Standard Operating Procedure (SOP): Automated macOS Device Enrollment via JumpCloud MDM (ADE + ABM + ZTE)
Document Version: 1.0
Author: Karthik G
Date: 30-04-2025
Overview
Automated Device Enrollment Setup (ZTE Group)
Application Deployment to Device Group
Adding Non-ABM Mac Devices to ABM via Apple Configurator
Zero Touch Enrollment (ZTE) Walkthrough
Additional Notes
This document outlines the steps to automate macOS device enrollment into JumpCloud using Automated Device Enrollment (ADE), Apple Business Manager (ABM), and Zero Touch Enrollment (ZTE). It also includes procedures for integrating non-ABM devices and automating software deployment via JumpCloud.
Create a Device Group in JumpCloud:
Name it appropriately (e.g., ZTE Mac Group).
This group will be used to manage all macOS devices onboarded via Zero Touch Enrollment.
Configure MDM ADE in JumpCloud:
Navigate to MDM > ADE in JumpCloud Admin Portal.
Click on Configure macOS.
Under Default Group Association, select the group created in Step 1.
Adjust settings as per organizational policies (e.g., supervision mode, user authentication, skip setup steps).
Click Save.
Create or upload the required software under Software Management in JumpCloud.
Associate the software to the previously created ZTE Mac Group.
This will do the auto installation of the Application as soon as the device comes to JC admin.
Mac running macOS 12.0 Monterey or later
Latest version of Apple Configurator (available on the iOS App Store)
Apple Business Manager account with Admin or Device Enrollment Manager role
The device (Mac) must be erased and at the Hello screen
Install and Open Apple Configurator on iOS device.
Log in using your ABM admin credentials.
Grant necessary app permissions:
Enable Camera.
Ensure Bluetooth is enabled on the iOS device.
In app settings:
Scroll to MDM Server Assignment.
Select Specific and choose your JumpCloud MDM.
Restart the app after configuration.
On a reset/fresh macOS device, stop at the Hello screen.
Bring your iPhone close to the Mac and press Next on Mac.
The Mac will display a pairing code—scan it using your iPhone.
Complete the steps until prompted to restart the Mac.
Now this device will reflect in ABM.
Come to the JumpCloud Admin console click on MDM and scroll down to all the end and click on Sync With Apple make sure you should be able to see the device Serial Number of the Device.
Important step is click on the Sync with Apple and make sure you should not miss it. As this is the main step for ZTE.
After restart, the device will appear under the JumpCloud's Remote Management.
Reference: Apple KB - Use Apple Configurator for iPhone
Reset the macOS device to factory settings.
On boot, wait for the Hello screen.
Proceed with initial setup steps until the Wi-Fi selection screen.
Connect the device to a valid Wi-Fi network.
Wait for the Remote Management screen.
Click "I Understand" on this page.
You'll be directed to the JumpCloud Login Screen.
Enter the user's JumpCloud email and password.
JumpCloud will complete the enrollment process.
The device will now appear in JumpCloud Admin Portal under the defined ZTE device group.
Automated applications will install based on device group association—no manual intervention is needed.
Devices must remain connected to Wi-Fi until the entire enrollment and software installation process completes.
End of Document