Electric Device Management | Utilizing Zero-Touch Provisioning (ZTP) for Apple and Windows Computers

Introduction

Zero Touch Provisioning (ZTP) automates device setup, eliminating manual configuration and reducing errors and saving time.

When employees receive new devices, they simply power on, complete standard out-of-box setup, and create an account. The MDM is automatically installed, applying security policies and required applications.

This ensures consistent, secure device configuration while minimizing downtime and improving scalability. ZTP frees your team to focus on strategic priorities instead of repetitive setup tasks.

Electric’s Zero-Touch Provisioning Offering

Below you will find instructions to configure and utilize zero-touch provisioning for Apple and Windows devices.

Once zero-touch provisioning is configured and you purchase a device from our hardware storefront, it will appear first as an Asset in the Electric portal until the Electric Desktop App is activated on that device.

When the employee receives the device they will go through the standard out-of-box experience to set up their device and create a user profile. From there, MDM will be automatically installed along with the Electric desktop app, our default security policies and any applications or settings you requested be installed during ZTP configuration.

To complete the process, the employee simply needs to log into the Electric desktop app for the device to be assigned to them in the Electric platform and the device begins reporting under Security > Device Management.

Please note: If the new device is not purchased via the IT Hub storefront, there will be no Asset created in the platform and the new device record won’t appear until it is assigned to an employee or the employee activates the Electric Desktop App that was pre-provisioned by signing in to it.

ZTP for Apple Devices

If you are unfamiliar with Apple zero-touch provisioning we recommend reading our explainer article here: https://support.electric.ai/electricithub/what-is-zero-touch-provisioning-for-apple-devices

Prerequisites for Apple Zero-touch Provisioning

Before configuring zero touch provisioning, you must have an active Apple Business Manager (ABM) account.

Apple Business Manager is essential for device management because it allows your organization to purchase, assign, and remotely configure Apple devices at scale. Without it, you cannot automatically enroll devices in Electric’s MDM or deploy corporate policies during the initial setup process.

Please follow these steps to enroll in ABM:

1. Follow these instructions: How to Enroll in Apple Business Manager (can take 3-5 business days)

2. You will need a D-U-N-S Number to create an Apple Business Manager account:

   1. Check to see if you already have a D-U-N-S Number

   2. Get a free D-U-N-S Number (3-4 weeks)

   3. Get an expedited D-U-N-S Number for $229 (4-5 days)

3. Device Management configured in the IT Hub. If you haven’t yet, follow these instructions: Enable MDM (Mobile Device Management (3-5 minutes)

4. Connected your Apple Business Manager account to the IT Hub in the Settings section. (3-5 minutes)

ZTP is not a retroactive process. It can only be leveraged for devices that exist in the Apple Business Manager portal and after the below configuration steps are all successfully complete in full.

Configure Zero-Touch Provisioning for Apple Devices

Please note: the current process is not yet fully self-service and requires some manual cooperation from your team to complete all steps listed below.

While we're working toward complete automation, certain steps still need manual coordination between you and Electric to ensure proper device configuration and deployment. We appreciate your collaboration during this transition period as we continue to streamline the experience!

If you need any dedicated support for this process, please reach out to the product support team via email to schedule a time to walk through the processes on a screen share call.

STEP #1: [Required] Email Support@electric.ai

To kick off the Zero-Touch Provisioning Process, you will need to work directly with our support team. Send an email support@electric.ai with the subject line of “CustomerName - Apple Zero-Touch Provisioning Request” and let them know you are ready to configure ZTP for Apple Devices.

Once we receive the request, the Support team will share a PEM file you will need to upload into your Apple Business Manager portal along with the detailed instructions below.

STEP #2: [Required] Create Electric MDM Server

You must be a user with the role of Administrator or Device Enrollment Manager in Apple Business Manager to complete the following steps:

• Sign in to Apple Business Manager (ABM) with an Administrator or Device Enrollment Manager account.

• Select your name at the bottom of the sidebar, then choose Preferences.

• Select MDM Server Assignment (or Device Management Service Assignment for older versions).

• Click the Add button.

• Enter a unique name for your MDM server—we recommend “Electric MDM”

• Upload the public key certificate file that was shared by our support team

• Check off the "Allow this device management service to release devices" box and click Save.

• Click the Download button and then select Download Device Management Token.

• Reply to the Electric support ticket with the P7M file that you downloaded.

• Support will then upload this P7M file into Jumpcloud and complete the remaining configuration work and will confirm here once that work is completed.

Please continue on with the next steps while the Electric Support team gets your P7M file uploaded to JumpCloud. The P7M file upload will not block you from completing the below steps.

STEP #3: [Required] Configure Electric Reseller ID

• Click your name at the bottom of the sidebar and select Preferences.

• Select MDM Server Assignment.

• Click Edit next to Customer Numbers.

• Choose the number type from the dropdown menu, enter the number, and click Add.

  • Use Electric’s US Reseller ID: 16210800

• Click Done when finished. 

• IMPORTANT:

  • If you are planning on purchasing hardware internationally, please let me know which countries and we will provide you with a list of additional reseller IDs to add. 

  • In the future, if you wish to purchase a device in a new country, simply reach out to us and we will provide you with that country’s reseller ID to add to your ABM portal.

STEP #4: [Required] Set Default Device Assignment

• At the bottom of the sidebar, select your name, then click Preferences.

• Under Device Management Services, select Device Management Service Assignment.

  • If you see "MDM Server Assignment" instead, click that.

• Click Edit next to Default Device Management Service Assignment (or Default MDM Server Assignment).

  • For ZTP to work on Apple laptops you purchase through our hardware marketplace, you must set the MDM you created for Electric as the default device assignment for Mac computers

  • You must do the same for any other device types (iPhone, iPad, etc.) you wish to be assigned to the MDM you created for Electric.

• Click Save or Done to apply the changes. 

STEP #5: [Recommended] Share Default App Installations

As part of zero-touch provisioning, certain applications can be installed by default. Here is a list of supportable apps. If you would like any of these installed, please provide a list to support@electric.ai and we will configure those in Jumpcloud.

Remember that support team is here every step of the way. If you’re running in to issues or have questions, please work with them directly on you email ticket and we will assist to ensure you are configured correctly.

End-user Apple Zero-Touch Provisioning Experience

When the device arrives, your employee will go through the standard Apple out-of-box experience, but they get to skip the MDM enrollment, security policy deployment and app installation steps.

This dramatically decreases the time it takes for them to get up and running and ensures they are set up with the security and tooling they need to hit the ground running.

ZTP for Windows Devices

Windows zero-touch provisioning is available to customers on our Pro plan when purchasing a Windows device through our hardware storefront.

Unlike Apple devices, the ZTP is not automatically applied to a purchased devices—our procurement partner needs to trigger a workflow that initializes zero-touch provisioning for an individual device.

Configuring Zero-Touch Provisioning

As part of zero-touch provisioning, certain applications can be installed by default. Here is a list of supportable apps.

To configure Windows zero-touch provisioning, send an email support@electric.ai with the subject line of “CustomerName - Windows Zero-Touch Provisioning Request” with the list of apps you’d like to have deployed as part of ZTP.

Our team will work to configure those applications and confirm once completed.

Requesting Windows Zero-Touch Provisioning

Please note, Windows Zero-Touch Provisioning requires additional lead time.

Orders may ship faster, but expect delivery in 10-14 days for orders shipping by UPS Ground or 7–10 days for UPS Next Day Air.

Please review the delivery estimates in the Shipping page to ensure timing meets your needs.

Once you have confirmed with our support team that you are configured for Windows ZTP, all Windows devices will be automatically assigned to be provisioned with ZTP. Please note that you can opt-out of Windows ZTP to expedite delivery on the Cart page before checking out to improve delivery timelines.

End-user Windows Zero-Touch Provisioning Experience

When the device arrives, your employee will go through the standard Windows out-of-box experience, but they get to skip the MDM enrollment, security policy deployment and app installation steps.

Your employee saves time, while your organization benefits from air-tight device security.

FAQs

1. Is desktop software application provisioning available for ZTP?

   1. Yes. As part of zero-touch provisioning, certain applications can be installed by default. Here is a list of supportable apps. If you would like any of these installed, please provide a list to support@electric.ai and we will configure those in Jumpcloud.

2. Is Apple ZTP available for Apple devices if we do not have Apple Business Manager?

   1. No. Per Apple guidelines, ZTP can only be performed on Apple devices via ABM.

3. Can Apple ZTP be deployed for iPhone, iPads, Androids, tablets, or other non-laptop devices?

   1. No. Electric’s MDM and ZTP only works within the scope of Windows and MacOS supported laptops and desktops at this time.

4. How do I manage a device that is not registered in ABM, and reset that device so ZTP can work?

   1. Only Apple devices that exist in your ABM portal will ever be eligible for ZTP.

      1. You can add devices to your ABM portal by following Apple’s instructions here: https://support.apple.com/guide/apple-business-manager/add-devices-using-apple-configurator-axm200a54d59/1/web/1

   2. ZTP should be configured before the steps of receiving a device back to its storage location – whether it be a warehouse, an admin’s home, or otherwise – and before assigning it to a new employee in order to function as designed.

5. I see “ZTP not enabled” on a device in the hardware store Cart page. Why is that?

   1. There are a variety or reasons you may see this:

      1. You have not connected your Apple Business Manager or don’t use ABM.

      2. You have not completed the MDM setup steps, which applies to both Apple and Windows OS.

      3. You have not completed the Apple-specific ZTP configuration steps.

      4. You have opted out of ZTP for Windows devices.