Deploy 1,000+ Devices with Jamf Pro Zero-Touch

Zero-touch provisioning has transformed enterprise device management. Instead of manually configuring each machine, IT administrators can now ship devices directly to end users — fully configured, secured, and ready to work from day one.

In this guide, I will walk you through exactly how I deployed 1,000+ devices using Jamf Pro and Apple Business Manager, reducing manual setup time by 40%.

What You Need Before Starting

Before beginning your zero-touch deployment, make sure you have the following in place: an active Jamf Pro instance, an Apple Business Manager account linked to Jamf Pro, devices purchased through an Apple Authorized Reseller or directly from Apple so they appear in ABM automatically, and administrator access to both platforms.

Step 1: Link Apple Business Manager to Jamf Pro

The first step is connecting your ABM account to Jamf Pro. In Apple Business Manager, go to Settings and add Jamf Pro as your MDM server. In Jamf Pro, navigate to Global Management and configure the ABM integration by uploading your server token. Once linked, new devices purchased through Apple will automatically appear in Jamf Pro ready for enrollment.

Step 2: Create a PreStage Enrollment

A PreStage Enrollment in Jamf Pro defines how devices are automatically configured when they first boot. Navigate to Computers, then PreStage Enrollments, and create a new profile. Configure the Setup Assistant to skip unnecessary screens, assign your management account, and enable automatic enrollment. This is what makes zero-touch possible — the device enrolls itself without any manual intervention.

Step 3: Build Your Configuration Profiles

Configuration profiles are the building blocks of your device management strategy. Create profiles for security baselines such as FileVault encryption, password policies, and screen lock settings. Build software distribution policies to automatically install required applications like Microsoft Office, CrowdStrike Falcon, and your VPN client. Use Smart Groups to dynamically target devices based on department, location, or compliance status.

Step 4: Test with a Pilot Group

Never roll out a new PreStage Enrollment to your entire fleet without testing first. Start with 5 to 10 devices in a pilot group. Verify that enrollment completes successfully, all required applications install correctly, configuration profiles apply without errors, and the device meets your compliance requirements. Document any issues and resolve them before mass deployment.

Step 5: Deploy at Scale

Once your pilot is successful, you are ready to deploy at scale. Work with your procurement team to ensure all new devices are purchased through Apple Business Manager so they automatically appear in your PreStage Enrollment. For existing devices that need to be re-enrolled, use the Jamf Pro enrollment URL or a wipe-and-re-enroll process.

Results and Key Takeaways

After implementing zero-touch provisioning across 1,000+ devices, we achieved a 40% reduction in manual setup time, near-zero configuration errors compared to manual processes, faster and more consistent secure onboarding across hybrid corporate and manufacturing environments, and significantly reduced workload for the IT support team during device refreshes.

Zero-touch deployment is not just a time-saver — it is a foundation for scalable, secure enterprise endpoint management. Combined with CrowdStrike Falcon EDR implementation for immediate EDR coverage upon enrollment, you have a powerful, automated pipeline that delivers secure, production-ready devices without any hands-on IT intervention.