For some years now, we enroll our new IOS devices with Apple DEP. (Directly form hardware reseller not with Apple Configurator).
The whole DEP enrollment is working fine imho. Our Sophos MDM is connected to our AD. So the user is unboxing, starting the ipad en after log in with AD credentials,the device starts en installs the SMC app as part of the enrollment procedure.
Everything is working just fine. BUT, Sophos keeps reporting that te device is not yet managed. Only when you start the SMC app once on the device -> you get the question if SMC can send messages and to use the location. Then the whole proces is completed and the device is fully managed.
But it seems to me that this is an unwanted way of working. Without the remote enduser helping me, by starting the app at least once to force MDM sync. I cannot get a fully managed device. So i'm often forced to mail new users, asking to please start the SMC once to complete the procedure. Are we doing it wrong, or is this Apples way of working?
ive asked this same question, devices do not become fully managed in the console until the sophos mobile control app is opened, ive found no work around for this.