Enrolling a device using the user-enrollment mode

Steps on how to enroll a device using the user-enrollment mode.

1. Choose from the following options to start user enrollment:
   • Open the Safari browser on your device and tap the MaaS360® enrollment request URL from your enrollment request notification email message or text message.
   • If a QR code is provided in the enrollment request notification, scan the QR code.
   
2. Provide the following details to allow user authentication:
   • Enter your corporate credentials (the username and the password that you use to log in to your computer) in the Username and Password fields.
   • Select the Device Ownership as Employee, and then tap Continue. After you choose employee ownership, a privacy message is displayed to the user that allows them to manage their own user data on an employee-owned device without intervention from the administrator.
   
3. Complete the second step of authentication by entering the passcode that you received in the device enrollment request email message, and then tap Continue.
   
4. Tap Continue when the Mobile Device Management screen displays the three steps that you will follow to configure your device for MaaS360.
   
5. Accept the terms of the license agreement and tap Continue.
   
6. Tap Download to download the profile. You are notified when the profile is downloaded. The profile installation process secures the communication channel with MaaS360.
   
7. After the profile is downloaded, go to Settings on the device and tap Enroll in MaaS360.
   The downloaded profile is automatically deleted if you do not install the profile on the device within 8 minutes after you downloaded the profile.
   
8. Click Enroll My iPhone in the downloaded profile for user enrollment. A warning message that MaaS360 is remotely managing your device if you install the profile is displayed.
   
9. Enter the Apple ID and password credentials, and then tap Sign In to sign in to MaaS360. The credentials are the Managed Apple ID that is associated with the user account. In this step, the user authenticates against the Managed Apple ID with Apple. This credential is sent from Apple Business Manager through email message or the administrator can access the credential information from the Apple Business Manager portal. This Apple ID credential is different from the MaaS360 local user credentials.
   

Results

The sign-in takes a few seconds to complete. The partition on the device for user and corporate data is created during this time. When the user account successfully authenticates with the Managed Apple ID, user enrollment is complete.

When user enrollment is successful, two accounts are displayed on the device: iCloud from Apple Business Manager and the MaaS360 account. The MaaS360 administrator can only access and manage the corporate partition. Because the user partition on the device is privately protected, the administrator cannot manage user data. The user can continue to use the employee-owned device for personal use and office use, where data privacy is enforced for personal use. Actions such as reminders or personal calendar items continue to function uninterrupted since these items cannot be managed by the MaaS360 administrator.

Note: If you delete the Apple ID account, the user remove control action is initiated, which removes the installed configuration from the Profiles and Device Management. The account is no longer enrolled in the MaaS360 MDM.