Enrolling iOS Devices Using Federated Enrollment

Before you begin

Federated enrollment requires the administration to integrate Microsoft Entra ID for federation. Only Managed Apple IDs federated by this Microsoft Entra account are authorized to enroll.

About this task

Create a user enrollment policy to enroll BYOD apple devices federated through Microsoft Entra ID.

Creating a Federated Enrollment Policy

Procedure

  1. From the main menu, select Policies > Enrollment—the Enrollment Policies view displays.
  2. Select New Enrollment Policy. The Enrollment Policy wizard launches.
  3. Below the Apple icon, select the iOS. The General view displays.
  4. On the General view, enter a name and description for the policy. Make the name brief but descriptive, especially if you plan to create many enrollment policies. Select Next.
  5. In the Enrollment Type window, select User as the enrollment type.
  6. In the User Enrollment pane, select Federated Account.
  7. Select the Microsoft Entra ID used to federate the Managed Apple IDs.
    Important: The selected Microsft Entra ID must match with the Entra ID configured on your Apple Business Manager.

Enrolling an iOS Device

Once a federated enrollment policy has been created, sign in to your iOS device using the federated Managed Apple ID for enrollment.

Procedure

  1. On your Apple iOS device, navigate to Settings > General.
  2. In the general device settings, select VPN and device management.
  3. Select Sign In to Work or School Account to log in using your federated Managed Apple ID.
    Note: Alternativley, you can sign into your device during the device set up.