Support network users
MDM protocol has an extension called "Network User Authentication" allowing MDM to manage network users in corporate or educational environment.
This is linked to what is sometime called shared devices or lab devices.
Main idea is to be able to target settings to users and not devices directly.
This mean users are provided by a central directory service (at this time it's LDAP like AD, OD or even custom LDAP, but don't forget that macOS might support something else too).
So MDM need to be able to sync with any kind of directory services and receive "UserAuthenticate" messages from managed macOS devices.
With this supported by the MDM, we can manage a bunch of devices in the exact same way and customize interaction based on who's behind it in real time, and we can restrict those managed settings to the targeted user environment.
Simple example, all employees has preference pane restriction except help desk. Or all users are forbidden to add custom mail account except VIPs.
This also help to be more efficient in IT management. All devices work the same. Your's is dead? Take anyone and work just right now. Don't wait an hour for an automated install.