Each device in your organization's deployment must be enrolled in your organization's environment before it can communicate with Workspace ONE UEM and access internal content and features. macOS devices enroll using MDM functionality built into the native OS in conjunction with Workspace ONE UEM functionality.
Apple device running macOS version 10.12.6 or later
VMware Workspace ONE Intelligent Hub for macOS version 3.0 or later
Workspace ONE UEM version 9.4 or later
For more information on supported versions, see KB article here.
There are three ways to initiate enrollment for macOS devices:
User Enrollment - Enroll a device using the Workspace ONE Intelligent Hub
MDM Enrollment - Sideload devices with an MDM profile
Automated Enrollment - Utilize Apple Business Manager's Device Enrollment Program
End user Enrollment Using the Workspace ONE Intelligent Hub
The Hub-based enrollment process secures a connection between macOS devices and your Workspace ONE UEM environment through the Workspace ONE Intelligent Hub app. The Workspace ONE Intelligent Hub application facilitates User-Approved Device Enrollment, and then allows for real-time management and access to device information.
For more information, see:
Admin Enrollment Using a Sideloaded Staging Profile
Device Staging on the Workspace ONE UEM console allows a single admin to outfit devices for other users on their behalf, which can be particularly useful for IT admins provisioning a fleet of devices. Admins can sideload a staging profile for a single user devices and multi-user devices.
Single-user staging allows an admin to stage devices for a single user, such as a company-issued laptop. LDAP binding or pre-registration is required when staging devices for single users.
For more information, see Stage macOS Devices for Single User Enrollment.
Single Staging with Pre-Registration and Local User
Workspace ONE UEM also supports a new single staging enrollment flow for a local user with pre-registration to help macOS admins who are moving towards a deployment model without domain join. For more information, see Single Staging with Pre-Registration and Non-Domain Joined Local User.
Multi-user device staging allows an admin to provision devices intended to be used by more than one user, such as a customer service kiosk computer. Multi-user staging allows the device to dynamically change its assigned user as the different network users log into that device.
For more information, see Configure Multi-User Staging for macOS Devices.
Bulk Device Enrollment
Depending on your deployment type and device ownership model, you may want to enroll devices in bulk. Workspace ONE UEM provides bulk enrollment capabilities for macOS devices using the Apple Business Manager and Automated Enrollment.
Bulk Enrollment with Apple Business Manager
Deploying a bulk enrollment through the Apple Business Manager's DEP allows you to install a non-removable MDM profile on a device, which prevents end users from being able to remove the profile from their devices. You can also provision devices in Supervised mode to access additional security and configuration settings.
For more information about Apple Business Manager, see Integration with Apple Business Manager.