iOS 13 User Enrollment

beks88
A model citizen

iOS 13 User Enrollment

I know it's a completely new released feature, but when can we expect support for this enrollment type?

 

There are some significant endpoints that need to communicate with each other to get a complete User Enrollment

 

MDM supporting User Enrollment

Managed Apple ID in Business Manager

 

And most important, how does this affect current enrollments, if an user is already on iOS 13.1+? Does iOS 13.1 still support parallelly both methods?

11 REPLIES 11
KillxxxKam
Here to help

Yes!

I have been diving into this trying to find documentation or someone else who has done it already with no luck.

 

Some insight into this on the Meraki level would be greatly appreciated.

beks88
A model citizen

Another relevant question for our organization.

 

Since Apple Business Manager will support direct Azure AD integration, how will this affect Meraki enrollments and Owner Management??

 

Any details about Meraki plans would be great. Although there's still time to finish this implementation, I just hope we'll get the update on SM when Apple Business Manager gets updated (I assume 1st of December will be it).

Kevin_C
Meraki Employee
Meraki Employee

@beks88 @KillxxxKam 

 

We are actively developing support for User Enrollment and hope to have it ready for Beta testing by the end of the year (if not sooner). 

 

To answer some of your initial questions:

  • Devices can either be enrolled via User Enrollment or traditional Device Enrollment, but not both at the same time.  Apple also does not support any methods to seamlessly transition from one to the other. If user's have devices that are currently enrolled with Device Enrollment, they will need to unenroll and re-enroll using User Enrollment.  
  • Today, there is not an Apple-supported method to "sync" managed Apple ID's from Apple Business Manager into an MDM (like Apple School Manager).  We have taken this into account in our design plans.   
  • Admins will have very restricted access to manage devices. There will be a limited subset of restrictions that can be applied to a device, and typical device unique identifiers such as serial numbers or MAC addresses cannot be retrieved from devices enrolled with User Enrollment. 

@Kevin_C 

 

That is awesome to hear!

 

Thank you for the update and look forward to the release!

beks88
A model citizen

Thank you @Kevin_C

I still have one more question and I’m not sure if it can be answered at this phase because I assume there are still infos lacking from Apple’s side.

But how will the ABM Azure AD support affect the overall enrollment and Usermanagement in SM or MDMs at all?

F.e. SM currently supports Azure AD Usersync, but states in the docs that this usermanagement can’t be used for DEP enrollments. On the other hand again, ABM will support Azure AD sync in future.

I know these are also some open questions which should be adressed to Apple, but maybe Team Meraki can offer us some deeper insight into this :).
beks88
A model citizen

@Kevin_C

Today I just noticed, that now I can connect my Apple Business Manager with my Organizations Azure AD. Before starting with it I would like to know if there is any progress at Meraki, how this will affect enrollment authentication and enrollment at all.
Is it independent from the enrollment?

Currently I know, that the new feature "User Enrollment" will only be possible with a managed Apple ID.
Kevin_C
Meraki Employee
Meraki Employee

Hi @beks88 

 

You are correct -- on November 1st, Apple announced the ability to federate authentication in ABM with Microsoft Azure AD (see this article).  This would allow end users to sign in to iCloud on their devices using their corporate Azure AD credentials.  In the future, managed Apple IDs in ABM, whether using federation with Azure AD or not, will allow you to do things like silently assign user-based VPP licenses to a user and enroll with User Enrollment.   

 

However, this is completely unrelated to current MDM enrollment and authentication workflows with Systems Manager. 

 

 

beks88
A model citizen

Any update on when we can expect full support?

 

After a deeper conversation with a technician from Apple I now have a clearer understanding of this feature.

 

Most important why I would like to see this soon supported by Meraki

"With User Enrollment, Admins are only able to wipe company data. If the MDM doesn't support User Enrollment, a BYOD scenario will be enrolled as "Device Enrollment." This still gives an Admin the full wipe ability!"

Kevin_C
Meraki Employee
Meraki Employee

@beks88 @KillxxxKam 

 

We are starting to collect interested customers for the User Enrollment Beta.

Check out the Beta sign-up form here:

https://docs.google.com/forms/d/e/1FAIpQLScbxObV0oApA3LDg_C_cCmY5Au6j_SXQJTJFFLsGol4gHrq0Q/viewform

beks88
A model citizen

enrolled 🙂

Signed up!

Is there an ETA or is it response dependent?

 

Super pumped for this!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels