iCloud for Apple platform deployments
With iCloud, users can store personal content such as contacts, calendars, documents, and photos, and keep them up-to-date across multiple Apple devices. iCloud secures content by encrypting it when it’s sent over the internet, storing it in an encrypted format, and using secure tokens for authentication. iCloud also includes Find My, which locates a lost or stolen iPhone, iPad, Mac, or Apple Watch.
iPhone, and iPad, use iCloud Backup to back up information—including device settings, app data, and iMessages—daily over Wi-Fi. iCloud Backup works only when the device is locked, is connected to a power source, and has Wi-Fi access to the internet.
With your mobile device management (MDM) solution, you can keep Managed Apps from being backed up to iCloud. In this way, you protect user’s personal data and prevent your organization’s information from being stored in iCloud. You can also keep proprietary in-house apps from being backed up to iCloud.
Some services—such as iCloud Photos, iCloud Keychain, and iCloud Drive—can be disabled on devices through restrictions entered manually on the devices or set by configuration profiles.
Note: Some iCloud features require a Wi-Fi connection. Some features aren’t available in all countries or regions. Access to some services is limited to ten devices with the same iCloud account.
iCloud Drive
Users can store their documents and images on iCloud Drive and access them from iPhone and iPad devices, Mac computers, or Windows computers that are set up with iCloud. Documents are kept up to date on all devices, so if a user changes a document on iPhone, for example, the changes are there when the document is opened on a Mac. Changes made to a file when the user is offline are automatically updated when the file is opened on a device that’s online.
On an iPhone or iPad with the Files app, compatible documents that are stored in iCloud Drive are available within each app. On a Mac, iCloud Drive appears as a folder in the Finder. iCloud Drive is also accessible on iCloud.com. Users can also configure their macOS Desktop and Documents folders to be stored in iCloud Drive automatically, allowing the contents to be available on all the user’s devices. Documents stored in iCloud Drive can also be shared with others, provided that they’re created with Pages, Numbers, Keynote, and other apps that support CloudKit.
Files in iCloud Drive are available on a user’s Mac even when there’s no internet connection.
iCloud Keychain
iCloud Keychain keeps Wi-Fi network passwords and website passwords used in Safari up to date on all your iPhone and iPad devices and Mac computers set up with iCloud. It also stores internet account sign-in and configuration information, and passwords for other apps that support it. iCloud Keychain also stores credit card information users save in Safari, so Safari can autofill the information. iCloud Keychain is disabled when used with a Managed Apple ID.
iCloud Keychain consists of two services:
Keeping Keychain up-to-date on all devices
Keychain recovery
User approval is initially required to keep iCloud Keychain up-to-date on iPhone and iPad devices and Mac computers. Each keychain item (user name and password for a website or email address) that’s eligible is exchanged with per-device encryption using iCloud key value storage. The keychain items are temporary and don’t persist in iCloud after being updated.
Keychain recovery lets users save their keychain, without giving Apple the ability to read the passwords and other data, and it provides a safety net against data loss. This is particularly important when Safari is used to generate random, strong passwords for web accounts, because the only record of those passwords is in the keychain.
To allow for a recovery of a user’s iCloud Keychain, the keychain can optionally be escrowed with Apple without allowing Apple to read the data it contains. When two-factor authentication is turned on, a device’s passcode is used to recover an escrowed keychain. Otherwise an iCloud Security Code is used. If none has been specified, the user might be prompted to create an iCloud Security Code—six digits, complex alphanumerics, or randomly generated—during the activation process. A secure escrow service provides a copy of the keychain only if a strict set of conditions is met.
Tip: Make sure users create an iCloud Security Code, because Apple can’t help recover the user’s iCloud Keychain information.