Device groups help you control user access to macOS and iOS devices and quickly deploy policies to manage those devices. When a default device group is configured for a supported enrollment type, the device that you are enrolling will automatically bind to that device group. You might want to globally change the default device group later to apply to new devices that you enroll in MDM.
You can configure a default device group for these types of MDM enrollment:
- With macOS Automated Device Enrollment - A company-owned macOS device that was enrolled through Apple’s Device Enrollment.
- With iOS/iPadOS Automated Device Enrollment - A company-owned iOS device that was enrolled through Apple’s Automated Device Enrollment.
- With iOS/iPadOS User Enrollment - A personal iOS device that was enrolled through User Enrollment.
Configuring a Default Device Group
To learn how to initially configure a default device group for company-owned Apple devices enrolling through Automated Device Enrollment, see Configure Automated Device Enrollment. To learn how to initially configure a default device group for a personal device enrolling through User Enrollment, see Add Personal Devices to Apple MDM with User Approval. For more information about all types of MDM enrollment, see Choose an MDM Enrollment Method.
If the default device group you select is configured to update group membership dynamically, ensure that the group's membership rules are compatible with the devices you're expecting to auto-enroll. See Configure Dynamic Device Groups for more information.
Changing the Default Device Group for Company-Owned Devices
To change the default device group for company-owned macOS and iOS devices enrolled via Automated Device Enrollment:
- Log in to the JumpCloud Admin Portal.
- To globally change the default device group for all future devices enrolled through Automated Device Enrollment:
- Go to MDM, then click either configure macOS or configure iOS/iPadOS.
- In the appropriate Zero-Touch Experience page, globally change the default group by clicking Device Group.
- Choose a device group that you already created or create a new one by clicking Create New Group.
- Every new device that you add with Zero Touch Onboarding will now have this new default device group assigned to it.
- Click save.
- Verify that the new device group is the default device group by going to DEVICE MANAGEMENT > Device Groups, then selecting a device group. This example shows a default device group that contains three types of enrolled devices.
The Device Group Associations section on the left side lists the default device groups. If you do not have a default device group, nothing appears in that panel. - To verify which devices are assigned to this default device group, click Devices.
Changing the Default Device Group for Personal iOS Devices
To change the default device group for personal iOS devices enrolled via User Enrollment:
This procedure globally changes the default device group assigned to all future personal iOS devices that are enrolled in MDM with User Enrollment. This article uses the term iOS devices to include iPhones and iPads.
- Log in to the JumpCloud Admin Portal.
- Go to MDM, then scroll to the User iOS Configuration section.
- Click Device Group.
- Choose a device group that you already created or create a new one by clicking Create New Group.
If the default device group you select is configured to update group membership dynamically, ensure that the group’s membership rules are compatible with the devices you’re expecting to auto-enroll. See Configure Dynamic Device Groups for more information.
Every new iOS device that you add with this method will now have this default device group assigned to it.