There’s nothing quite like that first-day experience. You crack open a brand-new MacBook, power it on, and within minutes you’re logged in, your apps are installed, and you’re ready to go. No trip to IT. No weird setup screens. No waiting around for someone to hand you a machine that’s already half-configured.
I’ll be honest—I don’t care about any of that. What I do care about is not being the person stuck receiving a stack of new MacBooks, storing them, imaging them, and then walking every new employee through installing our company apps. Selfish? Maybe. But if there’s a way to automate something that reduces unnecessary human interaction, I’m going to take it. After all, I didn’t get into IT because I’m an extrovert.
That’s the promise of zero-touch deployment—with Apple Business Manager (formerly DEP) and Kandji, it’s not just possible, it’s simple.
For the record, I am not paid by Kandji though I did at one time receive a nice tee shirt with a bee on it for signing up. This works with other MDM’s I just happen to like the UI and pricing of Kandji. And obviously the shirt. It’s not just some Hanes Beefy Tee, it’s from Marine Layer.
I guess it is time to get into the advantages of doing things this way.
Beyond the benefits for introverts, new hires enjoy a consistent first-run experience—the joy of unboxing a fresh device that’s already set up, all of which was handled remotely.
To get started, you’ll need to sign up for Apple Business Manager (ABM) using your company’s information—things like address, legal name, and D-U-N-S number. (Don’t ask me what it stands for—I duns know either.)
Once you’re set up, ABM provides you with an Apple Customer Number, which you’ll give to your vendor. In turn, they’ll provide you with their reseller number.
Important note: You don’t have to buy exclusively from Apple.com. For example, our engineers need custom-configured laptops that can take weeks to arrive, so I have our vendor hold pre-built machines in their warehouse. That way, they can ship them out immediately as new hires come on board.
Once your vendor is linked, any new devices they ship on your behalf will automatically appear in ABM. This not only proves your ownership, but also protects you from the nightmare of receiving an Apple ID–locked device from a former employee. From there, you’ll be ready for the next step: directing the devices into your MDM.
In Kandji, you will set up an Automated Device Enrollment (ADE) integration and link it to ABM. From there, you can configure an ADE Library Item to skip unwanted Setup Assistant screens, require authentication, create a local admin account, and much more. Now within ABM, you can specify where you want your devices to route for management. As you can see in the screenshot we are pushing all machines over to Kandji. Other than the Apple Vision Pro. No dorks allowed.
This is the magic moment:
When an employee unboxes a Mac for the first time, it doesn’t feel like a “raw” Apple device—it feels like our device.
- Setup Assistant steps are streamlined (no Apple ID prompt, no unnecessary screens).
- The Mac is assigned to the right blueprint (Engineering vs. bean counters , etc.).
- Apps and security policies start installing immediately.
It’s invisible IT work—and it feels seamless to the employee.
I won’t go into the specifics of Kandji Blueprints here since this is meant to stay MDM-agnostic. I’m sure there are some rubes who prefer clunky UIs and ill-fitting free T-shirts—I’m not here to judge. The point is simple: you define the experience and app stack in your MDM, and that’s exactly what gets pushed to the new user as soon as the device comes online.
When it’s time to return machines to service, the process is just as smooth. You can remotely wipe the device, and when it boots back up, it checks in with Apple Business Manager, recognizes it’s assigned to your MDM, and runs back through the enrollment flow. It’s an elegant, repeatable solution—and a real time saver.
Here’s what this setup buys us:
- Faster onboarding → New hires are productive within minutes, not hours.
- Less IT overhead → No more shipping laptops to IT desks before they reach employees.
- Consistency → Every device meets the same security and compliance standards.
- Flexibility → Remote and hybrid teams can be onboarded anywhere in the world.
In other words: it scales.
Final Thoughts
Rolling out automated Apple deployment isn’t just about efficiency and avoiding conversation—it’s about culture. The first interaction someone has with your company’s tech sets the tone for everything that follows.
With ABM and Kandji in place, we’ve turned what used to be an IT headache into a delightful first-day experience. Employees unbox their Mac, log in, and just… start working. No IT ticket required.
And for us? We get to spend less time manually configuring laptops and more time figuring out why their unplugged monitor isn’t displaying their desktop. That’s a win.
.png)