SimpleMDM is excited to announce that account-driven enrollment is now available! We’ll break down what it is and how it may impact your user enrollment process.
What is account-driven enrollment?
Account-driven enrollment is a new method for enrolling devices into MDM. With this method, end users can enroll their devices directly by signing in via the Settings app with a Managed Apple ID from their organization instead of downloading a profile from an external link. Account-driven enrollment can be used in place of profile-based enrollment methods for both user-owned, BYOD devices as well as organizationally owned devices that are not eligible for automated enrollment.
User-owned devices
Traditionally, enrolling user-owned devices into an MDM required that admins generate an enrollment URL and end users download a profile from that URL. With account-driven enrollment, users can sign in on their own devices using their Managed Apple ID to enroll and receive apps, accounts, and configurations they need for their work or school environments.
Organization-owned devices
At times, devices owned by the organization cannot be added to Apple Business Manager or Apple School Manager and, therefore, are not eligible for Automated Device Enrollment (ADE). Traditionally, this would require downloading a profile from a URL, but now users can sign in via Settings to enroll their devices and receive the same benefits.
Configuring account-driven enrollment
The account-driven enrollment method requires a bit more work on the admin side to configure compared to traditional profile-based enrollment options.
Specifically, it requires the admin to configure a web server on their domain (matching the domain used for their Managed Apple IDs) to have a “well-known” service discovery URL to redirect to the enrollment URL.
For more information on this process, refer to our documentation.
On the SimpleMDM side, the process is not drastically different than creating a traditional profile-based group enrollment. Simply create the group enrollment, enable account-driven enrollment in the enrollment settings, and then follow the instructions embedded in the interface.
Looking forward
Apple has announced that profile-based User Enrollment is no longer supported on iOS and iPadOS 18.0+. Account-driven User Enrollment will need to be used instead for BYOD setups.
With SimpleMDM, you can utilize account-driven enrollment today. If you’re not already a SimpleMDM user, sign up for a free trial to get started.