FedericoLillacc
Enthusiast
Enthusiast

macOS - silent enrollment

Hi, is there any way to silently enroll a macOS device already in production and assigned to a user?

Thanks!

Labels (1)
2 Replies
pevans00
VMware Employee
VMware Employee

As of macOS High Sierra, Apple introduced the concept of User Approved Enrollment: [Deep Dive] User Approved MDM in macOS High Sierra | VMware End-User Computing Blog.  In a nutshell, this requires the end-user to actually "approve" and install the MDM profile in order to fully enable all management capabilities on the device.  As such, a fully-silent enrollment process for existing devices isn't really supported.

In this type of scenario I would recommend one of the two following approaches to onboard devices:

  1. Allow users to download the WS1 Intelligent Hub app from https://getws1.com.  Once installed, this will walk them through the enrollment process manually.
  2. If you have a way to deploy content to devices currently, you can leverage a sideloaded enrollment profile: Configure a Sideloading Enrollment Profile for macOS Devices.​  In this scenario, you can leverage a script to install the profile itself, or else have the users install it; but they will still be expected to "user-approve" the MDM profile within the System Preferences.
FedericoLillacc
Enthusiast
Enthusiast

Thanks for the info.

I'm going to give it a try, the sideloading option could be a viable one.

I'll post back the results.

0 Kudos