黑料海角91入口

Help Center Home > Apple > Add Company-Owned Apple Devices to MDM with Device Enrollment

Add Company-Owned Apple Devices to MDM with Device Enrollment

If your company-owned macOS device wasn't added to your ABM or ASM account, you can't use Apple鈥檚 Automated Device Enrollment to enroll the device. Instead, you can use Device Enrollment to download, distribute, and install your organization鈥檚 黑料海角91入口 MDM enrollment profile. Enrollment profiles aren't device-specific, and you can download the profile from the MDM tab in the 黑料海角91入口 Admin Portal. The disadvantage of enrolling devices with this method is that the process can be time-intensive and might require physical access to the machine.

Prerequisites:

  • Device Enrollment is only appropriate for devices running macOS 11.0 (Big Sur) or newer that aren't enrolled via Automated Device Enrollment.
  • MDM has to be configured for your org. 厂别别听Set Up Apple MDM to learn more.
  • End-user network connectivity has to be available for device provisioning.聽

Considerations:

  • Apple's Stolen Device Protection, when activated, prevents new MDM enrollments of any kind as a preventative measure. Deactivate the feature temporarily to allow users to enroll in MDM. You can turn Stolen Device Protection back on after the device has been enrolled. See Apple's support documentation, to learn more.

Adding MacOS Devices to MDM

Follow this process to use Device Enrollment to enroll a company-owned macOS device in MDM:

  1. (IT Admin) Download your org's MDM enrollment profile: This gives you an enrollment profile that you'll use to enroll devices.聽
  2. (IT Admin) Distribute the enrollment profile: This delivers the profile to your end users.
  3. (End User) Install the enrollment profile: This installs the 黑料海角91入口 agent and service account on the device.
  4. (IT Admin) Bind the device to the user in the 黑料海角91入口 Admin Portal:聽This allows the user that's bound to the device to be managed in 黑料海角91入口.

Downloading your org’s MDM enrollment profile

  1. Log in to the .
  2. Go to DEVICE MANAGEMENT > MDM.
  3. 鲍苍诲别谤听MDM Configuration, click聽download profile. The MDM enrollment profile doesn't expire once it's downloaded.
    • You can download the enrollment profile directly to each device or download the file and distribute it to multiple devices (via email or Slack).
  4. After you download the enrollment profile, you鈥檒l distribute and install it on the devices you want to manage.
    • Installing the enrollment profile also installs the 黑料海角91入口 agent. 

Distributing the enrollment profile

  1. Distribute (either through email, Slack, or a physical transfer) the enrollment profile file to each user. The enrollment profile is the same for all users.
    1. If you email the enrollment profile file to users, note that 黑料海角91入口 enforces settings that are applied to a device and not a specific user.
    2. When transferring files physically, USB ports could be disabled by a policy, so check your policies in the 黑料海角91入口 Admin Portal if you are using this method.

Installing the enrollment profile on macOS Ventura

Note:

In macOS 13 Ventura, System Preferences was renamed to System Settings and the steps differ slightly from previous versions.

  1. Double-click on the profile that your Admin sent you.聽
  2. Go to System Settings > Privacy and Security > 笔谤辞蹿颈濒别蝉听to view the MDM Enrollment profile.聽
  3. Double-click on the profile and click Enroll.
  4. You'll be prompted for your device鈥檚 account password.
    1. Allow two to three minutes for MDM Configuration Profiles and the 黑料海角91入口 agent to install.
    2. Upon completion, a list of profiles will populate in the sidebar.
  5. The 黑料海角91入口 Service Account Utility will automatically open and prompt you to choose your username and enter your device鈥檚 account password.
  1. Select your user account from the dropdown menu, enter your password, then click Create Account.
    • If your username isn't listed in the dropdown, contact your Admin for help.
  2. The mac is now enrolled in the 黑料海角91入口 Admin Portal.
    1. Notify your Admin that the installation is complete on your end.
    2. When your Admin has finished the binding process, they'll prompt you to log out of your mac user account and log back in. Confirm your previous password and your new 黑料海角91入口 password when prompted.

Installing the enrollment profile on macOS Monterey and earlier

  1. Double-click on the profile that your Admin sent you.聽
  2. Go to聽System Preferences听&驳迟;听笔谤辞蹿颈濒别蝉听to view the MDM Enrollment profile.聽
  1. Click 滨苍蝉迟补濒濒鈥.
  2. You'll be prompted for your device鈥檚 account password.
    1. Allow two to three minutes for MDM Configuration Profiles and the 黑料海角91入口 agent to install.
    2. Upon completion, a list of profiles will populate in the sidebar.
  3. The 黑料海角91入口 Service Account Utility will automatically open and prompt you to choose your username and enter your device鈥檚 account password.
  1. Select your user account from the dropdown menu, enter your password, then click Create Account.
    • If your username is not listed in the dropdown, contact your Admin for help.
  2. The mac is now enrolled in the 黑料海角91入口 Admin Portal.
    1. Notify your Admin that the installation is complete on your end.
    2. When your Admin has finished the binding process, they'll prompt you to log out of your Mac user account and log back in. Confirm your previous password and your new 黑料海角91入口 password when prompted.

Binding the macOS device to the user in 黑料海角91入口

Note:

The local username on the device must exactly match the 黑料海角91入口 username. 厂别别听Take Over an Existing User Account with 黑料海角91入口 to learn more.

  1. Verify that the service account was created for the macOS device.
  2. Log in to the .
  3. Go to USER MANAGEMENT > Users.
  4. Select a user.
  5. Select Devices and select the device that you want to bind to this user.
  6. To bind the user to a device, click save user.

Adding iOS Devices to MDM 

Note:
  • This section uses the term 鈥渋OS devices鈥 to include iPhones, iPads, and Apple TVs. 
  • The 黑料海角91入口 Agent is not installed on iOS devices.

Prerequisites:

There are two ways to enroll a company-owned iOS device in MDM. The method depends on whether you have the device in hand (QR code) or not (enrollment profile):

  1. QR code: Scan the QR code in the Admin Portal and set up the device before handing it to the employee.
    • If you don't have access to the company-owned device, you can also email the Direct Link to the QR code to the user to scan.
  2. Enrollment profile: Download and distribute your org鈥檚 黑料海角91入口 MDM enrollment profile, and have the user install the profile on the device.

Enrolling via QR code

Have the iOS device handy because you鈥檒l scan a QR code and set the device up before handing it over to the employee.

  1. Log in to the .
  2. Go to DEVICE MANAGEMENT > MDM.
  3. Under iOS Enrollment > Company-owned Device Enrollment, click View QR Code.

Tip:

You can also perform these actions by going to聽DEVICE MANAGEMENT听&驳迟;听Devices, clicking聽Devices, selecting (聽+ Device聽) to add a new device, and selecting聽iOS.

  1. Follow the steps to scan the QR code, download the MDM enrollment profile, and install it on the device.
    • If for some reason the QR code does not scan, click Direct Link to enroll the device.

Tip:

You can only install one profile at a time. For example, if you download a profile and don't install it, and then download a second profile, only the second profile is valid. 

If you don't have access to the company-owned iOS device, you can also email the Direct Link for the QR code to the user to scan and install.

  1. View the enrolled device by going to DEVICE MANAGEMENT > Devices
  2. Select the device you just enrolled and select聽滨苍蝉颈驳丑迟蝉听to view more info, such as OS version, serial number, MDM Device ID, and storage usage.
  3. (Optional) If you want to enforce lock timers and PIN codes, you can create and apply a policy. 厂别别听Configure Settings for iOS and iPadOS Policies to learn more.
  4. Deliver the enrolled device to the user.

Enrolling via enrollment profile

If a company-owned iOS device was not added to your ABM or ASM account, you can鈥檛 use Apple鈥檚 Automated Device Enrollment. You can instead download and distribute your organization鈥檚 黑料海角91入口 MDM enrollment profile, and have users install it. 

  1. Download your org's enrollment profile.
  2. Log in to the .
  3. Go to DEVICE MANAGEMENT > MDM.
  4. Under iOS Enrollment > Company-owned Device Enrollment, click View QR Code, then click Direct Link below the QR code to download the iOS MDM enrollment profile. The iOS MDM enrollment profile expires after 1 hour.
  5. Distribute the enrollment profile file to each user. If you email the enrollment profile file to users, note that 黑料海角91入口 enforces settings that are applied to a device and not a specific user. 
  6. Verify that the user is on the device you want to manage when the user installs and approves the enrollment profile. 
  7. Instruct the user to install the enrollment profile on their devices and approve the profile:
    1. Tap Allow to download the profile.
    2. Tap Close to go to the profile in Settings.
    3. Tap Profile Downloaded, then tap Install to install the MDM enrollment profile.
    4. Tap Trust to enroll this device in MDM.
    5. After the profile is installed, tap Done.

  1. Assign the device to the user.
    1. Log in to the .
    2. Go to USER MANAGEMENT > Users.
    3. Select a user.
    4. Select Devices and select the iOS device that you want to assign to this user.
    5. Click save user
Back to Top

List IconIn this Article

Notebook IconLearn More

Choose an MDM Enrollment Method

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case