Automated Device Enrollment
Organizations can automatically enroll iOS, iPadOS, macOS, and tvOS devices in mobile device management (MDM) without having to physically touch or prepare the devices before users get them. After enrolling in one of the services, administrators sign in to the service website and link the program to their MDM solution. The devices they purchased can then be assigned to users through MDM. During the device configuration process, security of sensitive data can be increased by ensuring appropriate security measures are in place. For example:
Have users authenticate as part of the initial setup flow in the Apple device’s Setup Assistant during activation
Provide a preliminary configuration with limited access and require additional device configuration to access sensitive data
After a user has been assigned, any MDM-specified configurations, restrictions, or controls are automatically installed. All communications between devices and Apple servers are encrypted in transit through HTTPS (TLS).
The setup process for users can be further simplified by removing specific steps in the Setup Assistant for devices, so users are up and running quickly. Administrators can also control whether or not the user can remove the MDM profile from the device and ensure that device restrictions are in place throughout the lifecycle of the device. After the device is unboxed and activated, it can enroll in the organization’s MDM solution—and all management settings, apps, and books are installed as defined by the MDM administrator.
Apple School Manager and Apple Business Manager
Apple School Manager and Apple Business Manager are services for IT administrators to deploy Apple devices that an organization has purchased directly from Apple or through participating Apple Authorized Resellers and Carriers. When used with a mobile device management (MDM) solution, administrators, employees, staff, and teachers can configure device settings and buy and distribute apps and books. Apple School Manager integrates with Student Information Systems (SISs), SFTP, and Microsoft Azure AD using federated authentication, so administrators can quickly create accounts with school rosters and classes.
Devices with iOS 11 or later and tvOS 10.2 or later can also be added to Apple School Manager and Apple Business Manager after the time of purchase using Apple Configurator 2.
Apple Inc. maintains certifications in compliance with the ISO/IEC 27001 and 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Security and Privacy practices for in-scope systems. For more information, see the Apple Support article Apple Internet Services Certifications.
Note: To learn whether an Apple program is available in a specific country or region, see the Apple Support article Availability of Apple programs for education and business.