Skip to main content
This guide applies to Mac computers, iOS devices, and iPadOS devices

About Apple Enrollment

Apple enrollment allows you to add Mac computers, iOS devices, and iPadOS devices to Iru Endpoint for centralized management. Iru Endpoint supports both Automated Device Enrollment (ADE) for corporate-owned devices and manual enrollment for BYOD scenarios.

How It Works

Apple enrollment uses two main approaches: Automated Device Enrollment (ADE) for corporate-owned devices that enroll automatically during setup, and manual enrollment through the Enrollment Portal for BYOD scenarios. Both methods connect devices to Iru Endpoint where they get assigned to Blueprints and configured according to your organization’s policies.

Automated Device Enrollment (ADE)

ADE allows devices to enroll automatically during the initial setup process. This is the recommended method for corporate-owned devices.

Prerequisites

  • Apple Business Manager account configured
  • ADE token uploaded to Iru Endpoint
  • Devices added to your Apple Business Manager account
  • Blueprints configured for device assignment

ADE Enrollment Flow

When users set up their devices, the device connects to Apple’s servers during setup and Iru Endpoint automatically applies the assigned Blueprint. The device gets enrolled and configured according to your policies, then the user completes setup with pre-configured settings.

Configure ADE Assignment

1

Assign Devices in ABM

  1. In Apple Business Manager, navigate to Devices
  2. Select the devices you want to assign
  3. Choose Assign to MDM Server
  4. Select Iru Endpoint as the MDM server
2

Configure Blueprint Assignment

  1. In Iru Endpoint, navigate to EnrollmentAutomated Device Enrollment
  2. Select devices that are “Awaiting Enrollment”
  3. Assign them to the appropriate Blueprint
  4. Configure any required authentication settings

Manual Enrollment

Manual enrollment allows users to enroll their devices through the Iru Endpoint Enrollment Portal.

Setup Manual Enrollment

1

Configure Enrollment Portal

  1. Go to EndpointEnrollmentManual Enrollment in Iru Endpoint
  2. Ensure the Enrollment Portal is active
  3. Determine which Blueprint you want devices to be added to after enrollment
2

Configure Authentication

  1. Click Require authentication on the Blueprint if you want users to authenticate prior to enrollment
  2. This integrates with your SSO configuration for secure enrollment
3

Share Enrollment Information

  1. Copy the Enrollment Portal Link
  2. Share the link and the appropriate Blueprint code with your end users
  3. Provide instructions for the enrollment process

User Enrollment Process

When users access the Enrollment Portal, they’ll enter the provided Blueprint code and authenticate using SSO if you’ve enabled that option. They then download and install the enrollment profile to complete enrollment and receive device configuration.

Enrollment Authentication

SSO Authentication

For enhanced security, you can require SSO authentication during enrollment. Configure SSO in Iru Endpoint (see SSO Setup), then enable Require authentication on your Blueprint. Users will authenticate with their identity provider before enrollment.

Blueprint Codes

Each Blueprint has a unique enrollment code that users need to enroll their devices. You can share codes directly with users, use SSO authentication to automatically assign users to the correct Blueprint, or create multiple Blueprints for different user groups or departments.

Best Practices

Test your Blueprints on designated testing devices before enrolling production hardware. Use Automated Device Enrollment for corporate-owned devices, as it provides the best user experience. Enable SSO authentication for secure enrollment and provide clear instructions to users about the enrollment process. You can monitor enrollment success and troubleshoot issues using the Activity page.

Troubleshooting

Common Issues

If devices aren’t appearing, check your Apple Business Manager configuration and device assignment. For enrollment failures, verify your Blueprint configuration and network connectivity. If you’re experiencing authentication issues, ensure that SSO is properly configured and that users have the necessary access.

Support Resources

Check the Activity page for enrollment logs and errors, and review Device records for enrollment status. Contact Support if you need additional assistance.

Next Steps

After setting up enrollment, test the process with a few devices and monitor device compliance and policy enforcement. You can then deploy applications to enrolled devices. For detailed information about Apple enrollment, see Configuring Apple Enrollment.