Enroll an iOS 13 and later device using Managed Apple IDs in Apple Business Manager federated to Azure AD. User Enrolled device allows the enhanced privacy focus for users by separating managed data from personal while still providing the core management capabilities such as installing apps, configuring Wi-Fi, and requiring a passcode.

To enroll an iOS device:


Ensure that you have the following pre-requisites before the User Enrollment:
  • Apple Business Manager w/ federation to Azure AD
  • Azure AD
  • Unsupervised iOS 13 and later device
  • Exactly one enrollment user with an email address that matches a Managed Apple ID in Apple Business Manager.


  1. Open the Safari browser on the iOS 13 or later device and navigate to your environment’s User Enrollment URL. The URL is your device services hostname appended with the /enroll/user path.
    For example:
  2. Enter the enrollment user's email address matching a Managed Apple ID.
    Optionally, enter the Group ID of an Organization Group at or below the Organization Group of the enrollment user. Otherwise, the user’s enrollment Organization Group is used.
  3. Confirm the download of the User Enrollment MDM profile.
  4. Navigate to Settings in the app and tap Enroll in {Your Company}.
  5. Tap through the prompts to redirect to Azure AD for authentication and conditional access prompts.
    Azure AD configurations, user type, device, or organization determines the type and number of prompts .


User Enrollment is now complete. The device starts receiving the commands from the UEM console.