Device Enrolment and MDM
Device Enrolment allows organisations to have users manually enrol devices into a mobile device management (MDM) solution and then manage many different aspects of device use, including the ability to erase the device. For a Mac with macOS 11 or later, Device Enrolment also enforces supervision.
Organisations can use one of the following device enrolment methods:
Account-driven Device Enrolment: Users sign in with their Managed Apple Account in Settings or System Settings.
Profile-based Device Enrolment: Users get an enrolment profile they must install on their device.
Regardless of method, when a user removes an enrolment profile, all configuration profiles, their settings and Managed Apps based on that enrolment profile are removed with it. For more information, see How enrolment methods help to protect the user’s privacy.
Both account-driven and profile-based Device Enrolment methods have a larger set of payloads (than User Enrolment) that can be applied to the device. For the complete list, see Device Enrolment MDM payload list.