Skip to main content
This guide applies to Apple devices
Iru Endpoint provides BYOD (Bring Your Own Device) management capabilities for Apple devices through manual enrollment, allowing organizations to securely manage employee-owned iPhones, iPads, and Mac computers.

What is BYOD Management?

BYOD management enables organizations to apply essential security policies and deploy corporate resources to employee-owned Apple devices through manual enrollment. This approach focuses on business-critical configurations for employee-owned devices.

How BYOD Management Works

BYOD management in Iru Endpoint uses manual enrollment to establish a management relationship with employee-owned devices. When employees enroll their personal devices, Iru Endpoint installs a management profile that enables the organization to apply security policies and deploy corporate resources while respecting device ownership. The management profile provides a secure channel for policy enforcement and app distribution without requiring device supervision. This approach focuses on essential business configurations rather than comprehensive device control.

BYOD Capabilities

Iru Endpoint supports essential management capabilities for BYOD devices:

Security and Compliance

  • Passcode enforcement - Require strong passcodes and biometric authentication
  • Device encryption - Ensure FileVault is enabled on Mac computers
  • Certificate deployment - Install device identity certificates for conditional access
  • Network security - Configure Wi-Fi and VPN profiles for secure connectivity

Application Management

  • Corporate app deployment - Install and manage business applications
  • App configuration - Configure corporate apps with organization-specific settings
  • App updates - Ensure corporate applications stay current
  • App distribution - Deploy required business applications to managed devices

System Management

  • Operating system updates - Enforce macOS and iOS updates for security
  • System preferences - Configure essential system settings
  • Screen lock policies - Enforce screen lock requirements on iOS devices
  • Login window customization - Apply organization branding on macOS devices

Setting Up BYOD Management

Create a dedicated Blueprint specifically for BYOD devices to ensure appropriate policy separation:
1

Navigate to Blueprints

Navigate to Blueprints in Iru Endpoint.
2

Create New Blueprint

Click Create Blueprint.
3

Configure Blueprint Name

Enter a descriptive name like “BYOD” or “Employee Devices”.
4

Configure BYOD Policies

Add Library Items to your BYOD Blueprint. You can deploy any Library Items that are supported on unsupervised devices. Here are some common suggestions:
  • Passcode Library Item - Set appropriate passcode requirements
  • FileVault Library Item - Ensure Mac encryption is enabled
  • Wi-Fi Library Item - Configure corporate network access
  • Certificate Library Item - Deploy device identity certificates
  • Custom Apps - Install essential business applications
Some Library Items require device supervision and won’t work on BYOD devices. For details on which restrictions are available on supervised vs. unsupervised devices, see Apple’s supervision documentation.
5

Navigate to Manual Enrollment

Navigate to EnrollmentManual Enrollment.
6

Configure Enrollment Portal Settings

Configure the Enrollment Portal settings.
7

Select BYOD Blueprint for Enrollment

Select your BYOD Blueprint for enrollment.
8

Copy Enrollment Information

Copy the enrollment URL and access code.

User Enrollment Experience

Once you’ve set up the enrollment portal, employees can enroll their devices by visiting the enrollment URL you provide. If you’ve enabled authentication, they’ll sign in with their corporate credentials first. The device will then display the management profile details, showing employees exactly what permissions and policies will be applied. After they review and approve the management permissions, Iru Endpoint automatically applies your configured policies and installs any required apps.

Best Practices for BYOD

1

Focus on Essential Policies

Apply only necessary security and productivity policies to avoid overly restrictive management of personal devices.
2

Communicate Clearly

Explain to employees what will and won’t be managed on their personal devices.
3

Review Policies Regularly

Periodically assess and update BYOD policies to ensure they remain appropriate and effective.
4

Ensure Network Access

Configure profiles to ensure corporate resources are accessible through managed connections.
5

Plan Certificate Management

Plan for certificate renewal and distribution to maintain secure access to corporate resources.

Enrollment Portal Configuration

Share the enrollment information with your employees: 
Enrollment URL: https://your-tenant.iru.com/enroll
Access Code: [Your BYOD Blueprint Code]