Enrollment types for mobile device management with Apple devices
There are three main types of device enrollment into mobile device management (MDM) solutions.
User Enrollment is designed for BYOD—or bring your own device deployments—where the user, not the organization, owns the device. User Enrollment also requires Managed Apple IDs, which:
Are owned and managed by an organization
Provide employees access to certain Apple services
Are created manually, or automatically using federated authentication
Can also be used to sign in for roles within Apple School Manager or Apple Business Manager
Device Enrollment allows organizations to have users manually enroll devices, then manage many different aspects of device use, including the ability to erase the device. Device Enrollment also has a larger set of payloads and restrictions that can be applied to the device. When a user removes an enrollment profile, all configuration profiles, their settings, and managed apps based on that enrollment profile are removed with it.
Automated Device Enrollment
Automated Device Enrollment lets organizations configure and manage devices from the moment the devices are removed from the box (in a process known as Auto Advance deployment). These devices are known as supervised, and you have the option to prevent the MDM profile from being removed by the user. Automated Device Enrollment is designed for devices owned by the organization.
Auto Advance for Automated Device Enrollment with Mac computers
With Auto Advance configured in MDM, organizations can order Mac computers and, after they arrive, simply plug them into Ethernet and power them on. The Mac will locate the assigned MDM solution and be automatically configured based on settings from the MDM solution, including skipping all Setup Assistant screens. The user then enters a known user name and password at the login window. A Mac that meets all of the following criteria can take advantage of Auto Advance:
Comes preinstalled with macOS 11 for Mac computers shipped directly from Apple, an Apple Authorized Reseller or carrier, or running macOS 11 for Mac computers erased and ready to be configured
The Mac serial number must appear in Apple School Manager or Apple Business Manager
Has automated device enrollment settings, including the existing Auto Advance keys applied to the device using an MDM solution
Is plugged into a power source (recommended but not required)
Is plugged into an active Ethernet connection (initial configuration only)
Note: If the Mac is configured to use FileVault, an initial additional step requires the user’s password.
Auto Advance for Apple TV
Apple School Manager and Apple Business Manager make it possible to enroll an Apple TV in MDM and fully configure it by simply plugging in power and an Ethernet connection. If Apple School Manager or Apple Business Manager settings have already been configured for that specific Apple TV, it powers up and enrolls in MDM without any user input after a brief pause at the Siri Remote pairing step. This setup allows MDM commands to:
Set the default language and region
Set the name of the Apple TV
Install configuration profiles to fully configure the Apple TV