How to set up the User Enrollment on Apple devices in Enterprise

5 min read

by Mosyle Team

@mosyle_biz

How to set up the User Enrollment on Apple devices in Enterprise

Technology has become an important part of the workplace and can be integral to the success of a company. Because of this need for corporate Apple devices, businesses are adopting BYOD programs that allows employees to use their own devices in a work setting. This means that companies can save money that would be otherwise be spent on purchasing devices or investing in technology training since employees are using devices they’re already familiar with. But this can raise questions about security.

Can an employee’s personal information be viewed? Is corporate data safe? How can IT teams help provide optimal security for end-users and devices?

Well, Apple just introduced a new way to ease those worries with the new User Enrollment. In this article, we’ll go over what User Enrollment is and what it means for your Apple device deployment.

What is User Enrollment?

Apple has created a brand new way to protect and manage privacy when it comes to Bring Your Own Device (BYOD) programs. With concerns raised about data privacy when employees bring in their own Apple devices, companies will now be able to rest easy knowing that their employees and their devices are safe. When managing and deploying Apple devices, User Enrollment will allow users to access work data without their personal data being viewed or changed by the IT administrator.

User Enrollment will allow both the employee and the IT administrator to feel comfortable while accessing the device. The employee will not have to worry about IT managing their entire device, and the administrator won’t have to worry about dealing with the user’s personal data. This means that users’ private personal information will remain separate from IT oversight, which grants transparency and trust.

The MDM solution will have user permission to operate on the user’s device with a limited range of management operations, while still having the ability to protect the company’s information. User Enrollment separates personal data and automatically creates an additional encrypted volume associated with a managed Apple ID. This is where all the Apple device management will occur, and it will contain any configurations, apps and data necessary for the educational environment.

The MDM software will also only install apps that your company wants to be installed, and it will only have access to work information. This means that when the device is removed from MDM, all of the data that was managed by your company will be automatically deleted.

What can User Enrollment do?

  • Configure accounts
  • Configure Per-app VPN
  • Install and configure apps
  • Require a passcode
  • Enforce certain restrictions
  • Issue an MDM command or query gathering information about apps, accounts and configuration provided by the MDM solution
  • Unenroll the device and cause all organizationally provided data, apps and accounts to be deleted

What can’t User Enrollment do?

  • Obtain any persistent device identities (like Serial Number, UDID, or IMEI); instead it uses a unique value to identify the device for the duration of the enrollment
  • Require complex alphanumeric passcodes
  • Clear the device passcode or lower the security of the device
  • Enforce certain restrictions
  • Take over management of an app that a user installed themself
  • Issue an MDM command or query gathering information about apps downloaded with the user’s personal Apple id
  • Remotely wipe the entire device
  • Access any cellular features
  • Add payloads that collect logs on the device
  • Add any supervised restrictions to the user’s device

You can learn more about User Enrollment by checking out our User Enrollment site to discover how this new feature affects your BYOD programs. Next we’ll go over how to set it up using Mosyle Business.

How to set up User Enrollment

You can set up User Enrollment using an MDM solution like Mosyle Business. Follow the steps below to set up this new feature:

1. After you’ve logged in, navigate to the Organization tab from the menu at the top. Select Enrollment from the Basic Setup section on the left.

2. Then click on Configure User Enrollment and then check the allow user enrollment (BYOD) option.

3. Select to install the Self-Service app.

4. You now have a few different options here to configure the enrollment URL.

5. Next, you have to configure the User Enrollment screen. This is the screen that users will see when logging in to their device. There are a few different options here, so make sure to choose the one that best fits your needs.

6. The last step is to select the allowed users for this enrollment method. You can choose to select all users with Managed Apple ID or specific users. When all of the information is collected, click Save Preferences to finish.

You’ve just set up User Enrollment on your Apple devices! This new feature will revolutionize BYOD by balancing IT needs to protect sensitive corporate data, while also allowing the user’s private data to remain separate from IT oversight. Don’t have an MDM solution? Try out Mosyle Business for free!

Sign up for a 30-day free trial of Mosyle Business.