070: User enrollment
Overview
-
Overview:
- Apple User Enrollment is designed for securely using personally owned devices (BYOD) for work apps without giving up management of the entire device to organizations.
- It sets up the personal device so that work data is stored separately from personal data and apps.
- Supervised mode isn't available with this enrollment type.
- Supported methods:
- Account-driven user enrollment: The device user initiates enrollment by adding their work or school account in the Settings app. Intune policies are applied silently.
- User enrollment with Company Portal: The user signs into the Intune Company Portal app, downloads a preconfigured enrollment profile, and installs it via the Settings app.
- Privacy: Organizations can apply necessary configurations and policies (e.g., passcode requirements, mandatory apps) without controlling the camera or accessing personal information².
-
Benefits:
- Privacy: Separates work data from personal data, respecting user privacy.
- User-friendly: Simple enrollment process for users.
- Limited management: Admins have a restricted set of policies and configurations.
- BYOD support: Ideal for personal devices.
-
Drawbacks:
- Limited control: Admins cannot fully manage the entire device.
- No supervision: No supervised mode for additional control.
- Restricted settings: Only settings supported by Apple User Enrollment take effect.
-
Impact:
- Positive: Easy enrollment, privacy protection.
- Negative: Limited device management.
-
Comparison to ABM Enrollment:
- Apple Business Manager (ABM): For corporate-owned devices.
- Supervised mode: Provides more control.
- Full management: Admins can manage the entire device.
- Ideal for corporate devices.
- Apple Business Manager (ABM): For corporate-owned devices.
In summary, Apple User Enrollment balances privacy and management, making it suitable for BYOD scenarios, while ABM offers more control for corporate devices.