Adding new devices to mobile device management (MDM) systems is never as easy as the advertising claims. After adding 130+ iPads to an enterprise system, I have at least gotten it down to a manageable number of steps producing a reliable result. It can be done, but it is neither simple or easy.
The iPads must be ordered from a vendor that participates in the Apple Deployment program. We have ordered from Verizon, CDW, and Best Buy's corporate sales, with good results. Sign up for Apple Deployment to get a number and give it to the vendor when the order is placed. Then the iPads can be added to the AirWatch MDM (a product of VMWare/Dell) by clicking a button.
Setting up new iPads
Unbox the iPad and charge to 100% using the included adapter and Lightning cable. Do this to make sure none of the components is defective. Use the Defective Return Procedure on Apple.com if anything fails.
Using the Lightning cable, connect the iPad to a Mac running the Configurator 2 app. Optionally, rename the device by right-clicking, selecting “Modify/Device Name” and clicking the “Rename” button after adding the new name. I have been using tokens, added using the “+” button to name the device using Serial, Type, and Capacity tokens. Put blanks between each token and add a unique property number if your organization uses them. This unique name helps identify which device you are working on when setting up multiples.
In Configurator 2, double-click the iPad on the “All Devices” window to open the “About” window.
Click the “Prepare” button at the top of the window,
Set the “Prepare with:” dropdown to “Manual Configuration”.
Check “Supervise devices” and “Allow devices to pair with other computers” and un-check all other boxes.
Select “Do not enroll in MDM” in the “Server:” dropdown and click the “Next” button.
Set the “Organization” box to your previously defined organization name and click the “Next” button.
Change the “Setup Assistant:” dropdown to “Don’t show any of these steps” and click the “Prepare” button.
Confirm the action, if prompted.
Check the iPad and answer any messages related to the preparation.
If certificates are used to connect to a network via Wi-Fi, continue with the next for steps. Otherwise, skip to Step 18.
After preparation completes, which will take a few minutes because a reboot is necessary, click the “Add” button at the top of the Configurator window (or use “Actions”, then “Add” from the menu), and select “Profiles”.
Select the profile you created in the Create a Certificate Profile step and click the “Add” button.
Confirm the action, if prompted. If the confirmation window does not appear, it may be behind the current window – this happens nearly every time on my Mac. Shrink the main screen by dragging and dropping one of the bottom corners until you can see the button to continue.
Check the iPad and answer “Install” and “Trust” messages in the affirmative if necessary.
On the iPad: Go through the Startup Routine.
Then go through the steps to start up the iPad and install AirWatch on a supervised iPad (below).
Startup Routine on the iPad
The following steps may vary but should be substantially similar.
On the iPad, (using a stylus to avoid fingerprints):
Press the “Home” button, select “English”, then “United States” or your unique preferences.
Select “Set up manually”, then choose a default Wi-Fi network
Touch “Mode”, “EAP-TLS”, then “Enter Password”
Touch “Identity”, then select the certificate recently installed, then “Enter Password”
Touch “Join” on the first popup, then “Trust” on the last
Touch “Set Up Touch ID Later”, then “Don’t Use” on the popup
On the “Create a Passcode page, select “Passcode Options”, “4-Digit Numeric Code” and enter a default number twice. (use more secure passcodes if you are smarter than us).
On the “Apps & Data” page, touch “Set Up as New iPad”.
On the “Apple ID” page, touch “Don’t have an Apple ID or forgot it?”, then “Set Up Later in Settings”, then “Don’t Use” on the resulting popup.
Touch “Agree” on the “Terms and Conditions” page.
Touch “Continue” on the “Express Settings” page.
On the “Siri” page, select “Set Up Later in Settings”.
On the “App Analytics” page, touch “Don’t Share”.
On the “Tru Tone Display” page, touch “Continue”.
For “Access the Dock from Anywhere”, touch “Continue”.
On “Switch Between Recent Apps”, touch “Continue”.
At “Welcome to iPad”, touch “Get Started”.
On the desktop, touch “Settings” app.
Touch “Finish Setting Up Your iPad”, then “Finish Setting Up”.
Touch “Set Up Touch ID Later”, then “Don’t Use”.
On “Apple ID”, touch “Cancel” in the upper left corner.
Install AirWatch on a supervised iPad
Before starting the steps on the iPad below, prepare it using Configurator 2 on a Mac (above) On the iPad, Start Safari.
Enter the URL of your organization's AirWatch site.
On the first "Authenticate" window, enter a previously defined AirWatch Organization Group ID.
On “Welcome to AirWatch” window, touch “Continue”.
Type the Username and Password (leave Email User Name and Email Address blank). These credentials must be valid in your home network's active directory (assuming Microsoft), which has been synchronized with AirWatch.
Leave Device Ownership as “Corporate – Dedicated” or set to your standard, and type the Asset Number if applicable.
On the Authentication Successful! Window, touch “Continue”.
Touch “Redirect and Enable” on the “Enable Device Management” window.
On the iPad, a window will appear, touch “Allow”.
Touch the blue “Install” in the upper right corner of the “Install Profile” window that will appear next.
If prompted, enter the passcode you established previously.
Touch “Install” in the popup or popups.
On the Remote Management window, touch “Trust”.
When the Profile Installed window pops up, touch “Done”.
When the iPad returns to the Congratulations page in Safari, close and operate normally.
At this point, the iPad will begin configuring itself the way it is defined in the AirWatch profiles attached to the group selected above.