macOS 10.15 Catalina, iOS 13, and iPadOS 13 introduced a new level of MDM capabilities that balances the protection of user data with corporate security: User Enrollment, or more commonly called Bring Your Own Device (BYOD). User Enrollment, BYOD, will not install the Addigy Agent on macOS and User Enrolled Devices will deny MDM profiles from installing that affect core settings of the operating system like the ability to App Lock or Wipe commands. 


You can learn more about User Enrollment from this Apple WWDC presentation “What’s New in Managing Apple Devices”. 


Requirements for Configuring User Enrollment:


Configuring Add Devices Settings:

To get started with BYOD User Enrollment, login to Addigy and click on Add Devices in the left side navigation bar. Once there, select a Policy to configure User Enrollment (BYOD) settings.


On the Add Devices page for a specific policy, there are three ways to add a device to Addigy thru an MDM Profile. Click on Edit Settings for User Enrollment (BYOD) to upload a custom logo, modify end user instruction text, and add a passcode.

Allowed Settings and Software for User Enrollment (BYOD):


Below is a list of common management tasks that an Addigy Administrator will be able to accomplish with User Enrollment (BYOD):


  • Request general device information

  • Deploy mail and calendar settings

  • Require a device passcode

  • Enable a subset of MDM restrictions

  • Install apps via Apps and Books (VPP)


Management Restrictions for User Enrollment (BYOD):


Below is a list of common management tasks that an Addigy administrator will not be able to accomplish with User Enrollment (BYOD):


  • Device information like Serial Number, UDID, IMEI, etc

  • Viewing or modifying cellular information

  • Viewing information about apps or settings that were not configured via MDM

  • Collecting logs

  • Full device wipe

  • Device Lock or Lost Mode

  • Removing passcode

  • Complex passcode

  • Restrictions that modify more than the security of corporate data


List of Payloads that Support User Enrollment (BYOD):

  • 802.1x

  • Active Directory Certificates

  • AirPlay

  • AirPrint

  • Associated Domains

  • Calendar

  • Contacts

  • Certificates

  • Desktop

  • Directory Services

  • Exchange

  • Extensible SSO

  • Fonts

  • Google Accounts

  • Identification

  • LDAP

  • Login Items

  • Mail

  • Passcode

  • Restrictions

  • SCEP

  • Subscribed Calendars

  • User Preferences

  • Web Clip

  • Wi-Fi