Account driven Device Enrollment

The requirements for Account Driven Device Enrollment are as follows:

A user account in Ivanti Neurons for MDM with managed Apple ID (Apple school or work account)
Under the Users -> User Settings ->set the Device Owner Settings to ON > select Company Owned option

Setup the discovery service

If your enterprise has an enterprise domain name, for example, acme.com, then the email ID for your device is [email protected].

The user enters [email protected] to sign in to their work or school account then the device makes a HTTP GET request call to the URL:
https://acme.com/.well-known/[email protected]
For more information, see - https://developer.apple.com/documentation/devicemanagement/discover_authentication_servers
On the acme.com domain configure redirection rule for the URI - /.well-known/com.apple.remotemanagement to redirect it to the following URL:
https://<n-MDM cluster>/.well-known/com.apple.remotemanagement

This topic addresses the actions the device user needs to take for registering Account Driven Device Enrollment.

Procedure

On the device, go to one of the following:
- For iOS device - Settings > General > VPN & Device Management.
- For macOS device - System Settings > Privacy & Security > Profiles.
- For visionOS device - Settings > General > VPN & Device Management.
Go to Sign in to Work or School Account.
Type the work or school account email address. Ensure that the email address is according to the following format:

username@<enterprise domain name>, for example, [email protected].
The login page automatically takes the Managed Apple ID and takes the user through iReg flow. Ensure that you enter Ivanti Neurons for MDM credentials.
Type the work or school account credentials and click Continue.
After a 2-factor authentication, the device enrollment completes.