Choose an MDM solution
There are many MDM solutions available from a variety of third parties. You should evaluate which aspects of MDM are most important to your organization—including hosting options and pricing—before you choose a solution. The tips below can help with your decision.
Tip: It’s vitally important to select the appropriate MDM solution before your deployment. Changing mid-deployment may require you to erase each device and reenroll it.
Vendor support access and policies
MDM is a mission-critical service. You need to evaluate the support, services, and training your MDM vendor provides.
Hosting locally or in the cloud
An MDM solution can be hosted on a local server or in the cloud. MDM is a lightweight HTTPS-based protocol that can manage devices anywhere in the world with low data-traffic impact, making it well suited for cloud hosting. If your organization chooses a cloud-hosted or internet-hosted solution, many of the MDM configuration steps described in this reference can be considerably reduced or eliminated entirely.
Device support
Some MDM solutions are built with in-depth support for specific Apple device types—for example, just Mac computers or iPhone devices—while others offer cross-platform support. You can choose a mix of MDM vendors so each device type is supported with a specialized solution. Automatic assignment by device type in Apple School Manager, Apple Business Manager, or Apple Business Essentials makes this simple. Or choose an MDM vendor that supports all Apple device types used across your organization.
Support for Apple web-based portals
Some MDM vendors offer enhanced support for device enrollment and managed distribution. Some, for example, offer the ability to import multiple tokens for Apple School Manager, Apple Business Manager, or Apple Business Essentials. Having multiple tokens associated with purchasing apps and books is helpful if your organization has multiple manager accounts, such as one for each school in a district. With multiple tokens, an organization can have separate enrollment settings for different sets of devices. In this case, an enterprise might have one for shared devices and another for one-to-one devices.
User account information
MDM can set up mail and other user accounts automatically. Depending on the MDM solution you use and its integration with your internal systems, account payloads can also be prepopulated with a user’s name, email address, and certificate identities for authentication and signing.
An MDM solution can configure the following types of accounts with user information:
Calendar
Contacts
Exchange ActiveSync (EAS)
Exchange Web Services (EWS)
Identity
LDAP
Mail
Subscribed calendars
VPN
802.1X
MDM commands
MDM solutions can send commands to enrolled Apple devices. To learn which MDM commands are supported for your devices, consult your MDM solution’s documentation. Commands can be used to trigger software updates, locate misplaced devices with Lost Mode or installing apps remotely. For more information, see MDM commands for Apple devices.
Query and reporting services
An MDM solution can query Apple devices for a variety of information, including hardware serial number, device UDID, Wi-Fi, Media Access Control (MAC) address, and FileVault encryption status (for Mac computers). It can also query for software information, such as device version and restrictions, and list the apps installed on the device. This information can be used to ensure that users maintain the appropriate apps. iOS and iPadOS allow queries about the last time a device was backed up to iCloud, and about the app assignment account hash of the logged-in user. In tvOS, MDM can query enrolled Apple TV devices for asset information such as language, locale, and organization. For more information, see Device information MDM queries.
Education-centric functionality
Some MDM vendors offer functionality designed specifically for education environments. Make sure your MDM vendor supports solutions such as Apple School Manager, Classroom, Schoolwork, Shared iPad, and all the education features introduced with the latest versions of Apple operating systems the day of the launch. For more information on deployment Apple hardware, software, and services in education (primarily K–12), see the Apple Deployment Guide for Education.
Business-centric functionality
Some MDM vendors offer functionality designed specifically for business. Examples include tools for auditing and for integrating with Microsoft Active Directory and LDAP directory services.
Based on your criteria, you can create a short list of MDM solutions and set them up on a trial basis with just a few test devices to evaluate which solution best meets your needs before making a final decision. Apple School Manager, Apple Business Manager, and Apple Business Essentials all allow you to connect with more than one MDM solution and assign devices to different servers as needed.