Setting up one iPhone is a breeze. Doing it for five hundred? That’s usually when the screaming starts.
If you’ve ever found yourself staring at a pile of shrink-wrapped iPads while holding a spreadsheet and a USB hub, you’ve likely heard of Apple Configurator. It’s been around for over a decade, yet it’s still one of the most misunderstood tools in the Apple ecosystem. Most people think it’s just a way to shove a wallpaper onto a device or update iOS without using Wi-Fi.
Honestly, it’s way more than that. But it’s also remarkably finicky.
If you don’t know how to use Apple Configurator correctly, you’re basically just making more work for yourself. You might end up with "orphaned" devices that aren't properly supervised, or worse, you’ll realize three months later that you can’t remotely wipe a stolen device because you skipped a single checkbox in the setup wizard. We’re going to look at how this tool actually functions in a modern, 2026-era workplace where Automated Device Enrolment (ADE) is king, but manual configuration still has its place.
Why Manual Setup Still Matters (And Why It Kinda Sucks)
Apple wants you to use Apple Business Manager (ABM) or Apple School Manager (ASM). They want your devices to arrive from the factory already linked to your MDM (Mobile Device Management) server. In a perfect world, you never even touch the hardware.
But the world isn't perfect.
Maybe you bought some iPads from a local retail store because of a budget crunch. Perhaps a donor gave your school twenty used iPhones. These devices aren't in your ABM portal. They’re "unassigned." This is the primary reason you need to learn how to use Apple Configurator. It acts as the bridge. It’s the tool that "shouts" at Apple’s servers to say, "Hey, this specific serial number belongs to my organization now."
The "Supervision" Secret
This is the big one. Supervision is a special state for iOS, iPadOS, and tvOS devices. If a device is supervised, you have way more power over it. You can prevent the user from removing the management profile. You can force software updates. You can even lock the device into a single app (Kiosk Mode).
Without Apple Configurator, you can’t easily supervise a device that wasn't bought through an official enterprise channel. You have to plug it into a Mac running Configurator, wipe it, and check that "Supervise devices" box. It’s a literal gatekeeper for total control.
Getting Started Without Breaking Everything
First, you need a Mac. There is no Windows version. There never will be.
📖 Related: Student Discount on MacBook Air: What Most People Get Wrong
Download Apple Configurator from the Mac App Store. Once it’s open, you’ll see a mostly blank grid. The moment you plug in a device via USB, it pops up like a digital ghost.
The interface is deceptively simple. You’ve got "Prepare," "Update," "Restore," and "Actions." Most of your time will be spent in the "Prepare" menu. This is the heavy lifting. When you click Prepare, you're faced with a choice: Manual or Automated Enrollment.
If you’re trying to get a "found" or "donated" device into your company’s MDM, you choose Manual Configuration.
The Blueprint Strategy
Stop configuring devices one by one. It’s a waste of time.
Blueprints are the secret sauce. Think of a Blueprint as a "template" or a "ghost image" for an iPhone. You create a Blueprint, name it something like "Staff iPad - Sales Team," and then you record all the actions you want to happen.
- You want the latest version of iPadOS? Add that to the Blueprint.
- You want a specific Wi-Fi profile? Add it.
- You want to skip the "Siri" and "Screen Time" setup screens? Toggle those off.
Once the Blueprint is saved, you just drag and drop it onto any device you plug in. It’s satisfying. It’s fast. It’s how you handle fifty devices in an afternoon without losing your mind.
The Most Frustrating Part: Adding Devices to Apple Business Manager
This is where most IT admins get stuck. You have the iPad. You have the Mac. You have the USB cable. You click "Prepare," you check "Add to Apple Business Manager," and then... error.
To make this work, you need a specific role in ABM—either "Account Manager" or "Device Management Manager." You also need to make sure the Mac is logged into the same managed Apple ID.
When you run the Prepare process, Apple Configurator will "enroll" the device into a temporary holding area in your ABM portal.
- Crucial Detail: The device will stay in a 30-day "provisional" period.
- The Catch: During those 30 days, the user can actually go into Settings and manually remove the management.
- Why? It’s a safety feature. Apple wants to make sure you aren't "kidnapping" devices that don't belong to you. If the device stays enrolled for 31 days, that "remove" button disappears forever. It becomes a permanent part of your fleet.
Dealing with the "Trust This Computer" Nightmare
We’ve all been there. You plug in a device and it asks "Trust this computer?" But the screen is broken. Or the device is locked.
Apple Configurator can’t do much with a device it doesn't "trust." If you’re dealing with a fleet of devices that are already set up, you need a Supervision Identity. This is a digital certificate that lives on your Mac and is shared with the devices.
If you set up a device with Mac A, and then try to manage it with Mac B, Mac B will be locked out. You have to export the Supervision Identity from Mac A (as a .p12 file) and import it into Mac B. This is the kind of stuff they don't tell you in the basic tutorials. If you lose that identity and your Mac dies, you lose the ability to manage those devices via USB without wiping them. Backup your identity. Seriously.
Beyond iPhones: Configurator for Mac
Wait, you can use Apple Configurator to manage Macs? Yes. But it’s weird.
Since the introduction of Apple Silicon (M1, M2, M3, etc.) and the T2 security chip, Apple Configurator has a very specific job for Mac hardware: Reviving and Restoring.
✨ Don't miss: Why My Number Still Matters and the Chaos of Personal Identity Online
If a MacBook Pro's firmware gets corrupted—maybe the power went out during a macOS update—it becomes a very expensive brick. It won't even turn on to the recovery screen. You plug that "bricked" Mac into another Mac running Apple Configurator. You have to use a specific USB-C port (it’s usually the one closest to the hinge on the left side) and a specific key combo to put the dead Mac into DFU (Device Firmware Update) mode.
Configurator will see the dead Mac as a big "DFU" icon. You right-click, hit "Restore," and it reloads the BridgeOS firmware. It saves you a trip to the Genius Bar.
Practical Steps for a Flawless Deployment
If you’re sitting down to do this right now, follow this workflow. Don't skip steps.
- Update Everything: Ensure your Mac is on the latest macOS and Configurator is current. Apple changes the handshake protocols constantly.
- Organize Your Cables: If you’re doing more than five devices, buy a high-quality powered USB hub. A cheap one will drop the connection halfway through a 5GB firmware download, and you'll have to start over.
- Define Your Server: Go to Preferences > Servers and link your MDM (Jamf, Kandji, Mosyle, whatever you use). Use the enrollment URL provided by your MDM provider.
- Create the "Base" Blueprint: Set it to Supervise, Add to ABM, and skip all the "Setup Assistant" fluff.
- The "Wipe" Rule: Always perform a "Restore" (which wipes the device) rather than just an "Update" if you're preparing a device for a new user. It ensures no leftover "ghost" data interferes with the enrollment profile.
- Test One First: Don't plug in thirty iPads at once. Do one. Verify it shows up in your MDM. Verify it’s supervised. If it works, then go wild with the rest.
Real-World Nuance: The Wi-Fi Gotcha
Here is a mistake I see constantly. People "Prepare" a device and tell it to connect to their corporate Wi-Fi. But their corporate Wi-Fi requires a username and password (802.1X) or a certificate.
The iPad can't "see" that Wi-Fi until the profile is installed, but it can't install the profile until it has internet to talk to the MDM. It’s a classic Catch-22.
The fix? Keep a "dumb" Wi-Fi hotspot in your drawer—a basic router with a simple WPA2 password. Use that for the initial Apple Configurator setup. Once the device is enrolled and your MDM pushes the "real" Wi-Fi settings, the device will switch over automatically.
Actionable Insights for the IT Desk
To truly master how to use Apple Configurator, you have to treat it as a utility, not a management platform. It is the "bootloader" for your enterprise.
- Export your Supervision Identity immediately. Store it in a secure password manager or an encrypted drive. If your Mac hardware fails, this file is the only thing that prevents you from having to factory reset your entire fleet to manage them via USB again.
- Use the Apple Configurator app for iPhone (the mobile version) to add Macs to Apple Business Manager. It’s often faster than using the Mac-to-Mac USB method for simple assignments.
- Audit your "Provisional" devices. Check your ABM portal once a month. Ensure those manually added devices have passed their 30-day window so they are officially, permanently "yours."
- Automate the OS update. In your Blueprint, set the "Update iOS" action to "Always." This ensures that by the time the device reaches the user's desk, they aren't immediately prompted for a 2GB download.
Learning the quirks of this tool separates the "I think this is working" admins from the "I know this is secure" experts. It’s tedious, it requires too many dongles, and the error codes are cryptic—but when you need to bring order to a chaotic pile of hardware, it’s the only tool that actually gets the job done.