Introducing Apple ID-driven Enrollment: Modern BYOD for iOS Devices

    We are excited to announce the launch of Apple ID-driven user enrollment. Enterprises can now leverage full-blown BYOD for iOS devices by enabling a work container for corporate apps and data on employee-owned devices.

    This feature bolsters the BYOD use case for Apple devices and helps create a robust ecosystem for enterprise Apple users to access work apps on personal devices.

    Apple ID-driven user enrollment
    Apple ID-based Enrollment for iOS

    Bring Your Own Device/BYOD: Future-proof As It Could Be

    We can all agree that BYOD (Bring Your Own Device) is crucial for enterprises. It enhances flexibility, boosts employee productivity, and reduces hardware costs. And most importantly,  it empowers employees to work from anywhere, fostering a collaborative and agile work environment. 

    And yes, (almost) no one likes carrying a second phone just for work.

    For forward-thinking organizations, BYOD is no longer a nice option; it is a necessity. 

    As a device management platform, we constantly assess elements that hinder a seamless mobility and device management experience. For the longest time, we have had a use case wherein we supported personal enablement on company-owned iOS devices. 

    Which is why we introduced Apple ID-driven user enrollment. 

    Now, with managed Apple IDs, we have put BYOD for iOS into the picture—the way Apple wants it. 

    In essence, it’s a work container, but for iOS, and aligned to the Apple scheme of things! 

    Users can now enroll an iOS device in Scalefusion device management using managed Apple IDs. With this, users can enroll their personal devices into their organization’s profile, creating a separate container on the devices. While the work and personal data are segregated, policies restricting data movement between personal and managed apps can be controlled.

    Apple User Enrollment

    Apple User Enrollment is a form of enrolling an iOS device on the Scalefusion dashboard using managed Apple IDs. With Apple ID-driven user enrollment, you can now import users from Google Workspace or Microsoft Entra to Apple to treat them as managed Apple IDs. You can now invite your employees to BYOD management for their personal devices using these managed Apple IDs. 

    What Does it Mean for IT Administrators?

    IT teams no longer have to supervise employee-owned devices. They can still add managed Apple IDs to the enterprise’s Apple Business Manager or Apple School Manager account, enroll the devices on Scalefusion MDM, and push the apps via VPP without compromising user privacy and organizational data security.

    All the data and the apps pushed on the employee’s iOS device will stay on the secure APFS storage, allowing IT admins to have granular control over corporate data. 

    IT teams can create a set of policies (device profiles) for employee-owned devices, push all the settings and apps for the work container, and create a QR code configuration/user group to streamline device enrollment.

    At a high level, a BYOD profile offers the following policies on iOS devices:

    • Application policy: Select, view, and manage all the applications installed in the secure work container.
    • Browser shortcuts: Select the browser shortcuts shown in the Scalefusion workplace to provide your employees with quick bookmarks.
    • Restrictions: Choose and control the finer security policies that should be applied on an employee-owned device. Manage data sharing between work and personal apps/containers.

    For IT admins, here’s what happens with Apple ID-driven enrollment:

    MDM CanMDM Can’t
    Configure accountsSee personal information, usage data, or logs
    Access inventory of Managed AppsAccess inventory of personal apps
    Remove managed data onlyRemove any personal data
    Install and configure appsTake over management of a personal app
    Require a passcodeRequire a complex passcode or password
    Enforce certain restrictionsAccess device location
    Configure Per-App VPNAccess unique device identifiers
    Remotely wipe the entire device
    Manage Activation Lock
    Access roaming status
    Turn on Lost Mode

    What Does it Mean for Employees/Device Users?

    Employees can now have two Apple IDs on their devices—personal Apple ID and managed Apple ID.  While their IT teams cannot read/view the apps on the personal side, employees can access work apps seamlessly within the work container. 

    Moreover, since Apple also provides bundled cloud storage (5GB for employees, 200 GB for schools) called Managed iCloud, employees can free up space on their personal devices/iCloud that would earlier be taken by work apps/data. 

    Also read: Apple Business Essentials for MDM

    How is this Enrollment Different?

    In Modern BYO, IT teams can access only the work apps while the personal apps are segregated completely. Therefore, for organizations that do not want to supervise employee-owned iOS devices or opt for a COPE (corporate-owned, personally enabled) device management model, Scalefusion’s Apple ID-driven user enrollment is the answer.

    However, here are some limitations you should take into consideration:

    • Apps can only be distributed through VPP (Volume Purchase Program).
    • Third-party or custom apps may not be supported.
    • Allowing Managed Apple IDs on any device poses significant security risks, as users can utilize these IDs on multiple devices and access managed iCloud data across them.

    You can learn more about getting started with Apple user ID-driven enrollment here.

    We are thrilled to see enterprises leveraging the Apple user ID-driven enrollment to extend a complete BYOD experience for its employees. We are also eager to continually enhance our product to provide the ultimate device management experience. Your feedback is incredibly important to us as we strive to introduce even more exciting features in the future. 

    Please don’t hesitate to reach out to us at [email protected] with your thoughts and suggestions.

    Sriram Kakarala
    Sriram Kakarala
    Sriram has been developing mobile applications for 10+ years. His experiences include working on a BYOD solution, a custom Android OS for the enterprises and multi-headed Chat clients for consumers. He has had experience working for early stage start-ups to mid-size stuck-ups and near-stagnant MNC’s. On a personal level he thinks a nice sandwich is all that the world needs!!.

    Product Updates

     Introducing Just-In-Time Admin for macOS: Extending Access Management with OneIdP

    While macOS security is a prime business concern, most (if not all) security discussions focus on software updates and endpoint security software, and user...

    New Feature Release: Managing AI Settings on Windows

    As enterprises integrate AI-driven functionalities for operational efficiency, they tread carefully due to potential security risks. AI implementations can introduce vulnerabilities like data breaches...

    Introducing Remote Terminal and User Account Management for Linux

    We’re thrilled to announce new features for Linux devices—Remote Terminal and User Account Management—now available with the latest version of the Linux MDM agent....

    Scalefusion OneIdP Reimagined: Introducing Single Sign-On and Enhancements to OneIdP Suite

    Identity and Access Management (IAM) tools oversee and regulate user access to business systems and resources. They ensure that only authorized individuals access business...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications. This feature is designed to...

    Ensuring Compliance and Enhancing Patient Care with Scalefusion MDM

    In the healthcare industry, time is a matter of life and death. Medical professionals work around the clock, facing...

    15 Biggest Issues IT Faces Today in 2024

    Have you ever tried to manage a large family reunion? Everyone has different needs, preferences, and issues that need...

    Must read

     Introducing Just-In-Time Admin for macOS: Extending Access Management with OneIdP

    While macOS security is a prime business concern, most...

    Scalefusion OneIdP Reimagined: Introducing Single Sign-On and Enhancements to OneIdP Suite

    Identity and Access Management (IAM) tools oversee and regulate...

    More from the blog

    What is Mobile Threat Defense? A Complete Guide

    According to recent statistics, in Q1 of 2024, over 10.1 million attacks involving malware, adware, or unauthorized mobile software were blocked. Similarly, phishing attacks...

    Latest Trends in Identity and Access Management in 2024

    With the rise of modern workplaces, every business must have a firm understanding of identity and access management (IAM) trends. In simple terms, IAM...

     Introducing Just-In-Time Admin for macOS: Extending Access Management with OneIdP

    While macOS security is a prime business concern, most (if not all) security discussions focus on software updates and endpoint security software, and user...