If you are sideloading devices via Configurator, then you have additional steps. The sideload injects a retail purchased device into the chain of custody that is ABM. ABM can assign it to an MDM. But then the MDM must have a prestage enrollment and you must erase the device one more time to allow it to discover that it is an institutional device that must enroll using the automated device enrollment workflow.
Here are the broad strokes.
1: You have ABM and an MDM setup. You've created an MDM server in ABM and your exported the DEP token and imported it into your MDM. From above, it sounds like you have succeeded in do this. (As an aside, a similar process is required for the VPP token).
2: You have a retail purchased asset that is not associated to your organization and you use Configurator to side load it. If done from a Mac, the asset is assigned to the "configurator" MDM in ABM and you must reassign it. If done from an iPhone and you selected Specific MDM, then it can be auto associated to your desired MDM. In this case, looking at the record in ABM will show that it is assigned to your MDM.
3: In your MDM, setup your prestage profile (not sure what Knox calls this, but it is your initial MDM profile that begins automated enrollment. The device in question must be assigned to this profile as well. It will include options like controlling Setup Assistance, management of activation lock, etc.
4: Erase your device again. The reason for this is that when you first power it on (before capturing with Configurator), it talked to Apple's activation server and was marked a retail device. It is still considering itself a retail device. By erasing it, it will be forced to talk to the activation server again. This time, it will be told that it is an enterprise device linked to your organization. And the details of ABM will direct it to your MDM where it will hit your prestage and begin automated enrollment.
5: During this reboot, you will be asked to choose a language, a country, if accessibility is needed, and then to join a network. Once you do, the unit will hit the activation server and you should be presented with the automated enrollment window. Enroll the device.
Hope this is helpful. In the future, make sure you are buying devices from a DEP capable reseller. Give them your org ID (found in ABM) and have them give your their reseller ID (enter the in your ABM). This way, future devices will arrive already in ABM and already assigned to the MDM. No more Configurator. You are making your life way too complicated.
