By following this method, your enrolled devices achieve supervised status, allowing you the highest level of device management. Please note, there are three basic types of device enrollment; Automated (DEP), user-initiated institutional, and BYOD. The level of management differs on each of these levels. The general rule of thumb is that if the device is institutionally owned, it should be in ABM, managed by an MDM, and enrolled automatically to achieve supervision. If you have older device that cannot be reset and side loaded into ABM, then use user-initiated institutional. If you have user devices that are not owned by the business, then pursue BYOD enrollment models (this provides a light touch management and the user remains mostly in control of the device).
So, now let's look at your situation... You have pile of hardware purchased through the retail channel. This means they cannot participate in automated enrollment unless you use Apple Configurator to side-load them. If you have iPads and iPhones, you need a Mac running Apple Configurator to do this. The process is to link Apple Configurator to your ABM and then tether the device to the Mac to reset the device to associate the unit to your legal business entity by injecting it into ABM. Yes, you must wipe the device. If there is data on the units, be cautious. Once you do this, the device will appear in ABM but it will be assigned to Apple Configurator as the MDM - this is not very useful. You will need to reassign the device in ABM to your real MDM and then reset the device one more time (this can be done with an Erase all contents and settings from the device). Once it reboots, and assuming you have your MDM setup to deliver an automated enrollment experience to that device, then the device will prompt for automated enrollment and you will enjoy supervision of your Apple assets.
To wrap up, if you have not yet deployed the devices (meaning there is no data and nothing setup), I would encourage you to side-load the devices so they are visible in ABM and thus linked via chain of custody to your legal business entity. Once side-loaded into ABM, remember to reassign the devices to your real MDM. Then erase the units again to allow them to hit your real MDM.
On the MDM side, you must have your DEP and VPP tokens installed on the MDM so it is aware of you hard and soft assets from ABM. And you must have a Push Notification cert installed on the MDM. I strongly encourage that you use a generic Apple ID linked to a group email at the business. Do not use a personal Apple ID. People leave companies. If you let the Push Cert expire or you replace it with one from another Apple ID you will drop all devices from management. That is a very bad day. Don't have that day. Understand your Push Cert requirements and do it right from the start.
On the MDM, setup your pre-stage policy and define you app list as well as profiles for setting enforcement - like setting pin code, enforcing restrictions, etc.
Management of Apple hardware is a dream. While this may seem confusing now, it is a really elegant solution. We barely touch hardware anymore. Everything drop-ships direct to customers and regular users do the setup for us. Done right, it is maybe 4 clicks (country, language, join a network, and enroll).
Good luck with the project. Hope this is helpful,
Reid
Apple Consultant Network Member