As of iOS version 13 and macOS 10.15, you have a further option for configuring your users´ mobile Apple devices. Alongside the long-existing Device Enrollment, you now have available User Enrollment. With User Enrollment there is a clear separation of the workspace from the privately used area on the device. This enrollment method is therefore recommended when embedding private Apple devices (privately-owned) that will be provided with a managed workspace (BYOD – Bring Your Own Device). As the administrator, you only have access to the workspace and have the option to delete it from the device (Partial Wipe). The user´s private data can be neither viewed nor deleted.
The employment of User Enrollment, requires the creation of managed Apple IDs.
Open the Apple Business Manager. for this. Then create a separate, managed Apple ID for each user. Proceed with that as described in the Apple user guide.
Enter the managed Apple ID for each user under Control Panel→ Users→ Settings→ Edit→ General in the management console (see also section Configure access permissions).
The users will subsequently receive an email from Apple with the managed Apple ID and a temporary password. The users can then log in to the User Self Service Portal and download the MDM profile (User Enrollment). Alternatively, you can configure the work profile, together with the user, in the management console (Fast Enrollment).