User Enrollment is a unique and powerful enrollment method, one that all schools that are willing to use a BYOD program would benefit from. It enhances security when students bring their own devices to the classroom, and ensures that all user information is protected from outside sources.
In this article, we’ll take a look at everything you need to know about User Enrollment for your school, including what exactly User Enrollment does, how to set it up, how it impacts data security and more.
User Enrollment is an essential part of implementing BYOD programs. It protects user privacy on Apple devices by not allowing the IT administrators to access any personal information on the user’s own device by separating personal data from the school’s. The user will login to the device using their personal Apple ID and the Managed Apple ID that has been created through Apple School Manager to allow the IT admin to have access only for managing school's applications and configurations.
User Enrollment is unable to take over management of an app that the user has installed themselves, gather information about apps downloaded with the user’s personal Apple ID, remotely wipe the device and many other configurations that are protected by the security measures of User Enrollment.
User Enrollment protects user’s personal data through its privacy system. Managed Apple IDs will come into play here, creating a second account that establishes a work identity for IT administrators to separate school and user data from one another. To do this, User Enrollment creates separate APFS volumes for managed accounts and data on the iOS, iPadOS or macOS device. These volumes are cryptographically separated and only uses data stored by third-party apps like Notes and iCloud. Because the user will be using their own device, when it is removed from the MDM solution, all APFS volumes will be destroyed.
You can set up User Enrollment through your MDM solution. If your solution is Mosyle Manager, click the My School tab on the bottom and select Enrollment from the menu on the left. From there, you will be able to click Configure User Enrollment, and select to allow the User Enrollment (BYOD) option. Follow the rest of the boxes and fill them out or check them as needed. For step-by-step instructions on how to set up your User Enrollment, read our guide here.
The Educational profile is not available under User Enrollment since the devices belong to the user. This means that Apple Classroom unavailable for use. However, Apple Classroom can be used if the teacher has created a Class, which does not need the Educational Profile. Even if only one student is participating in BYOD, the whole class would need to be configured for the Teacher-created Class and they will not be able to use Apple Classroom through the MDM solution.
Using the teacher-created classes in the Classroom App means you will want to disable the automatic installation of the Education Configuration profile since they are configured manually on the devices and students will need to join the class. To integrate the Apple Classroom app with the MDM solution, we recommend using Automated Device Enrollment (formerly DEP).
No, Supervised Mode is only available for Automated Device Enrollment since it requires wiping the entire device, which would be very invasive for user data when it comes to BYOD programs.
Supervised Mode is when an IT administrator has ownership over the iOS or iPadOS device or Mac computers with macOS Catalina so they can manage them through the MDM solution. This means that the IT admin has more control over managing the devices remotely and is able to perform more restrictive actions, and is usually common with school-owned devices.. This is not the same as User Enrollment, which does not require Supervised Mode. A device that is Non-Supervised means that the IT administrator only has a limited level of management within the user’s iOS or iPadOS device and will only be able to receive some features or commands.
Some features that will require your iOS or macOS Catalina device to have Supervised Mode turned on including Blocked and Allowed Apps, App Lock, Wallpaper, Mosyle Class Manager features and the Apple Classroom App. To learn more about choosing to undergo Supervised Mode with Automated Device Enrollment and how to do it with Apple School Manager or Apple Configurator 2, click here.
Mosyle Manager provides IT departments with the ability to configure the enrollment URL in order to improve the student’s experience, so that they can feel confident about this process. Parents can feel secure knowing that their child’s device and its personal information is kept safe from the IT administrators at their school.
With User Enrollment and Managed Apple IDs, there is a limited amount of data that will be allowed to be accessed through the iOS, iPadOS or macOS device. This also applies to teachers who bring their own device, and can rest assured that their personal data will not be accessed, since there is a clear divide between their own data and the school’s data.
Save countless hours of IT effort while empowering teachers to manage iPad, Mac, and Apple TV devices in the classroom.
2019 Mosyle™ Corporation | Trusted by 14,000+ educational institutions across the globe