3. Choosing An Enrollment Method

Available Enrollment Methods


There are three methods for enrolling devices in SimpleMDM, outlined below:

Enrollment Method Procedure Supports Enabling Supervision? Supports Unremovable MDM Enrollment?
Automated Enrollment (DEP) Device automatically enrolls during initial startup and setup Yes Yes
Apple Configurator Device is connected to macOS computer via USB Yes No
Enroll by Link Link is sent via SMS, email, etc to device and then opened in Safari No No
User Enrollment Link is sent to device, authenticate with Managed Apple ID. No No

Method 1: Automated Enrollment with Apple Business Manager (Apple DEP)


Automated Enrollment through Apple Business Manager, formerly known as the Apple Device Enrollment Program (Apple DEP), is the best way to enroll newly purchased devices in SimpleMDM. Automated Enrollment allows you to preconfigure the setup experience on devices. When devices are unboxed and turned on for the first time, they will show the setup screens you've permitted, optionally enable supervision, and enroll in SimpleMDM automatically.

Automated Enrollment is the only way to optionally configure a device so it cannot be unenrolled from SimpleMDM by the user at a later time. 

Automated Enrollment with Apple Business Manager is for newly purchased devices through an Apple Business account, cellular business account, or 3rd party business equipment reseller. In some cases, previously purchased devices can also be added to a DEP account. See this article for more information.

Setting up an Apple DEP account with Apple can take a few days and requires that your organization has a D.U.N.S. number. 

Further Reading

Method 2: Apple Configurator


Apple Configurator is a macOS application provided freely by Apple. After setting up Apple Configurator, an administrator can connect an iOS device via USB, optionally place the device in supervised mode, and enroll the device in SimpleMDM.

The process of enrolling a device using Apple Configurator is more time intensive, per device, than the Apple DEP method. We generally suggest the Configurator method when Apple DEP is not a possibility but supervision is still needed.

Further Reading

Method 3: Enroll by Link


"Enroll by Link" is the easiest method for enrolling a device or two. Devices are enrolled by opening a link in Safari. SimpleMDM allows these links to be sent by SMS or email. Links can also be sent to devices via an alternate out-of-band method or via QR code.

The "enroll by link" method does not allow an administrator to enable supervision on a device. However, if a device is already supervised, SimpleMDM will still be able to take advantage of supervised features.

Further Reading

Method 4: User Enrollment

User Enrollment is the most limited type of enrollment. This is available starting with iOS 13+ and macOS 10.15+. User Enrollment requires users to authenticate using a Managed Apple ID from Apple Business Manager in order to enroll. This creates a separate ADFS volume on devices to completely separate users' personal data from business data. This method of enrollment does not allow companies to enforce any form of restrictions on users' personal activities on devices, but companies can provide users with functionalities that help them perform their jobs. For example, push app installations, provide custom certificates, configure email accounts, configure WiFi networks, etc.

Further Reading