071: ABM Provisioning

Overview

Let’s dive into the details of ABM (Apple Business Manager) provisioning in Microsoft Intune:

1. Automated Device Enrollment (ADE) with ABM:
   • Overview: ADE allows corporate-owned iOS/iPadOS devices purchased through Apple Business Manager or Apple School Manager to be enrolled in Intune without manual intervention.
   • Benefits:
     • Supervised Mode: ADE supports supervised mode, which enables features like software updates, app restrictions, and more.
     • Bulk Enrollment: Ideal for enrolling a large number of devices.
     • User-less Devices: Works for kiosks, dedicated devices, and shared device mode.
   • Drawbacks:
     • Personal/BYOD Devices: Not recommended for personal or BYOD devices.
     • Managed by Another MDM: If devices are managed by another MDM provider, users must unenroll from that provider to fully manage them in Intune.
     • Device Enrollment Manager (DEM) Account: The DEM account isn't supported.
   • Impact on End Users: Devices enrolled via ADE apply configurations that users can't easily remove. It's recommended to wipe devices before enrollment to return them to an out-of-box state.
   • Comparison to User-Driven Enrollment:
     • User-Driven Enrollment: Provides a faster, user-friendly experience where users sign in to their work account in the Settings app. Intune policies are applied silently.
     • ABM Provisioning (ADE): Primarily for corporate-owned devices, whereas user-driven enrollment is more flexible but not recommended for organizational devices.

Remember that ADE streamlines device setup, but consider your organization's needs and device ownership when choosing the right enrollment method!

Reference

• Tutorial: https://learn.microsoft.com/en-us/mem/intune/enrollment/tutorial-use-device-enrollment-program-enroll-ios.
• https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-program-enroll-ios.