Each device in your organization's deployment must be enrolled in your organization's environment before it can communicate with Workspace ONE UEM and access internal content and features using Mobile Device Management (MDM). iOS devices enroll using MDM functionality built into the native OS.
To enroll an iOS device, you or your end users must gather specific information. The information the users need depends on whether you associated an email domain to their environment as part of auto-discovery.
Associating an email domain with your environment requires end users to enter an email address and credentials (and sometimes select a Group ID from a list) to complete enrollment. This choice simplifies enrollment because end users likely already know this information.
Alternatively, if you do not set up an email domain for enrollment, users are additionally prompted for the Enrollment URL and Group ID, which admins must provide to them.
For more information on enrollment requirements, see iOS Device Enrollment Requirements.
Single Device Enrollment
The device management capabilities available for enrolled devices depend on the type of enrollment you choose. Workspace ONE UEM provides a matrix comparing supported features for Hub-based and agentless enrollment types. Use this matrix to determine what type of enrollment meets your organization's needs.
Formore information on the comparison matrix between Hub-based and browser-based enrollments, see Capabilities Based on Enrollment Type for iOS Devices.
The Hub-based enrollment process secures a connection between iOS devices and your Workspace ONE UEM environment through the Workspace ONE Intelligent Hub app. The Workspace ONE Intelligent Hub application facilitates the enrollment, and then allows for real-time management and access to device information. Hub-based enrollment is best suited for deployments where users have an available Apple ID, which they must download the Workspace ONE Intelligent Hub from the App Store.
You can also enroll devices using a web-based enrollment process through the iOS device's built-in Safari browser. This approach is best suited for deployments where users do not have an available Apple ID to download the Workspace ONE Intelligent Hub.
For more information on browser based enrollment, see Enroll an iOS Device with the Safari Browser.
Bulk Device Enrollment
Depending on your deployment type and device ownership model, you may want to enroll devices in bulk. Workspace ONE UEM provides bulk enrollment capabilities using the Apple Configurator 2 and the Apple Business Manager's Device Enrollment Program (DEP).
Bulk Enrollment with Apple Configurator 2
Workspace ONE UEM helps businesses take advantage of the unique setup capabilities offered by Apple Configurator 2, such as iOS versioning enforcement and complete backup prevention. You can bulk-enroll devices using Apple Configurator 2 on a macOS computer through a USB connection.
For more information on using Apple Configurator for bulk enrollment, see Bulk Enrollment of iOS Devices Using Apple Configurator.
Bulk Enrollment with Apple Device Enrollment Program
Deploying a bulk enrollment through the Apple Device Enrollment Program (DEP) allows you to install a non-removable MDM profile on a device, which prevents end users from being able to remove the profile from their device. You can also provision devices in Supervised mode to access additional security and configuration settings.
For more information on enrollment with the Apple Business Manager, see Device Enrollment with the Apple Business Manager's Device Enrollment Program (DEP).