Set up Account driven enrollment for Apple devices

Hexnode UEM has implemented account driven enrollment for Apple devices. This method allows end users to enroll their devices directly by signing in through the device settings with their Managed Apple ID. This method simplifies the enrollment process by eliminating the need for users to download a UEM profile from an external link.

Account-driven enrollment provides benefits, particularly in BYOD scenarios where employees use personal devices for work. It allows easy access to company resources with minimal assistance from IT admins. For organization owned devices that can’t use Apple’s DEP, account driven enrollment is a seamless and effective enrollment method.

This guide provides step-by-step instructions for enrolling Apple devices into Hexnode UEM using account driven enrollment.

Account driven device enrollment

Follow these steps to perform account driven enrollment on your Apple devices.

In the Hexnode UEM portal:

1. Navigate to Enroll > Settings.
2. Select the Authentication Mode and scroll to the Enrollment Ownership section.
3. In the Enrollment Ownership section:
   • If you have selected No Authentication as the Authentication Mode:

     For both Corporate and Personal ownerships, check the Account driven option under Apple Enrollment type.

     

   • If you have selected Enforce Authentication as the Authentication Mode:
     1. For both Corporate and Personal ownerships, check the Account driven option under Apple Enrollment type.
     2. For Personal and Choose while sending enrollment requests ownership options under the Profile-driven section, select either Device Enrollment or User Enrollment. In the Account driven section, you can select both Device Enrollment and User Enrollment.

        

     Note:

     The enrollment type must be configured on your organization’s Managed Apple ID domain and should align with the enrollment type chosen in the Hexnode UEM portal. For instance, if you want to perform Device Enrollment, ensure both Hexnode UEM portal and Apple ID domain are configured for Device Enrollment, otherwise the enrollment will fail. The same applies to User Enrollment, both the portal and Apple ID domain must be set up for User Enrollment. If there’s a mismatch between the two configurations, the enrollment process will fail.

4. After configuring these enrollment settings, click Save.

On the device end:

1. On iPhones or iPads: navigate to Settings > General > VPN & Device Management > Sign in to Work or School Account.

   

   On Macs: navigate to Settings > General > Device Management > Work or School Account > Sign In.

   

2. In the pop-up, enter your Managed Apple ID and tap Continue.

   

3. On the following screen, the Hexnode enrollment page will appear, along with the EULA. Review the EULA, agree to the terms, and click Enroll.

   

4. If you have selected No Authentication in the portal, there will be no prompt for authentication. Otherwise, authentication will be required.

   

5. After authentication, the device will prompt you to sign in to iCloud.

   

6. Enter the Managed Apple ID password and tap Continue.
7. On the next page the device will prompt you to allow Remote Management.

   

8. After accepting remote management, the device will enroll in the specified Hexnode UEM portal, and the managed account will be displayed in the Device Management section.

   

   

9. After completing the enrollment, a pop-up will appear on the device requesting the installation of the Hexnode UEM app (applicable only for iPhones and iPads). Click Install.
10. Once the enrollment process is complete, the selected enrollment type can be viewed in the Enrollment Details section of the Device Summary page on the Hexnode UEM portal.