Automated Device Enrollment
Automated Device Enrollment allows administrators to enroll devices in MDM without needing to touch them prior to provisioning them to end-users. An Apple Business Manager or Apple School Manager account is needed to use Automated Device Enrollment. For more information about Automated Device enrollment, check out Apple’s documentation on Automated Device Enrollment, as well as our KB article on configuring ADE.
macOS
- Supervision gives administrators more control over their devices. macOS devices on older OS versions (prior to Big Sur) must be enrolled via ADE to be eligible for Supervision. Big Sur and newer devices are automatically supervised after enrolling in MDM via Device Enrollment or ADE.
- macOS devices purchased directly from Apple or an authorized reseller are eligible for ADE.
- Devices that were not purchased directly can also be prepared for ADE enrollment manually using Apple Configurator on iOS for macOS.
- ADE settings can be configured to prevent users from removing the MDM enrollment profile. If, however, the device happens to lose connectivity to the MDM server, the profile cannot be removed remotely. The only way to remove it will be to first disable System Integrity Protection.
iOS/iPadOS/tvOS
-
It’s recommended to enable Location Services in your ADE configuration, as it's the only way to use Find My to locate devices.
Device Enrollment
Device Enrollment requires administrators to physically access devices to enroll them. We have a KB article that details the steps to enroll devices via Device Enrollment.
macOS
- On Silicon devices, Legacy System Extensions (Kernel Extensions) and System Updates can only be managed after putting the device’s security policy into Reduced Security mode. See our KB on the Kernel Extensions and Software Updates warning on Apple Silicon.
iOS/iPadOS/tvOS
-
Apple Configurator can be used to manually enroll these devices in Supervision or Automated Device Enrollment. Supervision and ADE must begin from the setup stage, so devices that are already setup/enrolled manually will need to be wiped.
User Enrollment
User Enrollment allows end-users to enroll their personal devices in MDM. Administrators will be able to manage these devices, but with limited functionality. See our KB article on User Enrollment (BYOD).