pdf icon
Category Filter

Apple User Enrollment

Mobile Device Manager Plus extends Apple's User Enrollment (Account Driven User Enrollment) support on unsupervised devices (BYOD). When a device is enrolled via User Enrollment, a separate volume is created on the device for the corporate space. With this capability, admins can manage the corporate data on the employee's personal device (BYOD) without invading their privacy. The users can enroll their iPhones, iPads, Mac machines using the Managed Apple ID provided by their organization. User Enrollment mainly focuses on enhancing user privacy while protecting the enterprise security.

Prerequisites

Ensure that you meet the following pre-requisites before enrolling the devices via User Enrollment:

  1. iPhones/iPads must be running iOS/iPadOS 16.0 and above.
  2. Mac devices must be running macOS 14.0 and above.
  3. Managed Apple IDs should be created for your employees using your organization's Apple Business Manager account.
  4. Directory services should be configured for authenticating users during enrollment.

Steps to enroll devices

The following steps needs to be performed to enable User Enrollment:

  1. On the product console, navigate to Enrollment > Self Enrollment.
  2. Enable the checkbox Apple User Enrollment.
  3. Specify the Managed Apple ID Domain name which is specific for your organization.
  4. Download the JSON file and host it at https:///.well-known/com.apple.remotemanagement
    How to setup well-known directory on Windows IIS server?
  5. Click on Save.

Apple User enrollment will be successfully configured for iOS/iPadOS devices under Self Enrollment.

On an iOS/iPadOS device:

Follow the below mentioned steps to enroll a device using Apple User Enrollment:

  1. Navigate to the Device Settings > General > VPN & Device Management.
  2. Sign in to work account using the Managed Apple ID provided by your organization.
  3. You will be prompted to enter your directory credentials for authentication.
  4. After authentication, MDM profile will be installed on the device.
  5. Now enter the Managed Apple ID password to complete device enrollment.

Now the device will be successfully enrolled with MDM and you can manage corporate space on the personal device (BYOD).

Troubleshooting tips

The following are possible errors that may occur during enrollment. To resolve these errors, refer to the below mentioned steps.

  1. The Host is not reachable
    Ping and verify if https://{domain}/.well-known/com.apple.remotemanagement is accessible from the machine where the MDM server is hosted, and also check if the above domain is permitted to make queries through the proxy server.
     
  2. JSON file mismatch
    The hosted JSON file should match with the downloaded file. Verify the downloaded JSON file and try again.
     
  3. The content type of response should be in the format 'application/json'
    The content type of response should be in the format 'application/json'. Try again by reconfiguring the file format correctly.
     
  4. The HTTP response status code should be '200'
    The HTTP response status code should be '200'. Try again with the correct value.
     
  5. Error occurred while authenticating users
    While authenticating, the users should enter the same Directory credentials associated with the Managed Apple ID provided by their organization.
     
  6. Internal server error occurred
    Contact mdm-support@manageengine.com

If you are still unable to fix the errors even after following the solution we provided, you can contact support for additional help.

Jump To