Apple has always valued user privacy above everything else. This manifests not only in their device’s interface design, the underlying principles of their operating systems but also in the way UEM / EMM vendors can apply management to their mobile devices. In any other scenario than fully corporate owned devices the user is able to remove corporate management profile at any moment. The user is also clearly informed what their IT administrator is capable on their device and if anything is not to their liking a simple click disables any control.
iOS 13 is another big step towards providing the end user with more control over their device and more privacy. At least in case of user’s private device. Starting with this release of the iOS operating system there will be 3 distinct enrollment and management modes available:
1/ Device enrollment – this is the oldest method of applying management to iPhones and iPads. It requires the user to download a management profile and click through its installation on the device. This enrollment method is not meant for supervised mode
Who is it for? Both user and company owned devices can be enrolled, however going forward this method will be discouraged in favour of the 2 other modes.
2/ Automated device enrollment – from the end user perspective as well as the company’s perspective it’s the easiest way to get your iPhone or iPad enrolled to the company infrastructure. Thanks to the Device Enrollment Program (DEP) the end user’s interaction is limited to minimum and it can be even simpler than in case of a standard off-the-shelf device at the same time allowing for most management features – in the supervised mode, which can be applied automatically upon enrollment.
In this mode the user will not be able to remove management of their device.
Who is it for? Any larger organisation planning to deploy iOS devices at scale really. If you are serious about managing your company devices this is surely the way to go. Unless we are talking about BYOD – this method only applies to corporate devices.
3/ User enrollment – this method is introduced in iOS 13 – so it’s the latest one in iOS management. It offers less control to the IT administrator, leaving a lot of power in the hands of the end user. This method introduces total separation of private and corporate data and limits the amount of device information sent to your employer’s servers to minimum (e.g. no device identifiers are sent out, only managed apps are reported etc). While this method allows the UEM / EMM vendor to enforce a passcode it cannot be a really complex one.
Who is it for? Going forward any implementation on user’s private devices based on our customer’s feedback though it will also be useful in less demanding (feature wise) implementations of corporate owned devices where user’s privacy is highly valued.
From the user’s perspective another major addition in iOS 13 is the separate iPadOS, which will leverage the larger screen estate of iPad devices.
FAMOC manage supports all devices running iOS 13 as well as iPadOS 13, with user enrollment support coming in the next weeks.