Choosing the best Apple enrollment method for you is very important and there are many different factors involved in this selection process.
Are your Apple devices part of a shared program or are they part of 1:1 program? Are your devices generic for any end-user within your organization? Does your company use a Bring Your Own Device (BYOD) program?
Consider the answers to these questions as you look through this article. We'll go over what Apple enrollment method is better suited to certain situations, and focus on Apple’s Automated Device Enrollment and User Enrollment. What are the differences between the two? Keep reading to find out.
What is Apple's Automated Device Enrollment?
If you’re looking to enroll your corporate Apple devices easily, you can use Automated Device Enrollment. It’s a method of enrollment that you can use for devices that have been purchased directly from Apple or authorized resellers.
Important note: you’ll see the term Automated Device Enrollment more frequently as DEP will no longer be available starting December, 2019. Automated Device Enrollment offers the same functions as DEP, but has since been renamed to due to Apple’s change from DEP/VPP to Apple Business Manager.
Using this method allows you to automatically enroll and supervise devices (supervision is required), so it’s a way to streamline your deployment workflow. Using this method, you can take advantage of zero-touch deployment for your corporate devices. This means that if your devices are brand new, end-users can simply take them out of the box and turn them on if they’ve been enrolled using Automated Device Enrollment.
To enroll your devices this way, you’ll have to integrate your MDM solution with Apple Business Manager.
With Automated Device Enrollment, you can enroll devices for 1:1 programs, shared programs or simply keep devices generic, which means that the devices are enrolled but unassigned.
What is Apple's User Enrollment?
Apple’s new privacy revolution is User Enrollment, an enrollment method that puts user privacy at the forefront. It’s a method that’s designed for Bring Your Own Device (BYOD) programs. With User Enrollment, IT teams are offered a limited set of configurations and policies that are associated with the user instead of the device.
This method helps to protect sensitive corporate data while still allowing personal data to remain separate from IT oversight. That’s because User Enrollment separates personal and work data, allowing IT to only manage work-related data.
User Enrollment is available for devices running iOS 13, iPadOS and macOS Catalina or higher. You can learn more about User Enrollment here.
Automated Device Enrollment vs. User Enrollment
Now, we’ll go over the main similarities and differences between the two enrollment methods. Keep in mind that your deployment model is one of the deciding factors for which method you should choose.
It’s also important to consider the level of access that’s necessary for the IT team. You can apply certain restriction profiles, depending on whether or not the Apple devices are supervised or unsupervised.
Apple Business Manager:
Both enrollment methods require that you have an Apple Business Manager account associated with your company. You can create the account at business.apple.com. It’s important that you integrate your MDM solution and Apple Business Manager. Learn how to complete this integration process by checking out our getting started guide.
Managed Apple IDs:
When using either method, it’s recommended to use Managed Apple IDs, which you can read more about here. Managed Apple IDs should be created for employees as they help make the entire process smoother.
Increased data security, streamlined content distribution and access to iCloud services are just a few of the many benefits of using Managed Apple IDs for device deployment.
One of the biggest differences between Automated Device Enrollment and User Enrollment is the level of end-user interaction necessary. When it comes to Automated Device Enrollment, the IT team handles the entire enrollment process and end-users simply have to turn on the Apple device. This is why it’s considered zero-touch deployment.
However, with User Enrollment, end-users are required to enter the URL in Safari and use their Managed Apple ID to complete the enrollment process. This gives employees more involvement when it comes to enrolling their personal devices.
Your iOS or iPadOS devices are either supervised or unsupervised. When they are supervised, administrators have more control over the devices.
For User Enrollment, devices cannot be supervised. This is done to protect user privacy and personal data since User Enrollment involves using personal devices. As mentioned earlier, IT teams have limited access to BYOD devices, and not allowing supervision is part of that.
But if you want your devices to be supervised, you can use the Automated Device Enrollment method. Keep in mind that iOS and iPadOS supervised devices can only be enrolled using the Automated Device Enrollment method.
Important note: the supervised mode requires a wipe of the device. This is another reason that devices enrolled with User Enrollment cannot be in supervised mode, otherwise that would give the ability to wipe employee-owned devices.
In the past, IT teams working with BYOD programs used the Manual Enrollment process to enroll devices without wiping them. Now that Apple's User Enrollment is available for specific devices, we recommend using that because a device wipe is not required and you get even more restriction profiles that enhance Apple deployment at your company.
As stated earlier, supervised devices must be enrolled using Automated Device Enrollment, which requires a wipe of the device.
There are different restriction profiles available depending on which enrollment method you use. For example, you can restrict which apps are allowed to launch or restrict access to certain items in System Preferences. If your MDM solution is Mosyle Business, you can learn more about the restriction profiles available to you by navigating to the Management tab.
In short, choosing the best Apple enrollment method for you and your company depends on these different factors. We highly recommend that you plan your deployment, document the procedures and feel free to reach out our Support Team if you have any additional questions.
Enrolling your devices using Automated Device Enrollment or User Enrollment is made easier when you invest in an MDM solution that’s tailored to your industry. Sign up for a free 30-day trial with Mosyle Business today.