Deploy devices using Apple School Manager, Apple Business Manager, or Apple Business Essentials
You can automatically enroll devices in your mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.
You do this using Apple School Manager, Apple Business Manager, or Apple Business Essentials. These are simple, web-based portals that provide you with a fast, streamlined way to deploy Apple devices that your organization has purchased—either directly from Apple or from a participating Apple Authorized Reseller or cellular carrier.
You can also manually add Apple devices by using Apple Configurator.
Important: Third-party MDM server tokens expire after 1 year and must be replaced. Depending on the MDM vendor, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple School Manager Apple Business Manager, or Apple Business Essentials, generate and download a new token for the MDM server and transfer that token to the MDM server for immediate installation. See your MDM vendor’s documentation for information about how to transfer the token.
After your organization signs up for Apple School Manager, Apple Business Manager, or Apple Business Essentials, you can add manager accounts for users who are authorized to access the web-based portal. From the website, you can establish one or more servers for your MDM solution. You can also add servers at any time. Because Apple School Manager, Apple Business Manager, and Apple Business Essentials work together with your MDM solution, you can simplify the setup process for users, configure device settings, buy content in volume, assign apps to devices or users, and then install and update the apps wirelessly, even if the App Store is disabled. If you’re using Apple Business Essentials, you can also use the device management that’s built right in.
For more information, see Device workflow in the Apple School Manager User Guide, Device workflow in the Apple Business Manager User Guide or Device workflow in the Apple Business Essentials User Guide.
To view the certifications that Apple maintains in compliance with the ISO 27001 and 27018 standards for Apple School Manager and Apple Business Manager, see Apple internet services security certifications in Apple Platform Certifications.
Note: To learn whether Apple School Manager, Apple Business Manager, or Apple Business Essentials is available in your country or region, see the Apple Support article Availability of Apple programs and payment methods for education and business.
Federated authentication
Apple School Manager, Apple Business Manager, and Apple Business Essentials also integrate with Google Workspace or Microsoft Azure Active Directory (Azure AD) using federated authentication, allowing users to sign in to Apple services with their existing account user names and passwords.
Google Workspace integration
You can sync users from Google Workspace to Apple School Manager, Apple Business Manager, or Apple Business Essentials. As a result, your users can leverage their Google Workspace accounts as Managed Apple IDs. They can then use those accounts to sign in to their assigned iPhone, iPad, or Shared iPad. They can also use those accounts on a Mac by signing in to Apple ID in System Settings for macOS 13 or later, or in System Preferences for macOS 12.0.1 or earlier—or they can sign in to iCloud on the web.
To use federated authentication with Google Workspace, your Apple devices must meet the following operating system requirements:
iOS 15.5 or later
iPadOS 15.5 or later
macOS 12.4 or later
For more information on federated authentication with Google Workspace, see Intro to Google Workspace in the following User Guides:
System for Cross-domain Identity Management (SCIM)
SCIM allows organizations to provision Managed Apple IDs immediately, and to combine Apple School Manager, Apple Business Manager, or Apple Business Essentials properties with account data imported from Azure AD.
For more information on federated authentication and SCIM, see Integrate Apple devices with Azure AD.
SIS and SFTP in Apple School Manager
Apple School Manager is a central element of modern device deployment for education institutions. For more information, see the Apple Deployment Guide for Education to learn more about the steps of deploying Apple devices successfully in your learning environment for both one-to-one and shared deployments (primarily K–12).
So you can quickly create accounts with school rosters and classes, Apple School Manager also integrates with your existing environment. You can integrate with Student Information Systems (SISs). After you’ve authenticated and connected your SIS, specific information—such as management, staff, instructor, student names, and classes—is copied into Apple School Manager. You can then assign roles to your staff, instructors, and students and set their initial passwords. Apple School Manager periodically updates changes from your SIS. At no time is data written back to your SIS. For more information, see Integrate with your Student Information System (SIS) in the Apple School Manager User Guide.
You can also add accounts manually by uploading account information in .csv files using a Secure File Transport Protocol (SFTP) app, or you can create them right in Apple School Manager. To reduce the possibility of errors, Apple School Manager has .csv templates you can download and use. For more information, see Import accounts with SFTP in the Apple School Manager User Guide.
Test beta features
You can participate in testing beta features in Apple School Manager, Apple Business Manager, or Apple Business Essentials. When you do, your organization can help Apple by evaluating new features and by testing with your IT infrastructure, network, and selected users to make sure you’re ready to support employees and staff when the feature is moved out of beta.
Apple Business Essentials
Apple Business Essentials is a complete device management solution that allows you to remotely configure, deploy, and manage Apple devices. Whether your devices are owned by your organization or by your employees, Apple Business Essentials has you covered, and you can get your whole fleet of devices managed. Seamlessly deliver apps and settings—like Keynote, Wi-Fi, VPN, password policies, and manage security functionality like FileVault. Use Collections to protect company data and hardware in case of loss or theft of employee devices. Apple Business Essentials is designed for organizations with under 500 employees. For more information, see the Apple Business Essentials User Guide. To take tutorials about using Apple Business Essentials, see Learn How to Use Apple Business Essentials.