This article will help you:

IMPORTANT

Contact the Izzy team on Slack or send us a ticket (izzy-support@umich.edu or miworkspace-mac-systems@umich.edu) with the serial number(s) to assign.
- "Hey Izzy team! Please assign GH7D4FKLX3FB for an on-campus build"
Once assigned, it takes about 15min for the change to take effect and you can proceed with the build
Serial numbers never start with "S" and never contain the letters "A", "B", "E", "I", "O", "S", or "Z"; they do contain zeros and ones.

The 'Stage System' field can be found in the top left of https://izzy.dsc.umich.edu/
Enter the serial number and click Stage or Claim
Choose a destination group for this mac and press 'Pair'
Rename the system and verify the Policy Domain
1. Navigate to the computer's Izzy record (use the search within Izzy to quickly find the system you are working with)
2. Click 'Rename'
3. Edit the 'Izzy Name' to include the serial number or some other descriptive text that could easily be used to help locate the computer.
  - MiWorkspace: Please include the uniqname of the primary computer user if this is a dedicated computer.
4. If the system is going to be encrypted with FileVault (which we strongly recommend) Set the Policy Domain to something containing 'ironizzy.' Do this before you continue!
5. Otherwise, please choose the appropriate policy domain.

Unbox the Mac and power it on.
1. If the Mac has already been through 'Setup Assistant,' or otherwise been in-use, it should be wiped-and-reloaded before starting the process.
2. If you are unsure of how to wipe-and-reload a Mac with a current version of macOS, please see the links at the bottom of the page.
Connect to a wired network using the built-in ethernet port, or an Apple branded network adapter for portable Macs.
Advance through 'Setup Assistant.' The first few prompts will help you pick the preferred language and region.
After language and region selections, you should see a 'Remote Management' screen letting you know this Mac will be managed.
Click Continue (or Enroll on Sonoma or later) to proceed.
Once profiles finish installing after enroll, Setup Manager will load and give you a status as to where in the process the setup for the University of Michigan is.

As we download the necessary settings and installers, you will be greeted with a "Getting Ready" display screen.
The Setup Assistant will continue without any interaction
Once finished, you will see you a Continue button, or the process will auto advance after 1 minute.
Managed Software Center will now take over and start installing software titles.

After Managed Software Center has finished, please log in with the "UM-Support" account.

1. If you do not know the default password for this account, please ask the Mac Team in Slack
2. You should not log into the computer with any other account before the UM-Support account.
Verify that software has updated in both System Settings → General → Software Update and Managed Software Center.
If you set an ironizzy, hardened, or other FileVault enabled Policy Domain for this build, FileVault will be silently enabled at login.
1. After Managed Software Center has finished installing any remaining updates, Please reboot the Mac, and verify that the UM-Support account is able to unlock FileVault
2. Unlocking FileVault with the UM-Support account will take you to the Desktop, choose  → "Log Out UM-Support..." to return to the Login Window

All new user accounts should now log in from the Microsoft 365 login screen with a @umich.edu email address and will be automatically added to the list of FileVault enabled users.
After a new user logs in, please reboot one more time to verify proper log-ons and software updates have been applied.

Izzystor restored users might not show up on the boot screen after they log in. If that happens, go to Applications → Utilities → Service Provider Support and run the “Update Preboot (requires restart)” task.
More details on the "UM-Support" and the "UM FileVault Mgmt" accounts can be found here: Izzy-Managed Support Accounts

Instructions on how to wipe-and-reload macOS: