I'm currently exploring Apple DEP and I'm wondering if I can use it to lock devices to our company without assigning a Mobile Device Management (MDM) solution. My goal is to be able to clear a device if a user leaves the company, without needing them to reset the phone themselves. I'm a bit lost on how to assign users to devices in the Apple Business Manager (ABM). Any insights would be appreciated!
3 Answers
What exactly are you hoping to accomplish? We utilize ABM independently from DEP, since DEP can impose restrictions on the device, such as requiring whitelisting for all apps. If your devices are corporate-owned, what’s the rationale for only wanting to clear phones without a full reset? Plus, what’s the distinction between "clear" and "reset" in this context?
Yes, you can indeed enroll a device in DEP without an MDM, but using one is highly recommended for better control over the device's features. It makes management a lot easier.
We use Intune as our MDM, but still rely on ABM just to clear the Apple ID from the devices.
You can technically load a device into DEP without linking it to an MDM, but you'll lose the ability to remotely wipe it, since that's an MDM function. If remote wiping is a priority, you definitely should consider using an MDM.
The main reason we're looking into ABM is to clear the registered Apple ID from a device when a user leaves, which is tricky without a comprehensive solution.
We want to clear the Apple ID registration from a phone when an employee leaves, but we don't want to unregister the device itself. Right now, our MDM, Intune, isn't able to clear the Apple ID.