Connect your devices

Not every step here applies to you. Use the sections below to find what you need.

What is MDM?

An MDM system lets you manage all your company's devices from one place. You can configure settings, push software, enforce security rules, and wipe lost or stolen devices without touching each device individually.

deeploi is an MDM platform built for companies without a large IT team. It handles device setup, software management, and security policy enforcement through the deeploi dashboard.

What are the main benefits?

BenefitWhat it means for your team
Saves time on setupNew devices are configured automatically. Software and updates deploy to multiple devices at once instead of one by one.
Full device visibilitySee every device in your company — its owner, OS version, installed apps, and current condition — from a single dashboard.
Enforced security standardsSet password policies, restrict software installation, and enable disk encryption across all devices. Lost or stolen devices can be locked and wiped remotely.

What do I need to set up?

If you have Apple devices (Mac, iPhone, or iPad), start with Apple Business Manager. It handles automatic enrollment and Apple ID decisions. If you have Macs, also roll out FileVault. If you have Windows laptops, roll out BitLocker. Every setup ends with employees connecting their devices at start.deeploi.io.

How do I set up Apple Business Manager?

Apple Business Manager connects your Apple devices directly to deeploi so new devices arrive pre-configured and ready to use, without manual setup by your IT team.

What does ABM enable?

BenefitWhat it means
Automatic MDM enrollmentNew Apple devices connect to deeploi automatically when powered on. No manual configuration needed.
Better first-day experienceEmployees unbox and set up the device themselves while company policies and apps are already in place.
Volume app licensesPurchase app licenses in bulk through Apple's Volume Purchase Program (VPP) and deploy them centrally to devices via deeploi.
Device ownership protectionDevices registered in ABM cannot be locked by a personal Apple ID, keeping company devices under company control.
Clear ownership recordApple treats ABM-registered devices as belonging to the company, not the employee, regardless of who has the device.

How do I register for Apple Business Manager?

Registering for Apple Business Manager takes a few days. Most of that time is Apple verifying your company. Prepare your D-U-N-S number before starting.

Step 1: Get a D-U-N-S number

A D-U-N-S number is a unique business identifier Apple uses to verify your company. If you do not have one, apply at dnb.com. Processing typically takes a few business days.

Step 2: Register with Apple Business Manager

Once you have your D-U-N-S number, complete the registration at business.apple.com. Apple's full registration guide is at support.apple.com.

When entering a contact person during registration, use a real first and last name. Job titles like "IT Coordinator" or "Apple Provisioning" are rejected by Apple's verification team.

Step 3: Wait for Apple's confirmation

Apple reviews your submission after you apply. This typically takes several days. You cannot proceed until Apple confirms your account.

Step 4: Add deeploi as an administrator

Once your ABM account is active, add deeploi with the following details:

FieldValue
First namedeeploi
Last nameadmin
Managed Apple ID usernamedeeploi
RoleAdministrator
Email addresscustomer_admin@deeploi.io

How do I configure Apple IDs?

Apple IDs are not required for most deeploi setups. deeploi handles app installation, updates, and deployments centrally, which means employees typically do not need individual Apple IDs or App Store access.

When might you need Apple IDs?

Consider enabling Apple IDs only if one or more of these applies:

SituationRelevant?
Employees need App Store access for apps deeploi cannot installPossibly
iCloud backups, Apple Wallet, or other Apple services are requiredPossibly
You need to manage Apple IDs centrally across your organizationPossibly

If none of these apply, skip Apple IDs entirely.

What are the two types of Apple ID?

TypeWhat it isWho controls it
Managed Apple IDCreated and managed through Apple Business ManagerYour company, via deeploi
Personal Apple IDCreated by each employee individually using a personal or business emailThe employee only

Managed Apple IDs

Centralized control and simpler IT support — but with notable limitations:

ProsCentralized access management, created automatically for employees, restricts personal Apple services
LimitationsNo App Store downloads, no iCloud storage upgrades, no Apple Wallet (apps requiring Apple Pay, like Moss, will not work), FaceTime and TestFlight do not work

Personal Apple IDs

Employees create and manage personal Apple IDs themselves. deeploi cannot access or manage them.

Security risk Personal Apple IDs can bypass IT controls and introduce compliance risks. If a device is not registered in Apple Business Manager, a personal Apple ID can block remote device resets, and deeploi cannot adjust configurations in an emergency.

Which type fits your situation?

If you need to...Recommended type
Access App Store apps not available through deeploiPersonal Apple ID
Use iCloud backups or Apple WalletPersonal Apple ID
Use FaceTime, TestFlight, or other Apple-exclusive appsPersonal Apple ID
Manage Apple IDs centrally for your organizationManaged Apple ID

Not sure? Contact hello@deeploi.io to discuss your requirements.

How do I set up Managed Apple IDs?

Managed Apple IDs require Apple Business Manager. Email hello@deeploi.io to enable this for your workspace. deeploi will enable Managed Apple ID creation and walk you through the domain confirmation step with Apple.

Before you start, read Apple's domain capture guide at support.apple.com. The domain confirmation process is complex, and Apple restricts deeploi's access during it.

This cannot be reversed. Once Managed Apple IDs are enabled, employees who used their business email for a personal Apple ID receive an email from Apple with 30 days to either transfer their Apple ID to a personal email address or convert it into a Managed Apple ID. After migration, deeploi cannot force employees to sign out of their personal Apple ID.

When migration emails go out, employees should transfer to a personal email if they use the account for personal photos, purchases, Apple Pay, or Family Sharing. Conversion to a Managed Apple ID is appropriate if the account was used only for work.

Use the template below to communicate the change before Apple's migration emails go out. Replace hello@deeploi.io with your own IT contact address.

What should I tell employees when switching to Managed Apple IDs?

Subject: [Action required] Migration to Managed Apple IDs

Hello everyone,

We will soon be switching to Managed Apple IDs for all company accounts.

What does this mean? Managed Apple IDs are created and managed centrally by your company. This increases overall IT security. Some features available on personal Apple IDs will no longer be available, including Apple Pay and Family Sharing. More information is available at Apple's Managed Apple ID guide.

What do you need to do? If you created a personal Apple ID using your company email address, Apple will send you an email asking you to take action within 30 days. You have two options:

  1. Transfer the Apple ID to a personal email address so the account stays yours.
  2. Convert the Apple ID into a Managed Apple ID. This transfers ownership of the account and its data to your company.

If you have not created an Apple ID and are not signed in with one on your device, you do not need to do anything.

What do we recommend? Transfer to a personal email address if you use the account for:

  1. Personal photos or private data
  2. App, music, or movie purchases
  3. Apple Pay
  4. Family Sharing or shared subscriptions

Convert to a Managed Apple ID if the account is used mainly for:

  1. Work on company devices
  2. Accessing company services

You may need to disable Apple Pay or end Family Sharing before transferring. See Apple's instructions.

Option 1: Keep a personal account

  1. Back up your data (iCloud content, photos, notes, passwords).
  2. Create a new personal email address if needed.
  3. Open the email from Apple and click the link.
  4. Choose to transfer your Apple ID to your new email and follow the steps.
  5. Sign out of your Apple ID on your work devices.
  6. Sign in with your Managed Apple ID using your business email. If SSO is enabled, use your regular password.

Option 2: Convert to a Managed Apple ID

  1. Back up your data (iCloud content, photos, notes, passwords).
  2. Adjust settings if needed (see Apple's guide).
  3. Open the email from Apple and click the link.
  4. Choose the option to transfer the Apple ID to your company.
  5. Sign in with your business email when prompted.

Contact us at hello@deeploi.io if you have any questions.

Best regards, [Your name]

How do I set up Personal Apple IDs?

Employees create Personal Apple IDs themselves. Include an Apple ID creation guide in your onboarding materials so employees know how to set up an account using their business email.

How do I roll out FileVault on Macs?

FileVault encrypts the hard drive on Mac devices so that data is unreadable without the correct password. deeploi enables it remotely across your fleet once you give the go-ahead.

FileVault may cause a slight delay during system startup while the encrypted drive unlocks. This is normal.

How does the rollout work?

Once you request the rollout, deeploi enables FileVault on all connected Mac devices. Employees then complete one to three steps:

  1. Notification. Employees receive a prompt explaining that FileVault will be enabled on their Mac.
  2. Encryption initialization. The device encrypts its hard drive. Employees set their password when prompted. They can continue working during this process.
  3. Restart or log out. Employees must log out and back in, or restart, to complete the setup. This step is required for the device to appear as encrypted in the deeploi dashboard.

Recovery keys deeploi can only store recovery keys for devices where FileVault was enabled through the deeploi rollout. If an employee already activated FileVault independently before the rollout, their recovery key was not transferred to deeploi and cannot be retrieved through deeploi if needed.

How do I request the FileVault rollout?

Email hello@deeploi.io. deeploi will confirm the scope and start the rollout.

How do I roll out BitLocker on Windows laptops?

BitLocker encrypts the hard drive on Windows devices so that data is unreadable without the correct authentication. deeploi enables it remotely across your fleet once you give the go-ahead.

BitLocker may cause a slight delay during system startup, as authentication is required before the encrypted drive unlocks. This is normal.

How does the rollout work?

Once you request the rollout, deeploi enables BitLocker on all connected Windows devices. Employees then complete one to three steps:

  1. Notification. Employees receive a prompt explaining that BitLocker will be enabled on their device.
  2. Encryption initialization. The device encrypts its hard drive in the background. Employees set a password or authentication method when prompted.
  3. Restart or log out. Employees must log out and back in, or restart their device, to complete the setup.

How do I request the BitLocker rollout?

Email hello@deeploi.io. deeploi will confirm the scope and start the rollout.

How do employees connect their devices?

Employees connect their device at start.deeploi.io after you invite them. To add more devices after your initial rollout, email hello@deeploi.io. deeploi will walk you through the process in a short meeting.

What does connecting a device enable?

CapabilityWhat it means
Central device overviewSee all connected devices in the dashboard — owner, OS version, condition, and status
Software deploymentUse bundles to push apps to all connected devices at once and keep them automatically updated
Security policies and MDMSet password rules, enable encryption, and lock or wipe lost or stolen devices remotely

Which devices can be connected?

deeploi supports macOS, Windows, and iOS devices. Each device must be a company-owned work device. Privately owned devices should not be enrolled.

What does the employee need to do?

When you add a device to deeploi, the employee receives an email with setup instructions. They follow the steps on their device — the process takes about 10 minutes for macOS or Windows, and about 5 minutes for iOS. deeploi pushes the required configuration and apps automatically after they complete the steps.

Employees can find their step-by-step setup guides in the Employee section of this documentation: Set Up Your MacBook, Connect Your MacBook to deeploi, Set Up Your Windows Laptop, and Connect Your iPhone or iPad to deeploi.

What's Next

Device Registration Reminders

How to remind employees who haven't completed device setup yet.

Onboard an Employee

Submit the onboarding form and get a new employee's accounts ready before their first day.