Skip to content

WWDC23: What’s new in Account-Driven Device Enrollment

WWDC23 session has announced some key developments in the Apple ecosystem. Some of these changes have been highly anticipated. This blog series is a summary of new security- and management-related features in Apple operating systems and apps. We have also discussed WWDC23 key highlights in another blog.

This blog post explores the latest developments and enhancements that make it easier than ever for organizations to enroll their iPhones, iPads, and Macs into device management. Let’s dive in!

Expanding Enrollment Opportunities: Account-driven enrollments have recently been expanded to include additional enrollment types and platforms, opening up new possibilities for organizations. To stay up to date with all the details, be sure to check out the WWDC 23 session titled “Do more with Managed Apple IDs.”

Introducing Account-Driven Device Enrollment: One of the key components of account-driven enrollments is the Account-driven Device Enrollment feature. It simplifies the enrollment process by allowing users to initiate enrollment directly from their device settings. No more hassle of manual downloads and installations! By simply entering their organizational ID (username@domain) in the settings of their iPhone, iPad, or Mac, users can kickstart the process.

Streamlining the Process: To further enhance the enrollment experience, Apple has introduced enrollment single sign-on for iPhone and iPad devices. This feature reduces repeated authentication prompts, making the process even smoother and more efficient.

Robust Management Controls: Management controls and configuration profiles in account-driven enrollments mirror the existing profile-based Device Enrollment. This means that organizations can still enjoy powerful capabilities such as device erasure and Mac supervision. Additionally, organizational data remains securely separated from personal data through cryptographic measures.

Important Considerations: With the separation of organizational and personal data, some adjustments are necessary for app and backup handling. For example, apps installed prior to enrollment cannot be converted into Managed Apps. Managed Apps are always removed during unenrollment, and restoring a backup does not restore MDM management. Moreover, users with personal Apple IDs cannot accept invitations for managed app distribution.

Choosing the Right Enrollment Type: Organizations can leverage the same discovery process used in account-driven User Enrollment when deciding between User Enrollment and Device Enrollment. This flexibility allows organizations to select the enrollment type that best suits their users’ needs.

Account-Driven User Enrollment on Mac: Mac users can also benefit from account-driven enrollments through Account-driven User Enrollment. This feature simplifies the enrollment process for personal Mac computers. By entering their Managed Apple ID in the System Settings, users can initiate User Enrollment, following a similar discovery flow as Account-driven Device Enrollment. While user enrollments have limited management capabilities, organizations can still maintain control over and erase organizational data.

Enhanced Data Separation for Reminders: To provide a higher level of data separation between personal and work data, User Enrollment, and account-driven Device Enrollment include cryptographic data separation for Reminders. This ensures that Reminders associated with a Microsoft Exchange account installed by MDM or a Managed Apple ID have their data securely separated.

Seamless Sign-in with Apple: On devices deployed using User Enrollment or account-driven Device Enrollment, users can seamlessly sign in with both their personal Apple ID and Managed Apple ID. Sign in with Apple automatically associates the correct Apple ID based on the app’s management status. When using the sign-in flow within a managed app, users can simply tap and enter their Managed Apple ID to link the sign-in with their work account.

Apple’s account-driven enrollments bring significant advancements to device management, offering a streamlined and efficient enrollment process. With enhanced features and data separation measures, organizations can ensure a seamless and secure experience for their users. Embrace the future of device management with Apple’s account-driven enrollments.

We are here to help

Get in touch with our in-house experts to find the right solution for your IT Infrastructure

 

Search

Please share your details for quick download