Automated Device Enrollment
Organizations can automatically enroll iPhone, iPad, Mac, Apple TV, and Apple Vision Pro devices in a mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them. After an organization signs up for Apple School Manager or Apple Business Manager, administrators sign in to the web portal and link to their MDM solution. The devices they purchased can then be assigned to users through MDM. During the device configuration process, the device queries Apple servers for an assigned MDM and if so, reaches out to the MDM solution to perform the enrollment. Using Automated Device Enrollment and a compatible MDM solution allows organizations to implement the following security measures:
Have users authenticate as part of the initial setup flow in the Apple device’s Setup Assistant during activation.
Provide a preliminary configuration with limited access and require additional device configuration to access sensitive data.
Require devices to run a minimum operating system version before enrolling.
Enforce FileVault enablement on a Mac.
After a device has enrolled with MDM, any configurations, restrictions, or controls are automatically installed.
The setup process for users can be further simplified by removing specific steps in the Setup Assistant for devices so that users are up and running quickly. If steps are skipped, the more privacy-preserving setting is used. For example, if the pane to configure location services is skipped, the service is not enabled during Setup Assistant.
Administrators can also control whether users can remove the MDM profile from the device and help ensure that configurations and restrictions are in place throughout the life cycle of the device.
Apple School Manager and Apple Business Manager
Apple School Manager and Apple Business Manager are services for IT administrators to deploy Apple devices that an organization has purchased directly from Apple or through participating Apple Authorized Resellers and carriers.
When used with an MDM solution, administrators can simplify the setup process for users, configure device settings, and distribute apps and books purchased in these three services. Apple School Manager also integrates with Student Information Systems (SISs) directly or using SFTP, and all three services support directory synchronization and federated authentication, so accounts can be automatically provisioned, updated, and deprovisioned based on an organization’s identity provider (IdP).
Apple maintains certifications in compliance with the ISO/IEC 27001 and 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Privacy and Security practices for in-scope systems. For more information, see Apple internet services security certifications in Apple Platform Certifications.
Note: To learn whether an Apple program is available in a specific country or region, see the Apple Support article Availability of Apple programs and payment methods for education and business.
Device supervision
Supervision generally denotes that the device is owned by the organization, giving them additional control over the device’s configuration and restrictions. For more information, see About Apple device supervision in Apple Platform Deployment.
Supervision gets automatically enabled on a device when using Automated Device Enrollment.