What is True Zero Touch Deployment?

Apple device deployment
By Jon Xavier

One of the biggest benefits of using Fleetsmith over competitors is our deployment process, which allows new devices to set themselves up automatically on first boot without IT having to involve itself. For a fast-growing company, this can save literally hundreds of hours of work each year. We call this "true zero-touch deployment."

Of course, a lot of Mobile Device Management (MDM) providers say they do zero-touch deployment. So what gives? Why do we think our zero-touch deployment is better than theirs?

To answer that, you have to think a little bit about the steps that have to happen every time a new device is set up:

  • Create an account for the user on the device
  • Record device in inventory system
  • Configure the device
  • Encrypt the device and store the encryption key somewhere
  • Install printers, WiFi, and VPN
  • Install all of the apps that the user will need
  • Configure those apps

Traditionally, each step in this process had to be done manually, either by imaging the device, pushing a profile to it with Apple Configurator, or else painstakingly doing this by hand with the new employee. Most device management solutions address some subset of these steps, either making them easier to do at scale or eliminating the work associated with them entirely.

Fleetsmith is the only device manager that handles everything from beginning to end.

We automate the entire deployment workflow so IT can set it up once and then have it happen on every new device automatically. That’s why we call it “true” zero-touch deployment.

Other vendors: MDM + DEP

Only automates steps 2-4

The meaning of the term “zero-touch deployment” is rarely spelled out when you see it used in marketing materials. In practical terms what it usually means is that the vendor has an integration with the Apple Device Enrollment Program (DEP) through Apple Business Manager or Apple School Manager.

With DEP set up, devices you buy from Apple or an authorized retailer will come pre-enrolled with the MDM provider of your choice. This means that the device will check in with that MDM provider the first time it’s powered on and connected to WiFi, allowing the MDM to configure the device to your needs. It will do this automatically without you ever having to be in the same room as the device.

However, you will still have to manually create the user account on each machine. And while you will be able to configure macOS settings, with most MDMs you’re on your own for deploying any 3rd party apps, drivers, and utilities that need to be on the device—often a significant chunk of setup.

So while DEP on its own results in fewer touches, it’s not truly zero touch.

Fleetsmith: IdP + MDM + Apple Business Manager + App Catalog

Automates the entire setup experience.

Like other MDM providers, Fleetsmith is integrated with Apple Business Manager. But we also go beyond other providers by offering a couple unique distinctions: deep integrations with identity providers (IdPs) like Google G Suite and Microsoft Office 365, and the Fleetsmith Catalog, our pre-built library of the most commonly used apps, settings, printer drivers, and security tools.

With our IdP integration, we pull the information needed to create a new local user account directly from your G Suite or Office 365 instance and then set it up automatically. There’s no separate account creation step; you simply assign the device to the user you want and Fleetsmith does the rest.

The Fleetsmith Catalog allows us to deploy software to a new machine as a part of the onboarding process with minimal effort and no special scripting required. You can even configure most apps to your liking from within Fleetsmith—like for example, adding extensions to Chrome.

This represents a significant time savings for most IT departments. Rather than having to set aside a couple hours to configure each new machine, with Fleetsmith you simply order the device from Apple or an official retail partner, assign it a profile and a user in Fleetsmith, and ship it directly to the employee. It will set itself up the first time its powered on.

So that’s the Fleetsmith difference. When we say zero-touch, we actually mean zero-touch. Just unbox, power on, and go.