Hi, is there any way to silently enroll a macOS device already in production and assigned to a user?
As of macOS High Sierra, Apple introduced the concept of User Approved Enrollment: [Deep Dive] User Approved MDM in macOS High Sierra | VMware End-User Computing Blog. In a nutshell, this requires the end-user to actually "approve" and install the MDM profile in order to fully enable all management capabilities on the device. As such, a fully-silent enrollment process for existing devices isn't really supported.
In this type of scenario I would recommend one of the two following approaches to onboard devices: