09-25-2024 02:06 AM
Is it possible to use Jumpcloud's MDM on personal iPhones to manage company accounts on applications that users also have personal accounts on (e.g. MS Teams, Slack)? It is important for users' personal accounts to remain unmanaged. If this is possible with JC, how would I go about doing this?
Solved! Go to Solution.
09-27-2024 11:13 AM
Hi @nlester , what an awesome question.
Yes, it is absolutely possible to use JumpCloud's MDM for personal devices, but we strongly recommend using a User Enrollment for personally-owned devices. This is a kind of privacy-preserving enrollment that means you can know *some* things about peoples' phones, but they don't have to worry about IT snooping where they don't belong, and you don't have to put your company apps and enrollments where the end-user shouldn't have them.
We offer this kind of enrollment -- which does require a Managed Apple Account -- via the User Portal. Today, users can scan a QR code, and soon, users can just sign-in directly with their Managed Apple Account. Once signed in and enrolled, you can require a passcode, as well as limit sharing between Managed and Unmanaged destinations. You can distribute software -- with an important caveat -- to these devices as well. If the user already has an app, you can't send down a second copy, or take over the existing copy. For example, if you want to have them use the Gmail app, you have to ask them to remove it before you can send them a copy of the app. This is different on Android, where the operating system supports a Work Profile copy of an app, as well as a Personal copy.
End users are free to unenroll at any time, but by doing so, they will lose access to any apps that you've installed.
Supporting BYOD is a really cool proposition with JumpCloud, because we make the end user comfortable that you're not controlling their entire phone, and you get to handle some lightweight policies and app delivery to support their work with their phone, without having to pay for the whole device. If you're interested in a great use of passwordless access on iPhone, you can also look at Mobile Device Trust, as well.
09-27-2024 11:13 AM
Hi @nlester , what an awesome question.
Yes, it is absolutely possible to use JumpCloud's MDM for personal devices, but we strongly recommend using a User Enrollment for personally-owned devices. This is a kind of privacy-preserving enrollment that means you can know *some* things about peoples' phones, but they don't have to worry about IT snooping where they don't belong, and you don't have to put your company apps and enrollments where the end-user shouldn't have them.
We offer this kind of enrollment -- which does require a Managed Apple Account -- via the User Portal. Today, users can scan a QR code, and soon, users can just sign-in directly with their Managed Apple Account. Once signed in and enrolled, you can require a passcode, as well as limit sharing between Managed and Unmanaged destinations. You can distribute software -- with an important caveat -- to these devices as well. If the user already has an app, you can't send down a second copy, or take over the existing copy. For example, if you want to have them use the Gmail app, you have to ask them to remove it before you can send them a copy of the app. This is different on Android, where the operating system supports a Work Profile copy of an app, as well as a Personal copy.
End users are free to unenroll at any time, but by doing so, they will lose access to any apps that you've installed.
Supporting BYOD is a really cool proposition with JumpCloud, because we make the end user comfortable that you're not controlling their entire phone, and you get to handle some lightweight policies and app delivery to support their work with their phone, without having to pay for the whole device. If you're interested in a great use of passwordless access on iPhone, you can also look at Mobile Device Trust, as well.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.