Skip to main content

macOS Automated Device Enrollment (ADE) – On-Device Setup Flow

When a macOS device is assigned to an MDM server in Apple Business Manager or Apple School Managed portal, the Setup Assistant will appear either when a device is powered on for the first time or when an existing device is erased and set up again. During this process, the device contacts Apple services to retrieve the enrollment profile and automatically enrolls into mobile device management (MDM).

The following sequence describes the standard on-device user experience from the Hello screen until enrollment is completed.

1. Hello Screen

After the device is wiped and restarted, macOS displays the Hello screen.

User actions:

  • Select language and region.
  • Language and region will be autoselected if configured in ADE Profile
  • This configuration will be applied only when the device is connected via Ethernet
  • Choose keyboard layout (if prompted).

2. Network Connection

The Setup Assistant prompts the user to connect to a network.

Requirements:

  • Network connectivity is mandatory for Automated Device Enrollment.
  • The device sends its serial number to Apple activation servers to verify whether it is registered in ABM and assigned to an MDM server.

3. Remote Management

If the device is assigned to an organization through Apple Business Manager or Apple School Manager, the Remote Management screen appears.

Screen Functionality:

  • Displays the organization name and management details.
  • The user selects Enroll to proceed.
  • The device prepares to download the MDM enrollment profile.

4. Enrollment Profile Download

The device downloads the MDM configuration from Apple’s servers.

During this stage:

  • The management profile is installed.
  • Setup Assistant options defined by the administrator are applied.

5. Setup Assistant Configuration Screens

Based on the Automated Device Enrollment profile, macOS may display or skip certain Setup Assistant steps.

Examples include:

  • Login with Apple ID & iCloud
  • Screen Time Setup
  • Siri Setup
  • FileVault Setup
  • AppStore Setup
  • Lockdown Mode Setup

The visibility of these screens is controlled by the administrator’s ADE Profile configuration.

6. Account Setup

The user completes account setup as required by the organization’s configuration.

Possible scenarios:

  • Primary Account Creation (Admin / Standard)
  • Admin Account Creation

7. Application Management

Applications assigned within the Automated Device Enrollment (ADE) profile are automatically installed on the macOS device during enrollment, without requiring any user interaction. This ensures that required apps are available immediately after setup.

Application Deployment Behavior Depending on the configuration and platform behavior, application installation may begin during Setup Assistant or immediately after the user reaches the macOS desktop.

8. Device Initialization

After Setup Assistant finishes, macOS loads the desktop.

Post-enrollment behavior:

  • The device is now fully enrolled and managed by MDM.
  • Default profile policies are installed based on the configuration
  • Auto Installation of SureMDM Agent will be enforced as per the configuration.