Let's simplify deployment.

Understanding MDM Enrollment.

[fa icon="calendar"] Jan 3, 2016 1:04:15 PM / by Max Cohen

Max Cohen

So you hear this world enrollment a lot, huh?

understanding mdm enrollment

Enrollment a word that is tossed around a lot in the world of iOS Mobile Strategy. It's actually more simple than you may think. Let me break it down for you, and hopefully you can walk away from this better understanding MDM enrollment and why it's important.

In basic terms, enrollment is the action of turing an unmanaged device into a managed device. An unmanaged device is a mobile device that it is not controlled by any MDM software. For example, the iPad that you have at home that your kids use to play Angry Birds or your personal iPhone are unmanaged devices. This term also applies to any device that is straight out of the box. 

In contrast, a managed device is under the control of an MDM software. It is important for devices to be managed when you want to push Apps, secure devices, give employees access to company email, etc. This can also allow you to manage important security settings on your employees' personal devices, such as setting up a VPM or requiring a passcode for the device. 

So what does the process of enrollment look like? This can vary based on the type of strategy you are using. (Click here to identify your mobile deployment model.) I've outlined the three common strategies below.  Keep in mind, it's likely you will see more than one of these in your overall mobile landscape.

1. BYOD (Bring Your Own Device)

This one is pretty straight forward.  Generally, your MDM interface will have some easy way of having your end users become enrolled in your MDM.  This could give them the access they need for your internal WiFi, set up their company email, get them access to the apps they need to do their job, and access to any internal resources that they may need.  These different enrollment methods are usually one of the following.

  • App Enabled:  Solutions like Cisco Meraki, AirWatch, MobileIron, CasperSuite, and MaaS360, have an app in the App Store that you can instruct an employee to download.  Once they log in with their company crudentials that you have set up from withing your MDM (usually email or directory service) they will be prompted to install a management profile which will give the MDM control over the device and allow management.  This involves some tapping on the behalf of the end user, but keep in mind they only have to do this once, and there is minimal work done on IT's side to enroll the device in the MDM.
  • Email Invite:  Most MDMs will let you email an enrollment link to a new employee, in which they just click the link in the email and the same process as above takes place.  The end user has to tap yes and install a few times but again it's minimal work on both ends, all be it less automated.
  • Manually:  You can always have your employees physically hand your iPhone/iPad to IT to have them to it as well, but at that point, you are not creating self sufficient end users, and adding a lot of un needed interuptions throughout your day.  Plus you can sink hours into this depending on the amount of users you have to do this for.

No matter which of these routes you choose to go, understand that this is the act of enrollment.  Turning an unmanaged device into a managed device by installing a configuration profile.

2. COPE and Shared Deployments (When your organization owns the devices)

This is where it get's a bit trickly.  Because the challenge that you have now, is that you have to enroll your MDM software before deploying the devices to the end user, since you want them ready to go before reaching the end users.

This is why it's tricky.  Put your self in the shoes of your IT team, or the poor guy that has to set these up.

Below I have included the instructions for setting up Cisco Meraki.  This set up steps are pretty standard when doing an on device set up of the MDM.  It does not differ too much between providers.

apple configurator vs dep

So lets think about this for a second.  Seems like a 4 easy steps right?  Let's count how many times your finger has to hit the screen.

  1. Swipe to unlock, and put in a passcode (if there is one present) - 1 swipe and potentially 4 taps
  2. Tap Safari to go into the web browser - 1 tap
  3. Tap the nav bar in Safari and type in that entire URL - 13 taps
  4. Tap go to go to the URL - 1 tap
  5. Tap the text box and enter in the Network ID (which is a 10 digit number) - 11 taps
  6. Hit Register - 1 tap
  7. Hit install, then install again, then trust - 3 more taps.

So in total, we are looking at about 34 taps of the device just to enroll the MDM. This is not even including the crazy amount of steps that you have to take just during the initial set up of the iPad, which include language selections, Location services, Apple ID, restore info, T&C, passcode, Siri, Wifi, etc.. etc..

Now imagine being the guy that has to get 10 devices set up.  Now 100...  Now 1,000.  Now your entire enterprises, or school districts..

You can see how important the act of streamlining enrollment is when your organization owns the devices.  You want to do everything that you can to avoid manually setting up company owned devices.

Luckily, Cisco Meraki (and any other MDM worth spending any time or money on) include options to help you streamline the enrollment of your device.

The best way to streamline the enrollment of your MDM software onto your iOS devices is through Apple Configurator and/or DEP.  Both of these FREE tools provided by Apple make it possible to mass enroll and supervise your iOS devices.  You can also use a solution like Ground Control.

We did write a blog post (link above) on Apple Configurator vs DEP, however you can just download the helpful tip sheet below to see which one you should use, and the differences/similarities between the two options.

apple configurator vs dep



Topics: DEP, Deployment, MDM, Apple Configurator