We are excited to announce the launch of Apple ID-driven user enrollment. Enterprises can now leverage full-blown BYOD for iOS devices by enabling a work container for corporate apps and data on employee-owned devices.
This feature bolsters the BYOD use case for Apple devices and helps create a robust ecosystem for enterprise Apple users to access work apps on personal devices.
Bring Your Own Device/BYOD: Future-proof As It Could Be
We can all agree that BYOD (Bring Your Own Device) is crucial for enterprises. It enhances flexibility, boosts employee productivity, and reduces hardware costs. And most importantly, it empowers employees to work from anywhere, fostering a collaborative and agile work environment.
And yes, (almost) no one likes carrying a second phone just for work.
For forward-thinking organizations, BYOD is no longer a nice option; it is a necessity.
As a device management platform, we constantly assess elements that hinder a seamless mobility and device management experience. For the longest time, we have had a use case wherein we supported personal enablement on company-owned iOS devices.
Which is why we introduced Apple ID-driven user enrollment.
Now, with managed Apple IDs, we have put BYOD for iOS into the picture—the way Apple wants it.
In essence, it’s a work container, but for iOS, and aligned to the Apple scheme of things!
Users can now enroll an iOS device in Scalefusion device management using managed Apple IDs. With this, users can enroll their personal devices into their organization’s profile, creating a separate container on the devices. While the work and personal data are segregated, policies restricting data movement between personal and managed apps can be controlled.
Apple User Enrollment
Apple User Enrollment is a form of enrolling an iOS device on the Scalefusion dashboard using managed Apple IDs. With Apple ID-driven user enrollment, you can now import users from Google Workspace or Microsoft Entra to Apple to treat them as managed Apple IDs. You can now invite your employees to BYOD management for their personal devices using these managed Apple IDs.
What Does it Mean for IT Administrators?
IT teams no longer have to supervise employee-owned devices. They can still add managed Apple IDs to the enterprise’s Apple Business Manager or Apple School Manager account, enroll the devices on Scalefusion MDM, and push the apps via VPP without compromising user privacy and organizational data security.
All the data and the apps pushed on the employee’s iOS device will stay on the secure APFS storage, allowing IT admins to have granular control over corporate data.
IT teams can create a set of policies (device profiles) for employee-owned devices, push all the settings and apps for the work container, and create a QR code configuration/user group to streamline device enrollment.
At a high level, a BYOD profile offers the following policies on iOS devices:
- Application policy: Select, view, and manage all the applications installed in the secure work container.
- Browser shortcuts: Select the browser shortcuts shown in the Scalefusion workplace to provide your employees with quick bookmarks.
- Restrictions: Choose and control the finer security policies that should be applied on an employee-owned device. Manage data sharing between work and personal apps/containers.
For IT admins, here’s what happens with Apple ID-driven enrollment:
| MDM Can | MDM Can’t |
| Configure accounts | See personal information, usage data, or logs |
| Access inventory of Managed Apps | Access inventory of personal apps |
| Remove managed data only | Remove any personal data |
| Install and configure apps | Take over management of a personal app |
| Require a passcode | Require a complex passcode or password |
| Enforce certain restrictions | Access device location |
| Configure Per-App VPN | Access unique device identifiers |
| Remotely wipe the entire device | |
| Manage Activation Lock | |
| Access roaming status | |
| Turn on Lost Mode |
What Does it Mean for Employees/Device Users?
Employees can now have two Apple IDs on their devices—personal Apple ID and managed Apple ID. While their IT teams cannot read/view the apps on the personal side, employees can access work apps seamlessly within the work container.
Moreover, since Apple also provides bundled cloud storage (5GB for employees, 200 GB for schools) called Managed iCloud, employees can free up space on their personal devices/iCloud that would earlier be taken by work apps/data.
Also read: Apple Business Essentials for MDM
How is this Enrollment Different?
In Modern BYO, IT teams can access only the work apps while the personal apps are segregated completely. Therefore, for organizations that do not want to supervise employee-owned iOS devices or opt for a COPE (corporate-owned, personally enabled) device management model, Scalefusion’s Apple ID-driven user enrollment is the answer.
However, here are some limitations you should take into consideration:
- Apps can only be distributed through VPP (Volume Purchase Program).
- Third-party or custom apps may not be supported.
- Allowing Managed Apple IDs on any device poses significant security risks, as users can utilize these IDs on multiple devices and access managed iCloud data across them.
You can learn more about getting started with Apple user ID-driven enrollment here.
We are thrilled to see enterprises leveraging the Apple user ID-driven enrollment to extend a complete BYOD experience for its employees. We are also eager to continually enhance our product to provide the ultimate device management experience. Your feedback is incredibly important to us as we strive to introduce even more exciting features in the future.
Please don’t hesitate to reach out to us at [email protected] with your thoughts and suggestions.
