![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 8%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Microsoft Security | Intune | Enrollment
Registering devices with Intune for management and policy enforcement
To add an iPad to Apple’s Device Enrollment Program (now Automated Device Enrollment, ADE) so it can be managed by Intune, the device must meet Apple’s ADE requirements and then be associated with an ADE token in Intune.
Key points and checks:
- Verify the correct enrollment method
- For organization-owned iPads that should be supervised and fully managed, use Automated Device Enrollment (ADE) via Apple Business Manager (ABM) or Apple School Manager (ASM).
- ADE is recommended for:
- Organization- or school-owned devices
- New devices purchased for the organization
- Supervised mode with full management (software updates, app allow/block, restrictions, kiosks, etc.)
- BYOD/personal iPads should not be added to ADE; instead use BYOD: User and Device enrollment.
- Confirm the device is eligible for ADE
- ADE is intended for new, organization-owned devices purchased through Apple or authorized resellers and assigned to the organization’s ABM/ASM.
- Existing devices that are already in use and not originally purchased under the organization’s ABM/ASM account typically must be enrolled using Apple Configurator or BYOD enrollment, not ADE.
- Use the correct enrollment workflow in Intune
- For ADE (DEP) iPads:
- In Apple Business Manager/Apple School Manager, assign the iPad to the Intune MDM server.
- In the Intune admin center, upload/sync the ADE token and create an Automated Device Enrollment profile for iOS/iPadOS.
- Sync ADE devices so the iPad appears in Intune and receives the enrollment profile.
- Turn on or reset the iPad so Setup Assistant runs and applies the ADE profile.
- The ADE option is appropriate when:
- Devices are owned by the organization or school.
- Supervised mode is required.
- Bulk enrollment is needed.
- For ADE (DEP) iPads:
- If the iPad is personal/BYOD
- Do not try to add it to DEP/ADE.
- Use BYOD: User and Device enrollment instead:
- Create a Device enrollment with Company Portal or Account driven user enrollment profile in Intune.
- Users install the Company Portal and enroll without resetting the device.
- If the iPad is existing org-owned but not in ADE
- ADE is not recommended for existing devices that are already in use.
- Use Apple Configurator enrollment or wipe and re-provision via ABM/ASM if Apple’s requirements are met.
If the iPad does not appear in ABM/ASM or cannot be assigned to the Intune MDM server there, it cannot be added to ADE from the Intune side; it must first be made visible and assignable in Apple’s management portal according to Apple’s rules.
References: