User Enrollment is designed for BYOD and requires [[Managed Apple IDs]]. The four stages of User Enrollment into MDM are: - _Service discovery:_ The device identifies itself to the MDM solution. - _User enrollment:_ The user provides credentials to an identity provider (IdP) for authorization to enroll in the MDM solution. - _Session token:_ A session token is issued to the device to allow ongoing authentication. - _MDM enrollment:_ The enrollment profile is sent to the device with payloads configured by the MDM administrator.