iOS 12.1.3 (beta 4) changes to MDM enrolment workflow


#1

From what we’ve seen with iOS 12.1.3 beta (verified in beta 4) Apple have changed the manual MDM enrolment workflow. This workflow will not be shipped with iOS 12.1.3 but will be shipped in a later version of iOS 12.

Instead of being re-directed automatically to settings after allowing profile install the user is presented with a new screen.

Profile Downloaded
Install this downloaded profile in Settings.

The user then must go manually into settings and hit “Install Profile”

This takes the user to the following screen where the user must hit “Install”

After this the prompts are same as before.

From Apple:

In order to to improve platform security by reducing misleading profile installations, iOS 12.1.3 beta includes a new workflow for manually installing configuration profiles. When you manually install a profile, for example from a website or an email message, you will receive a notification that the profile has been downloaded. To install the profile you must launch Settings and tap General then tap Profiles or Device Management. You will see a list of Downloaded Profiles. You can inspect each one and install or delete it. If you do not install the profile within 24 hours of downloading it, it will be deleted automatically.

There is no change for profiles installed by Mobile Device Management (MDM), or for MDM enrollment to servers assigned in Apple Business Manager or Apple School Manager. However, this does change the workflow for manually enrolling in MDM. Please test your MDM enrollment workflow and file feedback for any problems you find.

Apple plans to test this workflow in iOS 12.1.3 beta but revert it in iOS 12.1.3 GM. We plan to include it in a future iOS 12 GM update.


#2

:frowning: This is not a good thing for customers to enroll theirs devices…


#3

Apple reference: https://support.apple.com/en-nz/HT209435


#4

Yes @benoit, I agree this does make it harder for BYOD enrollments and I expect additional impact on MSP’s.

This change aligns with Apple’s goal to shift all corporate devices to Apple Business Manager (ABM) and to improve users privacy on personal devices through manual user actions.

Would like to know which release they intend to target for production.


#6

Sadly , when MDM Profile is downloaded instead of Profile Service , it shows ‘Remove Management’ instead of ‘Remove downloaded profile’ before installing


#7

Do you see the “Profile Downloaded” message?

Sounds like you are either not on a beta build supporting the described profile process or your enrollment completed.