Today we’re using a standard enrollment via link process for managing iOS devices in our org. While we own some of these devices, we do have employees that bring their own iPhone in and want to use it.
We haven’t had any complaints that I know of about the current enrollment process for BYOD. We do push down a VPN profile which it sounds like the new “User Enrollment” won’t allow. I guess we would need to determine how to use the per-app VPN if we wanted to continue down this path.
I’ve worked with a number of industries where users were hesitant to enroll their BYOD devices due to the level of control the org gets from standard MDM enrollment. I think this enrollment method will help drive adoption.
Definitely interested in testing it once the EMM providers build support for the feature.
in MDM an administator of a registered ios device is able to retrieve the installed apps, remove the passcode or wipe the entire device - at least the privacy controls of the registered uem prohibit this features to individuals
MAM was often no choise, since you want to integrate the device to customers infrastrcture and need to get certificates and wifi profiles
UserEnrollment seams to be what google did with android enterprise, let’s see whether controlling wifi or vpn will possible
Apple have stated in the sessions during WWDC that WiFi payload deployment is possible
VPN is also possible, however your are limited to the domains owned by your org for example if your domain name is acme.com only subdomains like vpn.acme.com will be accepted vpn.notacme.com will not work
Fetching restrictions on a user enrolled iOS device does not seem to work. It seems to be so even in the latest GM. The MDM command returns “Restrictions” is not a valid request type. Anyone has any idea why?
the enrollment is a bit easier for the enduser, the visibility is still the same as per MDM Profile managed, but privacy is honored in the user enrollment setup