For new devices that are not already enrolled in JumpCloud, there are several ways to add the device to JumpCloud with MDM. Before choosing an enrollment method, you will first need to ensure that JumpCloud is configured as your MDM server. Then, you will choose an enrollment method. The method you choose will depend on the types of devices you need to enroll and whether you want to utilize JumpCloud’s Zero-Touch Automated Device Enrollment Onboarding.
The matrix below explains the possibilities for each type of Apple device.
Enrollment Methods for New Apple Devices
|Company-owned macOS device
|Company-owned iOS or iPadOS device
|Personal iOS or iPadOS device
|Automated Device Enrollment (ADE)
You can enroll Apple devices in MDM with these enrollment methods:
- Apple’s Automated Device Enrollment (ADE): Remotely enroll company-owned macOS Apple devices in MDM so that you can securely configure and deploy devices. The device must be added to your Apple Business Manager (ABM) or Apple School Manager (ASM) account. Supervision can provide additional control over a device.
- Device Enrollment: If a company-owned iOS device was not added to ABM or ASM, you can’t use Apple’s Automated Device Enrollment. Instead, you can go to the JumpCloud Admin Portal and scan the QR code or you can download the enrollment profile to enroll the device in MDM. Device Enrollment is supported for devices that run iOS 13 and later.
- User Enrollment: You can enroll personal iOS and iPadOS devices in MDM so that users can access company resources. These devices must run iOS 13 and later, and are owned by the user and enrolled by the user.
Enroll Apple Devices with ADE and Zero-Touch Onboarding
If a company-owned macOS, iOS, or iPadOS device has been added to your ABM or ASM account, you can use Apple’s Automated Device Enrollment to enroll the device in MDM. Automated Device Enrollment lets you enroll devices seamlessly and securely install and deploy devices remotely, without ever touching the device.
You can customize Automated Device Enrollment settings to use JumpCloud’s Zero-Touch Onboarding to personalize the onboarding and deployment of the devices. This process also automatically binds the user to the device after authentication. You can also bypass Automated Device Enrollment customization settings for a less personalized onboarding approach.
- To set up Automated Device Enrollment, see Configure ADE.
Enroll Apple Devices with Device Enrollment
If a company-owned macOS, iOS, or iPadOS device hasn’t been added to ABM or ASM, you can scan a QR code in the Admin Portal to remotely enroll the device in MDM. You can also download your organization’s JumpCloud MDM enrollment profile via a link from the Admin Portal, then distribute and install it. See Add Company-Owned Apple Devices to MDM with Device Enrollment.
Enroll Personal iOS and iPadOS Devices with User Enrollment
After you enable this feature in the Admin Portal, your users can enroll and use personal devices to access company data. Users will log into the JumpCloud User Portal and scan a QR code to download an MDM enrollment profile. The user is prompted to accept the enrollment profile. On a personal iOS or iPadOS device, the data is stored on a separate partition on the device, keeping the user’s data separate and safe. You do not have access to users’ personal information or personal apps on the device. See Add Personal Apple Devices to MDM with User Enrollment.
Users of enrolled personal devices need to be made aware that, in rare cases and for security reasons, the admin can remove the enrollment and any resources that depend on the enrollment.