Breadcrumbs

Configuring and Utilizing Zero-Touch Provisioning (ZTP) for Apple and Windows Computers

Introduction

Zero Touch Provisioning (ZTP) automates device setup, eliminating manual configuration and reducing errors and saving time.

When employees receive new devices, they simply power on, complete standard out-of-box setup, and create an account. The MDM is automatically installed, applying security policies and required applications.

This ensures consistent, secure device configuration while minimizing downtime and improving scalability. ZTP frees your team to focus on strategic priorities instead of repetitive setup tasks.

Electric’s Zero-Touch Provisioning (ZTP) Offering

Below you will find instructions to configure and utilize zero-touch provisioning for Apple and Windows devices.

Once zero-touch provisioning is configured and you purchase a device from our hardware storefront, it will appear first as an Asset in the Electric portal until the Electric Desktop App is activated on that device.

When the employee receives the device they will go through the standard out-of-box experience to set up their device and create a user profile. From there, MDM will be automatically installed along with the Electric desktop app, our default security policies and any applications or settings you requested be installed during ZTP configuration.

To complete the process, the employee simply needs to log into the Electric desktop app for the device to be assigned to them in the Electric platform and the device begins reporting under Security > Device Management.

Please note: If the new device is not purchased via our Hardware Storefront, there will be no Asset created in Electric platform. The device will not appear until the employee has installed MDM and signed in to the Electric Desktop App.

ZTP for Apple Devices

If you are unfamiliar with Apple zero-touch provisioning we recommend reading our explainer article here: https://support.electric.ai/electricithub/what-is-zero-touch-provisioning-for-apple-devices

Prerequisites for Apple Zero-touch Provisioning

Before configuring zero touch provisioning, you must have an active Apple Business account.

An Apple Business account is essential for device management because it allows your organization to purchase, assign, and remotely configure Apple devices at scale. Without it, you cannot automatically enroll devices in Electric’s MDM or deploy corporate policies during the initial setup process.

Please follow these steps to enroll in ABM:

  1. Follow these instructions: How to Enroll in Apple Business (can take 3-5 business days)

  2. You will need a D-U-N-S Number to create an Apple Business account:

    1. Check to see if you already have a D-U-N-S Number

    2. Get a free D-U-N-S Number (3-4 weeks)

    3. Get an expedited D-U-N-S Number for $229 (4-5 days)

  3. Device Management configured in the IT Hub. If you haven’t yet, follow these instructions: Enable MDM (Mobile Device Management (3-5 minutes)

ZTP is not a retroactive process.

Zero-Touch Provisioning (ZTP) is a deployment workflow designed to automate your device setup. It ensures that the Electric JumpCloud MDM is enrolled and your required apps are installed the moment a user turns on their machine.

When will ZTP apply?

For ZTP to work, the device must be registered in your Apple Business portal and assigned to the Electric JumpCloud MDM server. Additionally, ZTP only triggers during the Setup Assistant (the "Hello" screens where you select Language and Wi-Fi).

  • New Devices: Automatically applies ZTP when the device is powered on.

  • Existing Devices: Only applies ZTP after a full factory reset (Erase All Content and Settings).

Pro Tip: If a device was set up manually without ZTP, it must be wiped to the "Hello" screen to trigger the automated enrollment workflow.

Note: If your device is already set up and you need ZTP features applied, the device must be wiped and restarted from the "Hello" screen.

Configure Zero-Touch Provisioning for Apple Devices

Please note: the current process is not yet fully self-service and requires some manual cooperation from your team to complete all steps listed below.

While we're working toward complete automation, certain steps still need manual coordination between you and Electric to ensure proper device configuration and deployment. We appreciate your collaboration during this transition period as we continue to streamline the experience!

If you need any dedicated support for this process, please reach out to the product support team via email to schedule a time to walk through the processes on a screen share call.

Connect Apple Business to Electric IT Hub

  1. Sign into Electric IT Hub https://my.electric.ai/settings?tab=device

  2. Select Settings > Device Management on the left nav bar

  3. Find and select Connect ABM

  4. Sign in to Apple Business with an Administrator or Device Enrollment Manager account

    1. Note: if you have never visited some of the following pages in Apple Business, you may encounter some Get Started or Set Up prompts. This is completely normal behavior, and you can click to continue.

  5. Click on Devices on the top nav bar > click on Inventory on the left nav bar > select Customer Numbers.

  6. Click Add to enter a new reseller

  7. In the dropdown menu, select Reseller ID and enter the Electric Reseller ID for US domestic purchases: 16210800

  8. Click your Company Name in the top right corner and select Settings

  9. Find the Organization ID (Org ID) and Copy it

  10. Navigate to the Electric IT Hub and take the following actions:

    1. Check off the checkbox for “Yes, Electric has been added as a third party reseller within the ABM service”

    2. Paste the Apple Organization ID into the required field in the IT Hub and Save

Email Electric Support for a PEM file

To kick off the Zero-Touch Provisioning Process, you will need to work directly with our support team. Send an email support@electric.ai with the subject line of “CustomerName - Apple Zero-Touch Provisioning Request” and let them know you are ready to configure zero-touch provisioning for Apple Devices.

Once we receive the request, the Support team will share a PEM file you will need to use within the instructions below.

Configure zero-touch provisioning (ZTP)

Sign in to Apple Business with an Administrator or Device Enrollment Manager account

  1. Add the Electric Jumpcloud MDM to Apple Business

    1. Click on Devices on the top nav bar > click on Management Services on the left nav bar > select Customer Numbers

    2. Select Add and choose Connect External Device Management and Continue

    3. Name the Server Electric / JumpCloud

    4. DO NOT Check the box that says “Allow the device management service to release devices.”

    5. Upload the .pem certificate provided to you by Electric

    6. Click Next, then click Download Token

    7. Save this file and send it back on the ticket with Electric

    8. Electric will confirm once the handshake is completed on our end

  2. Set Electric Jumpcloud MDM as the default device assignment for ZTP

    1. Stay in the Devices section and go to Default Device Assignment.

    2. Click the link/button for "Automatically assign devices to your preferred device management service."

    3. For each category (Mac, iPad, iPhone), select Electric / JumpCloud from the dropdown menu.

    4. Click Save from the dropdown menu.

  3. Set a calendar reminder for 11 months from today

    Apple tokens expire exactly 365 days after generation, and renewing a few weeks early prevents any enrollment gaps during new employee onboarding.

  4. Identify and Request Default App Installations

As part of zero-touch provisioning, certain applications can be installed by default when a device is enrolled in Electric Jumpcloud MDM and set up for the first time.

Here is a list of supportable apps. Review and send a request to Electric support sharing the applications you would like to have deployed automatically as part of zero-touch provisioning.

Note: Moving forward, any device purchased through Electric (or an authorized reseller linked to your Org ID) will automatically deploy JumpCloud upon connecting to WiFi and the requested default apps will be automatically installed. 

  1. Assign all existing devices in Apple Business to the Electric Jumpcloud MDM

If you have already had Apple Business you will need to reassign those devices to the Electric MDM Server.

IMPORTANT: due to the fact that adding existing devices on newer operating systems to a new server will re-enroll the device into the new Electric MDM Server, we recommend not taking this step until you are ready to start enrolling all employee’s devices. This is the final step you should take once you are ready to deploy Jumpcloud MDM to your team.

  • For Older OS Versions: Follow Electric’s standard MDM enrollment workflow to get these devices onto Electric Jumpcloud MDM.

  • For Modern OS Versions (iOS/macOS 18+): Follow Electric’s standard MDM enrollment workflow to get these devices onto Electric Jumpcloud MDM, but note that Apple now supports device migration without a factory reset.

    • When reassigning in ABM, you will see an option to Add Deadline.

    • Once the assignment is synced to your new MDM, the user will receive a notification on their device to restart and re-enroll in the new MDM.

  1. Click on Devices on the top nav bar > click on Inventory on the left nav bar

  2. You can search for specific serial numbers or use filters to select multiple devices at once.

  3. Click the More (three dots) button at the top of the list and select Assign Device Management.

  4. Choose New MDM: From the drop-down menu, select the Electric MDM Server and click Continue/Confirm.

Quick Tip: If you have existing devices that were purchased before this setup, you can add devices to your Apple Business portal by following Apple’s instructions here: Add devices using Apple Configurator to Apple Business. This typically involves factory resetting the device, so we recommend doing so when retrieving a used device you will be recycling to a new employee.

Annual Maintenance: Renewing your Zero-Touch Provisioning Token

  1. Sign in to Apple Business with an Administrator or Device Enrollment Manager account

  2. Click on Devices on the top nav bar > click on Management Services on the left nav bar

  3. Locate and click on the Electric / JumpCloud server you created previously.

  4. Click the three dots (...) or the Download Token button at the top of the server details page.

  5. A prompt will appear; confirm by clicking Download Server Token.

  6. Send an email to support@electric.ai with the subject line of “CustomerName - Apple Zero-Touch Provisioning Renewal” and share the new token with them. Our team will upload the token into Jumpcloud and confirm once complete.

  7. Set a calendar reminder for 11 months from the day you renewed the token. Apple tokens expire exactly 365 days after generation, and renewing a few weeks early prevents any enrollment gaps during new employee onboarding.

Screenshot 2026-05-07 at 10.26.09 AM.png

End-user Apple Zero-Touch Provisioning Experience

ZTP for US Domestic Apple Orders

When the device arrives, your employee will go through the standard Apple out-of-box experience, but they get to skip the MDM enrollment, security policy deployment and app installation steps.

This dramatically decreases the time it takes for them to get up and running and ensures they are set up with the security and tooling they need to hit the ground running.

ZTP for International Apple Orders

When placing an order for an Apple device internationally, Electric will work with a vendor in that country to purchase the device. Once we have placed the order, we will email you back the Reseller ID of the local provider. You must add that Reseller ID to Apple Business portal for ZTP to trigger. 

ZTP for Windows Devices

Windows zero-touch provisioning is available to customers on our Pro plan when purchasing a Windows device through our hardware storefront.

Unlike Apple devices, the ZTP is not automatically applied to a purchased devices—our procurement partner needs to trigger a workflow that initializes zero-touch provisioning for an individual device.

Configuring Zero-Touch Provisioning

As part of zero-touch provisioning, certain applications can be installed by default. Here is a list of supportable apps.

To configure Windows zero-touch provisioning, send an email support@electric.ai with the subject line of “CustomerName - Windows Zero-Touch Provisioning Request” with the list of apps you’d like to have deployed as part of ZTP.

Our team will work to configure those applications and confirm once completed.

Requesting Windows Zero-Touch Provisioning

Please note, Windows Zero-Touch Provisioning requires additional lead time.

Orders may ship faster, but expect delivery in 10-14 days for orders shipping by UPS Ground or 7–10 days for UPS Next Day Air.

Please review the delivery estimates in the Shipping page to ensure timing meets your needs.

Once you have confirmed with our support team that you are configured for Windows ZTP, all Windows devices will be automatically assigned to be provisioned with ZTP. Please note that you can opt-out of Windows ZTP to expedite delivery on the Cart page before checking out to improve delivery timelines.

Screenshot 2026-01-22 at 9.56.32 AM.png

End-user Windows Zero-Touch Provisioning Experience

When the device arrives, your employee will go through the standard Windows out-of-box experience, but they get to skip the MDM enrollment, security policy deployment and app installation steps.

Your employee saves time, while your organization benefits from air-tight device security.

FAQs

  1. Is desktop software application provisioning available for ZTP?

    1. Yes. As part of zero-touch provisioning, certain applications can be installed by default. Here is a list of supportable apps. If you would like any of these installed, please provide a list to support@electric.ai and we will configure those in Jumpcloud.

  2. Is Apple ZTP available for Apple devices if we do not have Apple Business?

    1. No. Per Apple guidelines, ZTP can only be performed on Apple devices via ABM.

  3. Can Apple ZTP be deployed for iPhone, iPads, Androids, tablets, or other non-laptop devices?

    1. No. Electric’s MDM and ZTP only works within the scope of Windows and MacOS supported laptops and desktops at this time.

  4. How do I manage a device that is not registered in ABM, and reset that device so ZTP can work?

    1. Only Apple devices that exist in your ABM portal will ever be eligible for ZTP.

      1. You can add devices to your ABM portal by following Apple’s instructions here: https://support.apple.com/guide/business/welcome/web

    2. ZTP should be configured before the steps of receiving a device back to its storage location – whether it be a warehouse, an admin’s home, or otherwise – and before assigning it to a new employee in order to function as designed.

  5. I see “ZTP not enabled” on a device in the hardware store Cart page. Why is that?

    1. There are a variety or reasons you may see this:

      1. You have not completed the MDM setup steps, which applies to both Apple and Windows OS

      2. You do not have or have not connected your Apple Business account

      3. You have not completed the Apple ZTP configuration steps above.

      4. You have opted out of ZTP for Windows devices.