Available Enrollment Methods
There are four methods for enrolling devices in SimpleMDM, outlined below:
| Enrollment Method | Procedure | Supports Enabling Supervised Mode? | Supports Unremovable MDM Enrollment? |
|---|---|---|---|
| Automated Enrollment (DEP) | Device automatically enrolls during initial startup and setup | Yes | Yes |
| Apple Configurator | Device is connected to macOS computer via USB. iOS/tvOS only. | Yes | Yes* (After 30 days of being assigned to a MDM Server, the MDM profile becomes unremovable) |
| Enroll by Link | Link is sent via SMS, email, etc to device and then opened in Safari | No | No |
| User Enrollment | Link is sent to device, authenticate with Managed Apple ID. | No | No |
*Note: For most deployments, it is recommended that admins configure SAML authentication for enrollments. This provides a layer of security to ensure that only users with credentials from your identity provider can enroll their device.
Method 1: Automated Enrollment with Apple Business Manager (Apple DEP)
Automated Enrollment through Apple Business Manager, formerly known as the Apple Device Enrollment Program (Apple DEP), is the best way to enroll newly purchased devices in SimpleMDM. Automated Enrollment allows you to preconfigure the setup experience on devices. When devices are unboxed and turned on for the first time, they will show the setup screens you've permitted, optionally enable supervision, and enroll in SimpleMDM automatically.
Automated Enrollment is the only way to optionally configure a device so it cannot be unenrolled from SimpleMDM by the user at a later time.
Automated Enrollment with Apple Business Manager is for newly purchased devices through an Apple Business account, cellular business account, or 3rd party business equipment reseller. In some cases, previously purchased devices can also be added to a DEP account. See this article for more information.
Setting up an Apple DEP account with Apple can take a few days and requires that your organization has a D.U.N.S. number.
Automated Enrollment is available for all device types.
Further Reading
- (Apple) Sign up for Apple Business Manager
- (Article) What is Apple Business Manager?
- (Knowledge Base) Connecting a DEP Account
- (Knowledge Base) Enrollment with Apple DEP
Method 2: Apple Configurator
Apple Configurator is a macOS application provided freely by Apple. After setting up Apple Configurator, an administrator can connect an iOS device via USB, optionally place the device in supervised mode, and enroll the device in SimpleMDM.
The process of enrolling a device using Apple Configurator is more time intensive, per device, than the Apple DEP method. We generally suggest the Configurator method when Apple DEP is not a possibility but supervision is still needed.
With this enrollment method, Apple does require a device have a 30-day window where the user can remove the MDM profile stopping the device from being managed. For this 30-day window to begin, Apple requires the device to be assigned to a MDM Server via Apple Business/School Manager. After 30 days the MDM profile then becomes unremovable. See this article for more information
Note: only available for iOS and tvOS.
Further Reading
- (Article) How To Enroll in MDM with Apple Configurator 2
- (Knowledge Base) Enrollment with Apple Configurator
Method 3: Enroll by Link
"Enroll by Link" is the easiest method for enrolling a device or two. Devices are enrolled by opening a link in Safari. SimpleMDM allows these links to be sent by SMS or email. Links can also be sent to devices via an alternate out-of-band method or via QR code.
The "enroll by link" method does not allow an administrator to enable supervision on a device. However, if a device is already supervised, SimpleMDM will still be able to take advantage of supervised features.
Enrollment by link is available for iOS and macOS.
Further Reading
- (Knowledge Base) Enrollment by Link
Method 4: User Enrollment
User Enrollment is the most limited type of enrollment. This is available starting with iOS 13+ and macOS 10.15+. User Enrollment requires users to authenticate using a Managed Apple ID from Apple Business Manager in order to enroll. This creates a separate ADFS volume on devices to completely separate users' personal data from business data. This method of enrollment does not allow companies to enforce any form of restrictions on users' personal activities on devices, but companies can provide users with functionalities that help them perform their jobs. For example, push app installations, provide custom certificates, configure email accounts, configure WiFi networks, etc.
User Enrollment is available for iOS 13+ and macOS 15+.
Further Reading
- (Article) What is Apple's "User Enrollment"?
- (Knowledge Base) User Enrollment
