Deployment models
The process for deploying devices in an organization depends primarily on whether that organization or the user owns the devices and on how the devices are enrolled in a mobile device management (MDM) solution.
Organization-owned model
In the organization-owned model, devices are purchased by the organization from Apple or a participating Apple Authorized Reseller or carrier. A device is provided to each user, referred to as a one-to-one or personally enabled deployment, or devices can be rotated among users, which is referred to as shared or nonpersonalized deployment. A combination of these deployment models can also be used. When using the organization-owned model, the following deployment processes can be used:
Automated Device Enrollment: Automated Device Enrollment is designed for devices owned by the organization and lets organizations configure and manage devices from the moment the devices are removed from the box. These devices are known as supervised, and the MDM profile can’t be removed by the user.
Device Enrollment: Device Enrollment allows organizations to enroll devices which may not be supervised and manage many different aspects of device use, including the ability to erase the device. If a user removes the MDM profile, all settings and apps that are being managed by the MDM solution are removed.
User-owned model
In the user-owned model, devices are purchased, set up, and configured by the user. These types of deployments are commonly referred to as BYOD, or bring your own device deployments. To use organizational services (such as Wi-Fi, mail, and calendars) or to configure the device for specific education or business requirements, users typically enroll their devices in an organization’s MDM solution. When using the user-owned model, the following deployment process can be used:
User Enrollment: User Enrollment is integrated with Managed Apple ID to establish a user identity on the device. A Managed Apple ID is part of the User Enrollment profile, and the user must successfully authenticate for enrollment to be completed. The Managed Apple ID can be used alongside the personal Apple ID that the user has already signed in with, and the two don’t interact with each other.
After understanding the basic steps for a device deployment, an organization’s IT team can explore Apple’s deployment and management capabilities in detail. This reference covers these tools and programs extensively; the key stakeholders in the organization should review this document carefully.