Overview

Each device in your organization's deployment must be enrolled in your organization's environment before it can communicate with Workspace ONE UEM and access internal content and features. macOS devices enroll using MDM functionality built into the native OS in conjunction with Workspace ONE UEM functionality.

Enrollment Methods

There are three ways to initiate enrollment for macOS devices:

  • Enroll a device using the AirWatch Agent
  • Sideload devices with an MDM profile
  • Utilize Apple's Device Enrollment Program

End user Enrollment Using the AirWatch Agent

The AirWatch Agent-based enrollment process secures a connection between macOS devices and your Workspace ONE UEM environment through the AirWatch Agent app. The AirWatch Agent application facilitates User-Approved Device Enrollment, and then allows for real-time management and access to device information.

For more information, see:

Admin Enrollment Using a Sideloaded Staging Profile

Device Staging on the Workspace ONE UEM console allows a single admin to outfit devices for other users on their behalf, which can be particularly useful for IT admins provisioning a fleet of devices. Admins can sideload a staging profile for a single user devices and multi-user devices.

Single-User Staging

Single-user staging allows an admin to stage devices for a single user, such as a company-issued laptop. LDAP binding or pre-registration is required when staging devices for single users.

For more information, see Stage macOS Devices for Single User Enrollment.

Single Staging with Pre-Registration and Local User

Workspace ONE UEM also supports a new single staging enrollment flow for a local user with pre-registration to help macOS admins who are moving towards a deployment model without domain join. For more information, see Single Staging with Pre-Registration and Non-Domain Joined Local User.

Multi-User Staging

Multi-user device staging allows an admin to provision devices intended to be used by more than one user, such as a customer service kiosk computer. Multi-user staging allows the device to dynamically change its assigned user as the different network users log into that device.

For more information, see Configure Multi-User Staging for macOS Devices.

Bulk Device Enrollment

Depending on your deployment type and device ownership model, you may want to enroll devices in bulk. Workspace ONE UEM provides bulk enrollment capabilities for macOS devices using the Apple Device Enrollment Program (DEP) and Automated Enrollment.

Bulk Enrollment with Apple Device Enrollment Program

Deploying a bulk enrollment through the Apple Device Enrollment Program (DEP) allows you to install a non-removable MDM profile on a device, which prevents end users from being able to remove the profile from their devices. You can also provision devices in Supervised mode to access additional security and configuration settings.

For more information, see Apple Device Enrollment Program.