Skip to main content
Matrix42 Self-Service Help Center

Apple Deployment Programs VI: User Enrollment

User Enrollment 

At the Apple Worldwide Developer Conference in 2019, Apple announced a new mode of device enrollment, entitled User Enrollment. This is a notably different mode of enrollment than the previously available Device Enrollment, Enrollment via Device Enrollment Program, or Supervised modes of enrollment. While these modes still exist, User Enrollment aims to address Bring Your Own Device (BYOD) deployment scenarios specifically.

Supported Platforms
  • iPhone
  • iPad
  • macOS
Create Managed Apple ID 
  • Login to your Apple Business Manager
  • Navigate to Accounts
  • Click Add New Account
  • Enter a Name
  • Enter a Last Name
  • Enter a Managed Apple ID Username
  • Under Roles Select Staff
  • Select your Location
  • As Email Address use e.g. the corporate email address of the user or any other personal email address where the temporary Managed Apple ID password should be send to
  • Click Save
  • Click Create Sign-In
  • Select Send as an email 
  • Click Continue
  • Click Done
Configure Self Service Portal (optional) 

During Enrollment via Self Service Portal Silverback will automatically pre fill the Managed Apple ID field with the given preset

  • Click Save
Create Enrollment 
  • Open Self Service Portal
  • Login with your user credentials
  • Enter a phone number (optional)
  • Change the Ownership to User Enrollment for Apple devices
  • Enter your created Managed Apple ID or use the prefilled
  • Click Start
Enroll your device 
  • Open Camera on the iOS device
  • Scan the QR-Code
  • Open the enrollment page
  • Download the configuration Profile with pressing Allow
  • Click Close
  • Open iOS Settings
  • Tab Enrol in Silverback
  • Press Enrol my iPhone
  • Enter the passcode of the device, if needed
  • Enter the temporary Managed Apple ID password, which has been send to the user 
  • Tab Sign-In
  • Choose a verification method, either Text Message or Phone Call
  • Press Send
  • Either you need to enter the verification code given by the phone call or the code will be automatically detected
  • Now enter your temporary Managed Apple ID password
  • Enter a new password
  • Tab Change
  • Enrollment process will be finished and the device will be managed
Changes in Management 

Due to the fact that User Enrollment is a modified version of the MDM protocol with a much greater focus on user privacy, which is implemented with a level of security that enterprises and end users should be comfortable with,  a limit subset of Management capabilities are given to personal owned devices with the User Enrollment. This includes the following changes:

Changes in Device Actions 
  • Clear Passcode is not supported
Changes in Device Overview 
  • Serial Number isn't exchanged
  • IMEI isn't exchanged
  • MAC Addresses aren't exchanged
  • Network Information aren't exchanged
  • Available OS Updates aren't transmitted to the backend
  • Personal installed apps aren't listed
Changes in Applications 
  • Take management if the app is already installed is not supported
Changes in Restrictions 

Only a couple of restrictions are sufficient with the User Enrollment. These includes:

  •     Notification view on Lock screen not allowed
  •     Opening documents from unmanaged to managed apps not allowed
  •     Siri not allowed
  •     Safari fraud warning enforced
  •     Siri while locked not allowed
  •     Opening documents from managed to unmanaged apps not allowed
  •     Today view on Lock Screen not allowed
  •     Screen Capture not allowed
Unsupported Methods 
  • Certificate Based Authentication for Exchange
  • Was this article helpful?