User Enrollment and MDM

Account-driven User Enrollment is designed for BYOD—or bring-your-own-device deployments—where the user, not the organization, owns the device. It works with accounts created in Apple School Manager or Apple Business Manager, or with federated accounts linked to a third-party mobile device management (MDM) solution and an identity provider (IdP), like Google Workspace or Microsoft Entra ID.

After users successfully sign in on their device, they can see details about what’s being managed on that device and how much iCloud storage space is provided by their organization. As the user owns the device, account-driven User Enrollment can apply only a limited set of payloads and restrictions to it. For more information, see User Enrollment MDM information.

With account-driven User Enrollment, IT administrators can manage only an organization’s accounts, settings, and information provisioned with MDM, never a user’s personal account. For more information, see How enrollment methods help to protect the user’s privacy.

Organization can also choose to use account-driven Device Enrollment. This method allows the organization few more controls and configurations. For more information, see Device Enrollment and MDM.