You can enroll personally owned iPhone, iPad, and Apple Vision Pro devices with Jamf Pro using Apple's account-driven User Enrollment method. Account-driven User Enrollment is designed for Bring Your Own Device (BYOD) deployments. It logically and transparently separates an end user's personal data from institutionally managed applications and accounts. Account-driven User Enrollment establishes strong privacy safeguards via the operating system that ensure organizations are only able to manage enterprise applications and accounts while personal applications and unique device identifiers are inaccessible to an MDM server. For more information, see User Enrollment and MDM in Apple Platform Deployment.
With account-driven User Enrollment, users open the Settings app, navigate to , and then sign in with a Managed Apple Account. After sign-in, users are redirected to your organization's Jamf enrollment portal.
Account-driven User Enrollment allows administrators to build a Bring Your Own Device (BYOD) program with the following device and data privacy and security advantages:
- Transparency
Users can review the IT management capabilities of personally owned mobile devices before enrolling their device. User Enrollment results in an unsupervised device state, allowing users to remove the MDM profile.
- Data Separation, Access, and Privacy
- Users can securely access institutional resources such as email, contacts, calendars, Wi-Fi, and VPN, while keeping their personal data secure. Users maintain a personal Apple Account for their personal data and use a Managed Apple Account for institutional data.
- Security
- IT can only remove institutional data from the device, ensuring protection of the user's personal data, such as photos and documents. Because users must interactively complete enrollment, User Approved MDM status is achieved and grants administrators additional device management privileges.
Disclaimer:
Personal device profiles and profile-driven User Enrollment are deprecated and are no longer recommended as enrollment methods for personally owned devices. Account-driven User Enrollment is Apple's preferred method for enrolling personally owned devices in a Bring Your Own Device (BYOD) program.