iOS BYOD User Enrollment

iOS BYOD and VPP License Assignment Change

What

For a few years, device license assignment has been the preferred method for assigning licenses for managed iOS devices.  But, with BYOD enrolled devices, licenses can't be assigned to the device...  So FileWave have made some changes to how we handle this which make managing BYOD enrolled devices (and as a happy accident supervised devices) easier.

When/Why

Historically, when you created an association for a VPP app, you had a choice to assign the license to the Device, or to the User.  And, in Preferences, there was an option to set your preference (which you most likely have set to Device).  There is now a new option called "Automatic", which you will see below:

And, then on each Association that default can be overridden:

"Automatic" in this instance, basically means "Try to do a device license, but if you can't, then do a user based assignment"

Now, how does this make your life easier if you aren't going to manage BYOD devices?  That is a great question!  If you set your default setting in preferences to "Automatic", that means that all of your apps will assign to the device if they can, but if you have something that maybe you don't do much...like an app that can't do device based licensing, or an iTunes book for instance, then that association will still work even though you didn't manually change it over to "User".

How

We showed you above changing the preferences so that all new associations will be "Automatic" (which we think will work for almost all instances).  But, what happens if you enroll a new BYOD device and put it in a group that has a "Device" based association?  In short, nothing...the app will be associated, but can never install because device based license assignment can not be used.  So, for best results, you may want to consider updating older associations to "Automatic" as well.

The above may mean you have hundreds of associations to change...if that is the case, remember that you can mass-edit associations in the Associations view.

iOS BYOD User Enrollment Overview

What

With Version 14(+) of FileWave, you can now BYOD (bring-your-own-device) enroll a device without giving total management of the device to the system admin. 

When/Why

Typically, this option works best if the device to be supported is not company owned.  For instance, an employee with their own iPhone may want to BYOD enroll a device to allow distribution of company-owned app licenses, but without giving their company the ability to manage their phone in other ways.

How

BYOD enrollment is off by default in FileWave, and must be enabled on the Mobile tab in preferences as shown below:

Once enabled, a new tab will be added to the "Enroll iOS Device..." Assistant:

And, once user enrollment is enabled, you can go to https://my.server.address:20443/ios/byod to see the user enrollment page:

Note that by BYOD's very nature the only way you will enroll BYOD devices is through this page. (i.e. it won't be through DEP).  BYOD enrollment does require the use of managed apple ids from either Apple School, or Apple Business, Manager.

See below video of a BYOD device enrollment:

Unlike a DEP enrollment, you don't have to wipe the device first to BYOD enroll it.  However, trying to enroll a device with a managed Apple ID that is already logged into iCloud on the device will result in an error.

Managing BYOD User Enrollment

What

You have no doubt gotten used to managing supervised iOS devices, where you have the ability to manage most elements of the device.  If you have previously had folks do a manual OTA enrollment, then you know you have less management of those devices than those that are supervised.  BYOD user enrolled devices take that a step further, and even fewer capabilities exist (but for good reason).

When/Why

If you are going to utilize BYOD enrollment, it is because the devices to be enrolled actually shouldn't be managed by you, but they should have the ability to leverage the organization's resources.  So, with BYOD enrollment, you can distribute VPP apps and licenses:

But there are also restrictions to management:

How

Once the devices are enrolled, associations for content are managed like you are used to, but there is one important (and helpful) change to the way FileWave is managing VPP license assignation.  So please make sure and check out the article linked below on VPP License/Association Changes

You may be saying to yourself: "If I have to assign these licenses to the user, doesn't that mean I'll have to create VPP users in FileWave and invite them?"  And the answer to that is thankfully, no.  For User Enrollment, FileWave will automatically register and associate VPP users for each associated VPP asset on demand.

New Inventory Item -- Enrollment Type

What

There are now several methods of enrolling devices into FileWave and a new inventory field has been created to record the enrollment method.

When/Why

This field can be helpful when assigning content to devices.  The field in question is called Enrollment Type as you'll see below:

How

There is nothing special about access the item...you can do it in any query or smart group, but the following are the breakdown of the values for the field:

Displaying information

Description

Enrollment via APK

Device was manually enrolled via installation of FileWave application

Enrollment via EMM_API

Device was enrolled via the Android Management API (through NFC or a QRcode)

OTA Enrollment

Device was enrolled over-the-air

User Enrollment

Device was enrolled BYOD

DEP Enrollment

Device was enrolled via Apple DEP

Enrollment via fwcld

Device was enrolled via fwcld

Enrolled

Enrollment of Chromebook

User approved enrollment

Device was enrolled over-the-air and approved by user

Presumed DEP Enrollment

Device is supervised iOS client that was enrolled before v14.
"Presumed DEP" because there is no absolute concrete criteria to determine if it is DEP or Apple Configurator.

Not available

Enrollment type is not determined