Automated Device Enrolment
Organisations can automatically enrol iOS, iPadOS, macOS and tvOS devices in mobile device management (MDM) without having to physically touch or prepare the devices before users get them. After enrolling in one of the services, administrators sign in to the service website and link the programme to their MDM solution. The devices they purchased can then be assigned to users through MDM. During the device configuration process, the security of sensitive data can be increased by ensuring appropriate security measures are in place. For example:
Have users authenticate as part of the initial setup flow in the Apple device’s Setup Assistant during activation.
Provide a preliminary configuration with limited access and require additional device configuration to access sensitive data.
After a user has been assigned, any MDM-specified configurations, restrictions or controls are automatically installed. All communications between devices and Apple servers are encrypted in transit through HTTPS (TLS).
The setup process for users can be further simplified by removing specific steps in the Setup Assistant for devices so that users are up and running quickly. Administrators can also control whether users can remove the MDM profile from the device and help ensure that device restrictions are in place throughout the life cycle of the device. Once the device is unboxed and activated, it can enrol in the organisation’s MDM solution — and all management settings, apps and books are installed as defined by the MDM administrator.
Apple School Manager, Apple Business Manager and Apple Business Essentials
Apple School Manager, Apple Business Manager and Apple Business Essentials are services for IT administrators to deploy Apple devices that an organisation has purchased directly from Apple or through participating Apple Authorised Resellers and network providers.
When used with an MDM solution, administrators can simplify the setup process for users, configure device settings, and distribute apps and books purchased in these three services. Apple School Manager also integrates with Student Information Systems (SISs) directly or using SFTP, and all three services can use System for Cross-domain Identity Management (SCIM) or federated authentication with Microsoft Azure Active Directory (Azure AD) so administrators can quickly create accounts.
Apple maintains certifications in compliance with the ISO/IEC 27001 and 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Privacy and Security practices for in-scope systems. For more information, see Apple internet services security certifications in Apple Platform Certifications.
Note: To learn whether an Apple programme is available in a specific country or region, see the Apple Support article Availability of Apple programmes and payment methods for education and business.
Device supervision
Supervision generally denotes that the device is owned by the organisation, giving them additional control over the device’s configuration and restrictions. For more information, see About Apple device supervision in Apple Platform Deployment.