Apple's Device Enrollment Program (DEP) allows IT administrators to simplify Mobile Device Management (MDM) enrollment and provide a great out-of-box experience for end-users. But at what point does the simplicity of the enrollment experience compromise security? Depending on the configuration of the MDM server, organizational secrets or other sensitive data may be pushed to enrolled endpoints. What could go wrong if this information ended up in the wrong hands? In this talk we'll explore weaknesses in DEP, as well as alternative approaches that could be used to more strongly authenticate users and devices when enrolled as part of DEP workflows. We'll also discuss ways to protect your organization from these shortcomings, even when using DEP.