More

    Introducing Apple ID-driven Enrollment: Modern BYOD for iOS Devices

    We are excited to announce the launch of Apple ID-driven user enrollment. Enterprises can now leverage full-blown BYOD for iOS devices by enabling a work container for corporate apps and data on employee-owned devices.

    This feature bolsters the BYOD use case for Apple devices and helps create a robust ecosystem for enterprise Apple users to access work apps on personal devices.

    Apple ID-driven user enrollment
    Apple ID-based Enrollment for iOS

    Bring Your Own Device/BYOD: Future-proof As It Could Be

    We can all agree that BYOD (Bring Your Own Device) is crucial for enterprises. It enhances flexibility, boosts employee productivity, and reduces hardware costs. And most importantly,  it empowers employees to work from anywhere, fostering a collaborative and agile work environment. 

    And yes, (almost) no one likes carrying a second phone just for work.

    For forward-thinking organizations, BYOD is no longer a nice option; it is a necessity. 

    As a device management platform, we constantly assess elements that hinder a seamless mobility and device management experience. For the longest time, we have had a use case wherein we supported personal enablement on company-owned iOS devices. 

    Which is why we introduced Apple ID-driven user enrollment. 

    Now, with managed Apple IDs, we have put BYOD for iOS into the picture—the way Apple wants it. 

    In essence, it’s a work container, but for iOS, and aligned to the Apple scheme of things! 

    Users can now enroll an iOS device in Scalefusion device management using managed Apple IDs. With this, users can enroll their personal devices into their organization’s profile, creating a separate container on the devices. While the work and personal data are segregated, policies restricting data movement between personal and managed apps can be controlled.

    Apple User Enrollment

    Apple User Enrollment is a form of enrolling an iOS device on the Scalefusion dashboard using managed Apple IDs. With Apple ID-driven user enrollment, you can now import users from Google Workspace or Microsoft Entra to Apple to treat them as managed Apple IDs. You can now invite your employees to BYOD management for their personal devices using these managed Apple IDs. 

    What Does it Mean for IT Administrators?

    IT teams no longer have to supervise employee-owned devices. They can still add managed Apple IDs to the enterprise’s Apple Business Manager or Apple School Manager account, enroll the devices on Scalefusion MDM, and push the apps via VPP without compromising user privacy and organizational data security.

    All the data and the apps pushed on the employee’s iOS device will stay on the secure APFS storage, allowing IT admins to have granular control over corporate data. 

    IT teams can create a set of policies (device profiles) for employee-owned devices, push all the settings and apps for the work container, and create a QR code configuration/user group to streamline device enrollment.

    At a high level, a BYOD profile offers the following policies on iOS devices:

    • Application policy: Select, view, and manage all the applications installed in the secure work container.
    • Browser shortcuts: Select the browser shortcuts shown in the Scalefusion workplace to provide your employees with quick bookmarks.
    • Restrictions: Choose and control the finer security policies that should be applied on an employee-owned device. Manage data sharing between work and personal apps/containers.

    For IT admins, here’s what happens with Apple ID-driven enrollment:

    MDM CanMDM Can’t
    Configure accountsSee personal information, usage data, or logs
    Access inventory of Managed AppsAccess inventory of personal apps
    Remove managed data onlyRemove any personal data
    Install and configure appsTake over management of a personal app
    Require a passcodeRequire a complex passcode or password
    Enforce certain restrictionsAccess device location
    Configure Per-App VPNAccess unique device identifiers
    Remotely wipe the entire device
    Manage Activation Lock
    Access roaming status
    Turn on Lost Mode

    What Does it Mean for Employees/Device Users?

    Employees can now have two Apple IDs on their devices—personal Apple ID and managed Apple ID.  While their IT teams cannot read/view the apps on the personal side, employees can access work apps seamlessly within the work container. 

    Moreover, since Apple also provides bundled cloud storage (5GB for employees, 200 GB for schools) called Managed iCloud, employees can free up space on their personal devices/iCloud that would earlier be taken by work apps/data. 

    How is this Enrollment Different?

    In Modern BYO, IT teams can access only the work apps while the personal apps are segregated completely. Therefore, for organizations that do not want to supervise employee-owned iOS devices or opt for a COPE (corporate-owned, personally enabled) device management model, Scalefusion’s Apple ID-driven user enrollment is the answer.

    However, here are some limitations you should take into consideration:

    • Apps can only be distributed through VPP (Volume Purchase Program).
    • Third-party or custom apps may not be supported.
    • Allowing Managed Apple IDs on any device poses significant security risks, as users can utilize these IDs on multiple devices and access managed iCloud data across them.

    You can learn more about getting started with Apple user ID-driven enrollment here.

    We are thrilled to see enterprises leveraging the Apple user ID-driven enrollment to extend a complete BYOD experience for its employees. We are also eager to continually enhance our product to provide the ultimate device management experience. Your feedback is incredibly important to us as we strive to introduce even more exciting features in the future. 

    Please don’t hesitate to reach out to us at [email protected] with your thoughts and suggestions.

    Sriram Kakarala
    Sriram Kakarala
    Sriram has been developing mobile applications for 10+ years. His experiences include working on a BYOD solution, a custom Android OS for the enterprises and multi-headed Chat clients for consumers. He has had experience working for early stage start-ups to mid-size stuck-ups and near-stagnant MNC’s. On a personal level he thinks a nice sandwich is all that the world needs!!.

    Product Updates

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications. This feature is designed to...

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist, having an extra pair of eyes never hurts, especially when dealing with large device inventories....

    Introducing Scalefusion ProSurf: A Secure Browser for Windows Devices

    We're thrilled to introduce Scalefusion ProSurf for Windows—a browser that delivers secure and controlled browsing experiences on managed Windows devices. Scalefusion ProSurf empowers organizations...

    New Enhancements to Scalefusion Deployer

    At Scalefusion, we practice the art of continuous improvement. It stems from our mission to solve the everyday challenges of IT admins. We kick-started...

    Introducing OneIdP: Transform Shared Device and Identity Management on Scalefusion

    We're thrilled to share a major leap in our journey of innovation – the introduction of our very first Identity Management Solution- OneIdP. This...

    What is Android Fastboot: Definition, Benefits, and More

    The open-source nature of Android leaves plenty of scope for personal users, individual professionals, and, particularly, IT teams of...

    Introducing Scalefusion ProSurf: A Secure Browser for Windows Devices

    We're thrilled to introduce Scalefusion ProSurf for Windows—a browser that delivers secure and controlled browsing experiences on managed Windows...

    Must read

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist,...

    Introducing Scalefusion ProSurf: A Secure Browser for Windows Devices

    We're thrilled to introduce Scalefusion ProSurf for Windows—a browser...
    spot_img

    More from the blog

    What is macOS Patch Management: A Comprehensive Guide

    Many of us might be tempted to think that the powerful macOS devices that are usually high on security aren’t vulnerable. Well, there’s room...

    Understanding Unattended Remote Access for Windows

    Whether your organization is fully back on-site, hybrid, fully remote, or on-site but globally dispersed, the ability to manage devices remotely is not just...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications. This feature is designed to...

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist, having an extra pair of eyes never hurts, especially when dealing with large device inventories....