Managing iOS BYOD Devices— Overview

Updated on 6/9/20263 Minutes to read

Setting up MobiHeal to manage employee-owned iPhones and iPads involves a series of configuration steps followed by ongoing device management. Apple User Enrollment allows organizations to secure corporate applications, accounts, and data without managing the employee's entire device. This overview explains the complete setup process so administrators understand the workflow before proceeding to the individual configuration steps.

Prerequisites Before You Begin

  • Your MobiHeal account must be active and accessible.
  • Apple Push Notification Service (APNs) must be configured in MobiHeal.
  • Employees must have an iPhone or iPad running a supported version of iOS or iPadOS.
  • The User Enrollment feature must be enabled in your MobiHeal environment.

Step 1 — Configure Apple Push Notification Service (APNs)

Before managing any Apple device, MobiHeal must be connected to Apple Push Notification Service (APNs). APNs enables secure communication between MobiHeal and enrolled iPhones and iPads. Without APNs, device enrollment, policy deployment, application installation, and management actions cannot be performed.

Configure APNs : apple-apns-configuration

Step 2 — Create a BYOD Policy

A dedicated policy should be created specifically for User Enrollment devices. Since Apple BYOD management focuses only on corporate resources, policies are applied to managed applications, accounts, and business data without affecting personal content.

  • Passcode Policies — Define security requirements for accessing managed corporate resources.
  • Application Controls — Configure how managed applications behave on enrolled devices.
  • Account Settings — Define corporate email, calendar, contacts, and business account configurations.
  • Compliance Rules — Enforce security requirements before granting access to corporate resources.
  • Managed Data Protection — Control how corporate data is shared between managed and unmanaged applications.
policy-management-overview : ios-policy-management-overview

Step 3 — Add Corporate Applications (Optional)

Before enrolling employees, add the applications that users require for work. These applications can be distributed automatically after enrollment and managed directly through MobiHeal.

  • Corporate email applications.
  • Communication and collaboration tools.
  • Business productivity applications.
  • Internal enterprise applications.
applications management : ios-app-management

Step 4 — Employee Enrolls Their Device

After the enrollment setup is complete, employees can enroll their personal iPhone or iPad using the enrollment QR code provided by the administrator. During enrollment, iOS creates a managed environment for corporate resources without giving the organization control over personal content.

  • The employee scans the enrollment QR code.
  • The device downloads the MDM enrollment profile.
  • The user approves enrollment using their Apple device.
  • Corporate accounts, applications, and policies are deployed automatically.
  • Personal applications, photos, messages, and files remain private and unmanaged.

ios-user-enrollment-steps : iOS BYOD Device Enrollment

What You Can Manage After Enrollment

  • Deploy and remove managed applications remotely.
  • Configure corporate email, contacts, calendars, and business accounts.
  • Apply security policies to managed corporate resources.
  • Monitor device compliance and enrollment status.
  • Push Wi-Fi, VPN, and certificate configurations required for business access.
  • Remove managed apps, accounts, and corporate data without affecting personal content.
  • View device inventory information available through User Enrollment.

Privacy Protection with User Enrollment

Apple User Enrollment is specifically designed to protect employee privacy. Unlike corporate-owned device management, administrators do not gain control over the entire device. MobiHeal manages only business resources while personal information remains inaccessible.

  • Personal applications are not visible to administrators.
  • Personal photos, videos, messages, and browsing history cannot be accessed.
  • Personal Apple ID information remains private.
  • Only managed applications and business resources are controlled by the organization.
  • Corporate data can be removed independently from personal data when required.