User Enrollment, more commonly known as 'BYOD' (Bring Your Own Device), provides a new level of MDM capability that balances the protection of user data with corporate security. User Enrollment (BYOD) will not install the Addigy Agent, and will deny MDM Profiles from installing that affect core settings of the operating system (like the ability to send remote Lock or Wipe commands).
More information on User Enrollment (BYOD) can be found here: User Enrollment and MDM
Requirements for Configuring User Enrollment:
- Apple MDM Push Certificate
- Apple School Manager or Apple Business Manager
- Managed Apple IDs for end users that will be enrolling devices
- Enrollment Operating System Requirements
- macOS Catalina 10.15 or newer
- iOS 13 or newer
- iPadOS 13 or newer
- Devices cannot be supervised or have parts of a prior management method still installed
Configuring Add Devices Settings:
On the Add Devices page, select a Policy to configure User Enrollment (BYOD) settings.
Select 'Edit Settings' in the User Enrollment (BYOD) section to upload a custom logo, modify end user instruction text, and add a passcode.
Note: For BYOD, Managed Apple IDs cannot have an Administrator role in Apple Business Manager.
Confirming Devices were enrolled correctly
After a successful enrollment via BYOD, it is expected that devices will appear in Addigy as shown in the images below:
Devices Page
GoLive
Allowed Settings and Software for User Enrollment (BYOD):
Below is a list of common management tasks that an Addigy Administrator will be able to accomplish with User Enrollment (BYOD):
- Request general device information
- Deploy mail and calendar settings
- Require a device passcode
- Enable a subset of MDM restrictions
Management Restrictions for User Enrollment (BYOD):
Below is a list of common management tasks that an Addigy administrator will not be able to accomplish with User Enrollment (BYOD):
- Device information like Serial Number, UDID, IMEI, etc
- Viewing or modifying cellular information
- Viewing information about apps or settings that were not configured via MDM
- Collecting logs
- Full device wipe
- Device Lock or Lost Mode
- Removing passcode
- Complex passcode
- Restrictions that modify more than the security of corporate data
List of Payloads that Support User Enrollment (BYOD):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|