User Enrollment
What is User Enrollment
User Enrollment is available for devices that are not owned by the school or district, rather are personally owned devices. User Enrollment requires Managed Apple IDs to establish a user identity on the device.
With User Enrollment, organization data is separate from user data and the MDM can only access and manage certain aspects of the device. For more information about User Enrollment, visit Apple's documentation.
Resources
Recommended resources
- Access to a Mosyle Education account
- Managed Apple ID
- iOS/iPadOS test device to complete enrollment
- macOS test device to complete enrollment
Enrolling devices using User Enrollment
To enroll iOS, iPadOS, or macOS devices using User Enrollment, the device must support User Enrollment, the user must have a Managed Apple ID, and the user must be registered, with the Managed Apple ID, in Mosyle under My School > Users.
When enrolling via User Enrollment, users will enter the enrollment URL into the Safari web browser and authenticate with their Managed Apple IDs to download and install the enrollment profile. Once the enrollment profile is installed, the Mosyle MDM will be able to communicate with and manage the device. Once enrolled, users will see the Managed Apple ID account configured in Settings > Passwords & Accounts on iOS/iPadOS devices and in System Settings on macOS devices.
To obtain the User Enrollment URL and configure additional options, go to My School > Apple Basic Setup > Enrollment > Click “Configure User Enrollment”.
Within the User Enrollment configuration area, choose the settings to best meet the needs of your school or district. To allow User Enrollment, check the box to Allow User Enrollment (BYOD).
User Enrollment screen
Customize the screen user's will see when enrolling via User Enrollment. Choose between using the Standard screen, a Personalized screen, or use your own HTML code.
URL for User Enrollment
Customize the URL user's will enter into Safari when enrolling via User Enrollment. Choose between using the Standard URL, a Premium URL, or a Custom URL.
Install Self-Service app after enroll
Choose whether or not the Mosyle Manager application will be installed on devices enrolled via User Enrollment.
Users allowed to complete User Enrollment
Allow or restrict the use of User Enrollment to specific users in the school or district.
Enrolling devices using Account-driven User Enrollment
Account-driven User Enrollment can be used for devices running iOS/iPadOS 15 or later. This method of User Enrollment still requires the user to have a Managed Apple ID, and the user must be registered, with the Managed Apple ID, in Mosyle under My School > Users.
When enrolling via Account-driven User Enrollment, users will go to the device Settings > General > VPN & Device Management > Click “Sign in to work or school account” > Authenticate with school/district credentials. After authenticating, the enrollment profile is downloaded and can be installed. Once the enrollment profile is installed, the Mosyle MDM will be able to communicate with and manage the device.
To enable Account-driven User Enrollment and additional options, go to My School > Apple Basic Setup > Enrollment > Under the iOS/iPadOS enrollment options, click “Configure User Enrollment”.
Using the dropdown menu at the top, select Account-driven User Enrollment and check the box to Allow Account-driven User Enrollment.
User Enrollment screen
Customize the screen user's will see when enrolling via User Enrollment. Choose between using the Standard screen, a Personalized screen, or use your own HTML code.
Well-known host
This is where the user will authenticate with school/district credentials to download the enrollment profile. Mosyle provides the option to use a Mosyle well-known endpoint and to define the unique identifier to authenticate in order to retrieve the enrollment profile. Schools/Districts can also host the well-known endpoint at their domain to which end users must authenticate.
Required App for MDM
Starting with iOS/iPadOS 15.1 and later, schools can require an application to be installed via the MDM on User Enrolled devices without first prompting for end user approval. Use this area to select a required application, such as a custom application, VPN or web filtering application.
Install Self-Service app after enroll
Choose whether or not the Mosyle Manager application will be installed on devices enrolled via User Enrollment.
Users allowed to complete User Enrollment
Allow or restrict the use of User Enrollment to specific users in the school or district.
Once devices are enrolled in the Mosyle account, they can be found under the Management tab > Devices Overview > User Enrollment tab. Click the device name to bring up the Device Info window.
Users can manually remove the MDM enrollment profile at any time through the device Settings or System Settings. In doing so, the device will be removed from the Mosyle interface.
No Comments