Analysing Apple DEP and how it enhances EMM

Enterprise technology has always been a target for hackers, so why are IT teams working harder than ever to protect company data? After all, security systems have never been more advanced.

In today’s digital business landscape, cutting-edge technology can be a double-edged sword. Employees enjoy the efficiency and freedom smartphones provide, but attackers are also using these devices to breach enterprise security at an alarming rate. In fact, 86% of IT administrators believe mobile devices are to blame for the rising number of modern IT security risks.

Protecting devices from start to finish

While enterprise mobility management (EMM) software is an ideal mobile security solution, an organization needs more than just product licenses to make it work effectively. Without program-wide visibility and an integrated management platform, it’s almost impossible to ensure user enrolment and compliance. Fortunately, one device manufacturer thought ahead.

Apple made life easier for IT teams everywhere when it rolled out the Device Enrollment Program (DEP). By preconfiguring enterprise-owned iOS devices and automating EMM enrolment, DEP guarantees safe, active devices from the second they’re powered on.

Unlike traditional EMM deployments, DEP doesn’t require a user to manually enrol his or her device—meaning there’s no way to opt out of enrolment or remove specific IT settings. As soon as a device is powered on, Apple identifies its DEP account and redirects it to the appropriate EMM server. Once there, a device profile is created that can’t be removed or deleted by its user.

In addition to creating permanent user profiles, an active DEP account that’s linked to EMM servers can also create administrator accounts that help manage a company’s device enrolment tasks. With an administrator account, enterprise mobility programs can enhance security by assigning new devices to existing user profiles or even automating future EMM server assignments.


DEP certainly maximizes an EMM investment by ensuring user enrolment and compliance, but it can also be a good decision for organizations that lack these comprehensive security solutions. Without EMM, DEP helps organizations provision and manage devices over the air via Supervised Mode, giving programs the ability to disable features like activation lock, iCloud backup, AirDrop, the App Store, iMessage, Game Center, Siri content privileges, content syncing with other devices, and account modifications.

Supervised Mode gives DEP-empowered enterprises other capabilities, too. Without an Apple ID, these businesses can still control employee devices by bypassing activation locks, silently installing or deleting mobile applications, and disabling specific user settings. The ability for end users to do things like restore factory defaults or set up a personal email account suddenly vanishes into thin air.

No such thing as a perfect solution

When it comes to DEP, not everything is sunshine and rainbows. The combination of DEP and EMM is certainly a formidable mobile security force, but that doesn’t mean there aren’t still program gaps and vulnerabilities that exist. For example, DEP-enabled defenses can’t prevent employees from taking screenshots or copying and pasting information stored in business apps/documents.

This program also doesn’t give corporate IT departments the ability to place a passcode or TouchID authentication block on enterprise apps, meaning data could be in danger should a device fall into the wrong hands. Users can also freely download and install iOS updates whether their employers are prepared or not, causing untested systems and apps to malfunction or fail entirely.

While Apple’s DEP isn’t perfect, it empowers EMM software and gives your program extra mobile device controls. Is DEP the perfect security solution for you? Talk to our mobile security experts and find out today.

The post Apple DEP and How It Enhances EMM appeared first on MOBI.

Read more: iOS 11 is coming: Start planning now to drive efficiencies and streamline operations

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.