Set up Apple School Manager
Apple School Manager is a simple, web-based portal for IT administrators that provides a fast, streamlined way for you to deploy Apple devices that your organization has purchased directly from Apple or from a participating Apple Authorized Reseller or carrier. You can automatically enroll devices in your mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.
Using your MDM, you can simplify the setup process for users, configure device settings, and distribute apps and books you purchase in Apple School Manager.
So you can quickly create accounts with school rosters and classes, Apple School Manager also integrates with your existing environment. You can integrate with Student Information Systems (SISs) either directly or using SFTP. And you can integrate with Microsoft Azure Active Directory (Azure AD) using federated authentication, enabling students and teachers to sign in to Apple services with their existing Azure AD credentials.
Add device suppliers to Apple School Manager
If you purchase devices through participating Apple Authorized Resellers or carriers, you can add supplier information in Apple School Manager, so orders placed with that reseller or carrier automatically appear in Apple School Manager. Before you can assign devices, you must have entered your appropriate Apple customer number and communicated your Organization ID to a participating Apple Authorized Reseller or carrier and added their Reseller ID to your account. For more information, see Manage device suppliers in the Apple School Manager User Guide.
Note: You should add this data as soon as possible.
Add mobile device management servers (MDM) to Apple School Manager
After you’ve selected the MDM solution to manage your organization’s Apple devices, you must add your MDM server to Apple School Manager before you can begin assigning devices. Before you add your MDM solution, review the certificate, security, and naming information below. For more information, see the video Connecting your MDM.
MDM server security
Every server you create in Apple School Manager must be securely authorized using a two-step verification process. The verification process involves creating and installing a server token on your MDM server.
MDM server certificates and tokens
Before you add an MDM server, get the public key certificate file (ending in .pem or .der) from your MDM vendor for each server you want to add. See your MDM vendor’s documentation for information about getting the server’s public key certificate.
You’ll upload this public key certificate file to Apple School Manager for each MDM server and then download a server token from Apple School Manager for each MDM server. The last step is to upload the relevant server token from Apple School Manager to each of your MDM servers. See your MDM vendor’s documentation for information about how to upload the token.
Server tokens expire after one year and must be replaced. Depending on the MDM vendor, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple School Manager, generate and download a new token for the MDM server and transfer that token to the MDM server for immediate installation. See your MDM vendor’s documentation for information about how to transfer the token.
MDM server names
When you name each server in Apple School Manager, you don’t need to use the fully qualified domain name. For example, you can choose a name based on a specific building, location, room, or job function (but you can’t use the same name for multiple servers).
Backing up your MDM
If you have a locally hosted MDM solution, you must back it up regularly to ensure continuity of client management and the integrity of critical Activation Lock bypass codes. Confirm that your backups can be successfully restored and result in a functional MDM solution with the appropriate certificates, tokens, and client relationships. See your MDM vendor’s documentation for specific backup information. Cloud-hosted or externally managed services may also include automatic backup functionality.
Assign devices to your MDM server in Apple School Manager
In order for your MDM solution to configure a device’s activation and enrollment settings, the device must be assigned to your MDM solution in Apple School Manager.
To assign devices, click Devices in the sidebar, find the devices you’d like to assign, and select the MDM server to associate the devices with.
If your organization has only one MDM solution and you want all future devices purchased by your organization enrolled in that specific MDM solution, you can automatically assign new devices in Apple School Manager. This feature applies to all iPhone, iPad, Mac, and Apple TV devices. To automatically assign new devices, see Set a default MDM server for a device type in the Apple School Manager User Guide.