Prepare to use eSIMs with Apple devices
Mobile data activation requires either a SIM or an eSIM provided by the carrier. eSIMs are preferred for a number of reasons, but your local carrier may not support them at the scale your organisation needs. Carrier selection should also take into account coverage for where users live, work or attend school, as well as any location where devices are initially configured.
eSIM support
On an iPhone with iOS 16 or later, you can have eSIMs installed automatically during device set-up. Your service provider must support eSIM Service Provider Activation. If it does, there’s no need to use MDM to install eSIMs during initial device set-up.
eSIMs can also be automatically installed on an iPhone (with iOS 16 or later) or iPad (with iPadOS 16.1 or later) that use Automated Device Enrolment. The process uses Apple School Manager, Apple Business Manager or Apple Business Essentials. For this case too, your provider must support eSIM Service Provider Activation.
iPhone and iPad model | eSIM support | Automatic eSIM installation | nano-SIM support | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
All iPhone 16 models (US only) All iPhone 15 models (US only) All iPhone 14 models (US only) | Dual eSIM | ||||||||||
All iPhone 16 models (non-US) All iPhone 15 models (non-US) All iPhone 14 models (non-US) | Dual eSIM | ||||||||||
All iPhone 13 models iPhone SE (3rd generation) | Dual eSIM | ||||||||||
All iPhone 12 models | Single eSIM | ||||||||||
iPhone SE (2nd generation) All iPhone 11 models All iPhone X models | Single eSIM | ||||||||||
iPad Pro 13-inch and 11-inch (M4) models iPad Air 13-inch and 11-inch (M2) models | Single eSIM | ||||||||||
iPad Pro (3rd generation) or later 11-inch, 12.9-inch models iPad mini (5th generation) or later iPad Air (3rd generation) or later iPad (7th generation) or later | Single eSIM |
eSIM security benefits
eSIMs are exceptionally secure and tamper resistant. They can’t be cloned or modified, and they’re designed to operate only on a specific device. By design, the GSMA eSIM specification SGP.21 restricts eSIM profiles from being exported from one eUICC to another.
With a physical SIM, someone can quickly steal a user’s SIM (which contains the user’s phone number). This allows SMS communication to that number, such as receiving one-time passcodes or personal identification numbers. With an eSIM, this isn’t possible.
To prevent additional lines of service from being added to a user’s iPhone, you can use MDM and the AllowESIMModification
restriction to prevent the addition or removal of eSIMs.
All iPhone 14 or later models sold in the United States, and all iPad Pro (M4) and iPad Air (M2) models, are eSIM only. This provides an extra layer of protection because you can’t physically remove or replace an eSIM. If the iPhone or iPad is lost or stolen, it will be much harder to activate it on another line.
Service Provider selection
All iPhone devices and some iPad devices, have mobile network coverage. To make best use of that coverage when planning deployment, make sure you have the right network provider for your needs.
Because eSIMs are software based, they afford much more deployment flexibility and are also easier to secure; administrators can trigger eSIM installation remotely and restrict a user’s ability to remove it from their device. If there’s a need to change the mobile service provider for devices after they’ve been deployed to users, a mobile device management (MDM) command lets you do that without any user interaction. There are other advantages to using an eSIM. For example, if permitted, the user can also change to use the previous eSIM in Settings > Network Provider.
When selecting a service provider, ask the following:
After an agreement is signed, what is the time period to create and make available the eSIMs so they can be assigned to supported iPhone and iPad devices?
Does your service provider support eSIM Network Activation for automating eSIM installation?
Does your network provider allow users to transfer eSIMs between iPhone and iPad devices?
What is the URL for your service provider’s eSIM server (known as an SM-DP+ server)?
Ensure access to the service provider’s eSIM server is available through firewalls.
Use the service provider’s eSIM server hostname when installing eSIMs using MDM.
Regarding mobile coverage and capacity, can the service provider provide a survey of mobile phone towers close to where the devices are provisioned and where remote learning may be taking place?
Note: Because carriers may be sensitive to the number of devices simultaneously queuing for eSIM provisioning, many of them request that automated provisioning events be communicated to them.