Choose a device management service
There are many device management services available from a variety of third parties. Evaluate which aspects of device management are most important to your organization—including hosting options and pricing—before you choose one. The criteria below can help with your decision.
Based on your criteria, you can create a short list of device management services and set them up on a trial basis with just a few test devices to evaluate which service best meets your needs before making a final decision. Apple School Manager and Apple Business Manager all allow you to connect with more than one device management service and assign devices to different services as needed.
Tip: It’s vitally important to select the appropriate device management service before your deployment. Changing mid-deployment may require you to erase each device and reenroll it.
Vendor support access and policies
The device management service is a mission-critical part of your overall deployment and management plan. You need to evaluate the support, services, and training each device management service developer provides.
Device management framework support
Apple devices provide a rich set of configuration options available through the device management framework. Organizations need to evaluate whether the intended device management service supports required profiles and configurations. In addition, evaluate which declarative device management capabilities it supports if you’re planning to use enforced software updates, managed service configuration files, or other functionality the declarative device management protocol provides.
Device support
Some device management services provide in-depth support for specific Apple device types—for example, just Mac computers or iPhone devices—while others offer cross-platform support. You can choose a mix of device management service developers to support each device type with a specialized service. Automatic assignment by device type in Apple School Manager or Apple Business Manager makes this simple. Or choose a device management service developer that supports all Apple device types you use across your organization.
Support for Apple web-based portals
Some device management service developers offer enhanced support for device enrollment and Managed Distribution. Some, for example, offer the ability to import multiple content tokens for Apple School Manager or Apple Business Manager. Having multiple content tokens associated with purchasing apps and books is helpful if your organization has multiple manager accounts, such as one for each school in a district. With multiple content tokens, an organization can have separate enrollment settings for different sets of devices. In this case, an enterprise might have one for shared devices and another for one-to-one devices.
Device management services also play a key role in enforcing access management rules for Managed Apple Accounts. When a Managed Apple Account tries to sign in, the device sends a GetToken request to the device management service to determine whether its management status aligns with the organizational requirements. For more information, see Get Token on the Apple Developer website.
User account information
Device management services can set up mail and other user accounts automatically. Depending on the device management service you use, and its integration with your internal systems, you can prepopulate account payloads with a user’s name, email address, and certificate identities for authentication and signing.
A device management service can configure the following types of accounts with user information:
Calendar
Contacts
Exchange ActiveSync (EAS)
Exchange Web Services (EWS)
Extensible single sign-on
Google
Identity
LDAP
Mail
Subscribed calendars
VPN
802.1X
Device management commands
Device management services can send commands to enrolled Apple devices. To learn which commands are available for your devices, consult your developer’s device management service documentation. You can use commands to trigger software updates, locate misplaced devices with Lost Mode, or install apps remotely. For more information, see Device management commands.
Query and reporting services
A device management service can query Apple devices for a variety of information, including hardware serial number, Unique Device Identifier, Wi-Fi, media access control (MAC) address, and (for Mac computers) FileVault encryption status. It can also query for software information, such as device version and restrictions, and list the apps installed on the device. You can use this information to ensure that users maintain the appropriate apps. iOS, iPadOS, and visionOS 1.1 allow queries about the last time a device was backed up to iCloud, and about the app assignment account hash of the logged-in user. In tvOS, a device management service can query enrolled Apple TV devices for asset information, such as language, locale, and organization. For more information, see Device information queries.
Education-centric functionality
Some device management service developers offer functionality designed specifically for education environments. Well before the day you give devices to students, make sure your device management service developer supports Apple services and apps, such as Apple School Manager, Classroom, Schoolwork, Shared iPad, and all the education features in the latest versions of Apple operating systems. For more information on deploying Apple hardware, software, and services in education (primarily K–12), see the Apple Deployment Guide for Education.
In iPadOS 17.6 or later, developers can take advantage of additional apps alongside their primary assessment app—for example, accessibility apps and apps that may use calculators, notes, and spreadsheets.
In iPadOS 17.5 or later with Schoolwork 3.0, teachers can:
Send any document or file as a Classroom assessment, including PDFs and files created from Pages, Numbers, Keynote, and Google Suite (docs, sheets, slides)
Upload documents from iCloud and scan paper documents directly into Schoolwork
Review and score student work and documents using scoring features
Analyze student performance per question, which includes other reporting and insight features
Business-centric functionality
Some device management service developers offer functionality designed specifically for business. Examples include tools for auditing and for integrating with Active Directory and LDAP directory services.