Device Enrollment and MDM
Device Enrollment allows organizations to have users manually enroll devices into a mobile device management (MDM) solution and then manage many different aspects of device use, including the ability to erase the device. For a Mac with macOS 11 or later, Device Enrollment also enforces supervision.
Organizations can use one of the following device enrollment methods:
Account-driven Device Enrollment: Users sign in with their Managed Apple Account in Settings or System Settings.
Profile-based Device Enrollment: Users get an enrollment profile they must install on their device.
Regardless of method, when a user removes an enrollment profile, all configuration profiles, their settings, and Managed Apps based on that enrollment profile are removed with it. For more information, see How enrollment methods help to protect the user’s privacy.
Both account-driven and profile-based Device Enrollment methods have a larger set of payloads (than User Enrollment) that can be applied to the device. For the complete list, see Device Enrollment MDM payload list.