User-Enrolled

A device enrollment method where the user manually installs an MDM enrollment profile, typically resulting in unsupervised status.

What to Know

User enrollment represents a voluntary MDM relationship where users manually install enrollment profiles, typically for BYOD programs or legacy devices that predate ADE. Because enrollment is user-initiated, devices remain unsupervised and users retain the ability to remove MDM profiles at will. This creates a less secure management posture compared to ADE enrollment, with fewer available restrictions and no guarantee of continuous management. Organizations must understand these limitations when developing enrollment strategies and BYOD policies.

User-enrolled devices are appropriate for scenarios where organizations need basic management and configuration capabilities without full device control. However, for corporate-owned devices or environments requiring strict security enforcement, user enrollment is insufficient. The voluntary nature of user enrollment means IT cannot rely on it for devices that must remain under continuous management or enforce mandatory security controls.

Common Scenarios

Enterprise IT: BYOD programs allow employees to user-enroll personal devices to access corporate email and intranet resources. Users install an enrollment profile to configure Exchange and VPN settings, but retain the ability to remove management if they leave the company or no longer wish to participate in the program. This respects user device ownership while providing IT with basic configuration capabilities.

MSP: Legacy client devices purchased before the MSP relationship began cannot be enrolled through ADE without factory reset. MSPs user-enroll these devices to gain basic management until the next hardware refresh cycle, when devices can be properly ADE-enrolled. MSPs document these exceptions and prioritize migration to supervised enrollment during client reviews.

Education: Faculty who bring personal iPads for classroom use can user-enroll to access school Google Workspace or learning management systems. The school gains ability to deploy necessary apps and configurations without requiring full supervision of personal devices. Teachers can unenroll at any time, making this appropriate for personal device management.

In Addigy

Addigy generates enrollment invitations that users can install via email, SMS, or self-service portals for user-enrolled devices. These profiles install with unsupervised status, and Addigy clearly indicates supervision state in device inventory. Admins can deploy policies and restrictions that work on unsupervised devices, though Addigy’s interface indicates which management capabilities require supervision and won’t apply to user-enrolled devices.