Personally owned mobile devices can be enrolled with Jamf Pro using account-driven User Enrollment (applies to iOS 15 or later, or iPadOS 15 or later). Account-driven User Enrollment is designed to keep corporate data safe on devices while protecting users' privacy. Enrolling personally owned devices keeps personal and institutional data separate by associating a personal Apple Account with personal data and a Managed Apple Account with corporate data. This allows for a limited management of devices using a set of configurations that associate management with the user, not the entire device. The user can access their corporate data without the administrator erasing, modifying, or viewing personal data. This separation allows users to keep their personal data protected and intact once the device is removed from Jamf Pro, while the corporate data is deleted. For more information on User Enrollment management capabilities, see Managing Mobile Devices.
To create Managed Apple Accounts, you must either use federated authentication to link Apple School Manager or Apple Business Manager to your instance of Microsoft Entra ID or create them manually in Apple School Manager or Apple Business Manager. For more information, see the following Apple documentation:
Disclaimer:
Personal device profiles and profile-driven User Enrollment are deprecated and are no longer recommended as enrollment methods for personally owned devices. Account-driven User Enrollment is Apple's preferred method for enrolling personally owned devices in a Bring Your Own Device (BYOD) program.