Each device in your organization's deployment must be enrolled in your organization's environment before it can communicate with Workspace ONE UEM and access internal content and features using Mobile Device Management (MDM). iOS devices enroll using MDM functionality built into the native OS.

Enrollment Requirements

To enroll an iOS device, you or your end users must gather specific information. The information the users need depends on whether you associated an email domain to their environment as part of auto-discovery.

Associating an email domain with your environment requires end users to enter an email address and credentials (and sometimes select a Group ID from a list) to complete enrollment. This choice simplifies enrollment because end users likely already know this information.

Alternatively, if you do not set up an email domain for enrollment, users are additionally prompted for the Enrollment URL and Group ID, which admins must provide to them.

For more information, see Autodiscovery Enrollment and iOS Device Enrollment Requirements.

Single Device Enrollment

The device management capabilities available for enrolled devices depend on the type of enrollment you choose. Workspace ONE UEM provides a matrix comparing supported features for agent-based and agentless enrollment types. Use this matrix to determine what type of enrollment meets your organization's needs.

For a comparison between agent-based and browser-based enrollments, see Capabilities Based on Enrollment Type for iOS Devices.

Agent-Based Enrollment

The AirWatch Agent-based enrollment process secures a connection between iOS devices and your Workspace ONE UEM environment through the AirWatch Agent app. The AirWatch Agent application facilitates the enrollment, and then allows for real-time management and access to device information. Agent-based enrollment is best suited for deployments where users have an available Apple ID, which they must download the AirWatch Agent from the App Store.

For more information, see AirWatch Agent for iOS and Enroll an iOS Device with the AirWatch Agent.

Browser-Based Enrollment

You can also enroll devices using a web-based enrollment process through the iOS device's built-in Safari browser. This approach is best suited for deployments where users do not have an available Apple ID to download the AirWatch Agent.

For more information, see Enroll an iOS Device with the Safari Browser.

Bulk Device Enrollment

Depending on your deployment type and device ownership model, you may want to enroll devices in bulk. Workspace ONE UEM provides bulk enrollment capabilities using Apple Configurator 2 and the Apple Device Enrollment Program (DEP).

For help determining which bulk enrollment is best for your deployment, see Enrollment Considerations, Device Staging.

Bulk Enrollment with Apple Configurator 2

Workspace ONE UEM helps businesses take advantage of the unique setup capabilities offered by Apple Configurator 2, such as iOS versioning enforcement and complete backup prevention. You can bulk-enroll devices using Apple Configurator 2 on a macOS computer through a USB connection.

For more information, see Bulk Enrollment of iOS Devices Using Apple Configurator.

Bulk Enrollment with Apple Device Enrollment Program

Deploying a bulk enrollment through the Apple Device Enrollment Program (DEP) allows you to install a non-removable MDM profile on a device, which prevents end users from being able to remove the profile from their device. You can also provision devices in Supervised mode to access additional security and configuration settings.

For more information, see Device Enrollment with the Apple Device Enrollment Program (DEP).