The evolution of modern work sparked widespread adoption of bring-your-own device (BYOD) policies in organizations. This trend added complexity to mobile security deployments by challenging security and IT teams to protect work data without accessing personal data on those devices. With deployment options like Apple’s “User Enrollment”, work data and personal data on user-enrolled iOS devices are containerized on separate volumes on the same phone. This separation of work and personal data makes it easier than ever for security and IT teams to protect the most critical work data and applications on BYODs, while upholding end-user privacy.
Today we are excited to announce the Public Preview of Apple User Enrollment support for Microsoft Defender for Endpoint on iOS. This new feature offers security and IT teams the flexibility to deploy Defender for Endpoint to user-enrolled devices so that work data and applications are protected, while end-user privacy is upheld on those devices.
What is User Enrollment?
Apple User Enrollment is an enrollment solution specifically for BYOD scenarios. This enrollment type balances security and privacy for user-owned devices, by storing work and personal data in separate containers on the device. This containerized method only permits security and IT teams to have access to the data and managed applications found in the work container. As the admin, you get access to a limited but appropriate subset of Intune management options and restrictions to ensure that your organization's data stays safe.
Note: Admins cannot push a device-wide VPN profile with User Enrollment. Therefore, zero touch (silent) deployment and auto-onboarding of VPN is not supported with this feature.
Set up a User Enrollment Profile in Microsoft Intune. Intune supports account driven Apple User Enrollment and Apple User Enrollment with Company Portal. Read more about each method to determine which best fits your organization.
We are excited to share Apple User Enrollment support for Microsoft Defender for Endpoint with you. Let us know what you think in the comments below. We take all feedback into consideration as we work to enhance your security experience with Microsoft Defender for Endpoint.