macOS 10.15 Catalina, iOS 13, and iPadOS 13 introduced a new level of MDM capabilities that balances the protection of user data with corporate security: User Enrollment, or more commonly called Bring Your Own Device (BYOD). User Enrollment, BYOD, will not install the Addigy Agent on macOS and User Enrolled Devices will deny MDM profiles from installing that affect core settings of the operating system like the ability to App Lock or Wipe commands.
You can learn more about User Enrollment from this Apple WWDC presentation “What’s New in Managing Apple Devices”.
Requirements for Configuring User Enrollment:
- Apple MDM Push Certificate
- Apple School Manager or Apple Business Manager
- Managed Apple IDs for end users that will be enrolling devices
-
Enrollment Operating System Requirements
- macOS Catalina 10.15 or newer
- iOS 13 or newer
- iPadOS 13 or newer
- Devices cannot be supervised or have parts of a prior management method still installed
Configuring Add Devices Settings:
To get started with BYOD User Enrollment, login to Addigy and click on Add Devices in the left side navigation bar. Once there, select a Policy to configure User Enrollment (BYOD) settings.
On the Add Devices page for a specific policy, there are three ways to add a device to Addigy thru an MDM Profile. Click on Edit Settings for User Enrollment (BYOD) to upload a custom logo, modify end user instruction text, and add a passcode.
Note: For BYOD, Managed Apple IDs cannot have an Administrator role in Apple Business Manager.
UI Appearance
Devices Page
GoLive
Allowed Settings and Software for User Enrollment (BYOD):
Below is a list of common management tasks that an Addigy Administrator will be able to accomplish with User Enrollment (BYOD):
- Request general device information
- Deploy mail and calendar settings
- Require a device passcode
- Enable a subset of MDM restrictions
Management Restrictions for User Enrollment (BYOD):
Below is a list of common management tasks that an Addigy administrator will not be able to accomplish with User Enrollment (BYOD):
- Device information like Serial Number, UDID, IMEI, etc
- Viewing or modifying cellular information
- Viewing information about apps or settings that were not configured via MDM
- Collecting logs
- Full device wipe
- Device Lock or Lost Mode
- Removing passcode
- Complex passcode
- Restrictions that modify more than the security of corporate data
List of Payloads that Support User Enrollment (BYOD):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|