Apple's Device Enrollment allows users to manually enroll a device with Jamf Pro. This method is designed for institutional devices that are not eligible for Automated Device Enrollment. Device Enrollment is profile-driven or account-driven. Users and administrators can be provided a direct Jamf Pro enrollment URL that opens the enrollment portal in a web browser, or can sign in with a Managed Apple Account directly on the device to initiate enrollment.
You can set up Device Enrollment using the following methods:
- Profile-driven Device Enrollment
- Also known as "user-initiated enrollment via URL". These settings allow you to enable to Device Enrollment and customize the enrollment experience for users, including the messaging that displays for each step of the enrollment process. You can also create a management account and enable SSH (remote login). In addition, you can require LDAP sign-in to enroll and use LDAP groups to restrict which users can enroll with Jamf Pro.
During enrollment, users are prompted to download an MDM profile, and the computer achieves User Approved MDM status. Computers with macOS 11 or later are automatically supervised after Device Enrollment.
- Account-driven Device Enrollment
- (macOS 14 or later) Users navigate to , and then sign in with a Managed Apple Account. After sign-in, users are directed to your organization's Jamf Pro enrollment portal. This method eliminates the need for users to use a web browser and URL link when self-enrolling a computer. Once enrolled, the computer is supervised, and allowed iCloud services are accessible with the user's Managed Apple Account.