What is Apple’s User Enrollment for iOS 13?

Apple User Enrollment, announced at the Apple WWDC19 , will introduce big iOS 13 MDM changes and completely rework Apple BYOD. In this post, we explain the iOS 13 User Enrollment feature, including how the iOS 13 managed Apple ID makes this big shake up possible.

User Enrollment: Management parity across all Apple devices was a big topic at WWDC19
User Enrollment: Management parity across all Apple devices was a big topic at WWDC19

What Is Apple’s User Enrollment for iOS 13, iPadOS and macOS?

One of the most eye-catching iOS 13 MDM changes at the Apple WWDC19 was the new enrollment option for BYOD, called User Enrollment.

User Enrollment is a multi-persona enrollment option designed for companies implementing BYOD (Bring Your Own Device).

It will bring about better user acceptance, more privacy for end users, more harmonized management across all Apple devices and enhancements to security and performance.

Its foundation is based on providing device management capabilities for admins by separating data and by utilizing the iOS 13 Managed Apple ID.

New: iOS 13 Managed Apple ID

This iOS 13 Managed Apple ID feature now represents the user’s workplace identity, running parallel to the user’s personal Apple ID across their iPhones, iPads and Macs.

Managed Apps all run with the enterprise ID; third-party apps are either managed or unmanaged.

After users are enrolled, they will notice clear divisions between business and private data. For example, the built in Files app will now seamlessly handle both accounts and display an Enterprise iCloud Drive and a Personal iCloud drive, if users have one.

A separate APFS volume is created during user enrollment for corporate data to ensure data separation. Managed versions of Notes, App Containers, Keychain, Emails, Calendar attachments and iCloud Drive documents are stored here.

Finally, a cryptographic backstop ensures that once a device is unenrolled, all managed data is removed for certain. Check out Apple’s video from WWDC19 to see it in action.

How Do You Enroll iPhones and iPads With User Enrollment?

In terms of deployment, admins create the Managed Apple ID in Apple Business Manager (ABM) or Apple School Manager (ASM) and support for the preceding Deployment Programs portal will stop by the end of the year.

As shown during the demo at WWDC19, users start by downloading an enterprise’s configuration profile by providing the Managed Apple ID.

Once downloaded, users head to Settings and click on “enroll” to start the newly streamlined User Enrollment process.

How Does Apple User Enrollment Improve User Privacy?

While Apple User Enrollment still fulfills its duty to protect a company’s intellectual property, it will be achieved without compromising the freedom and privacy of employees who enroll their personal devices. Essentially, User Enrollment ensures that admins cannot accidentally manage personal data.

End users will be pleased to hear Apple pledge some important iOS 13 MDM changes:

  • MDM servers can no longer erase an entire device. Personal data is therefore better protected.
  • MDM servers have no visibility over the personal side of a device. No personal third-party apps are visible to employers.
  • MDM servers cannot clear the device passcode with the Unlock Token command (this change also means that MDM servers cannot help if a user forgets an enrollment passcode. As a tradeoff, only 6-digit, non-simple passcodes can be enforced).
  • Supervised Mode restrictions have been depreciated and will eventually no longer apply to User Enrollment.
  • No serial numbers or UDIDs are used to identify a device, instead a separate “Enrollment ID” is created and used.

All in all, Apple BYOD is now much better thought-out. While companies looking for extra security measures for their corporately owned devices will still opt for supervision, those wanting to offer Apple BYOD will be able to provide an improved end user experience and still benefit from effective device management.

iOS 13 User Enrollment: The Evolution of Apple BYOD

Because of the scope of the iOS 13 MDM changes, some are calling this “the biggest Apple MDM update since iOS 7 in 2013” and that Apple “User Enrollment is going to dramatically improve iOS MDM for BYOD”.

Now that Apple User Enrollment has addressed many of the usability and privacy concerns surrounding BYOD schemes, companies will now be much better placed to encourage their employees to take part in Apple BYOD so that everyone can reap its financial and practical rewards.

You can learn more about how Cortado MDM can realize the benefits of Apple BYOD for your company on our website.

Comments are closed.