in the portal specific to configurator and I have to now manually watch and move serial numbers to my default server. Why would it not just assign them to my specificed default DEP server!?!?

Hi,

I had the same problem and i've tried anything in Apple Configurator and i've checked a lot of forum.

I finally found that, after you reinitiliaze the iPAD, if the iPAD is not connected on the wifi and I try to enrolling it manually, i had the error 0x80EF. If I connect the iPAD to the wifi, and retry to enrolling it, it work.

Sorry for my english, I hope it will help you.

I couldn't see how adding wifi to the device would help as the device gets wiped in the activation process.
So i installed an active SIM instead. The phone then activated and appeared in my DEP list!
True, it's not assigned to my server, but that's easy to do.
There is still 1 failure message, but the process worked fine.
Rchalk

Remember to add a Wi-Fi profile to Configurator2! When the device reboots the Wi-Fi profile will be installed to communicate with the configuration server.

Create and edit configuration profiles

Also, remember to rename the default profile (you are creating a new one). Lastly, enter the SSID and password in the Wi-Fi payload dialog.

Failing to configure a profile for Wi-Fi resulted in endless frustration with "Provisional Enrollment failed" "The cloud configuration server is unavailable" "[McCloudConfigErrorDomain - 0x80EF (33007)] errors.