Automated Device Enrollment
Organizations can automatically enroll iOS, iPadOS, macOS, and tvOS devices in mobile device management (MDM) without having to physically touch or prepare the devices before users get them. After enrolling in one of the services, administrators sign in to the service website and link the program to their MDM solution. The devices they purchased can then be assigned to users through MDM. During the device configuration process, security of sensitive data can be increased by ensuring appropriate security measures are in place. For example:
Have users authenticate as part of the initial setup flow in the Apple device’s Setup Assistant during activation.
Provide a preliminary configuration with limited access and require additional device configuration to access sensitive data.
After a user has been assigned, any MDM-specified configurations, restrictions, or controls are automatically installed. All communications between devices and Apple servers are encrypted in transit through HTTPS (TLS).
The setup process for users can be further simplified by removing specific steps in the Setup Assistant for devices so that so users are up and running quickly. Administrators can also control whether users can remove the MDM profile from the device and help ensure that device restrictions are in place throughout the life cycle of the device. After the device is unboxed and activated, it can enroll in the organization’s MDM solution—and all management settings, apps, and books are installed as defined by the MDM administrator.
Apple School Manager, Apple Business Manager, and Apple Business Essentials
Apple School Manager, Apple Business Manager, and Apple Business Essentials are services for IT administrators to deploy Apple devices that an organization has purchased directly from Apple or through participating Apple Authorized Resellers and carriers.
When used with an MDM solution, administrators can simplify the setup process for users, configure device settings, and distribute apps and books purchased in these three services. Apple School Manager also integrates with Student Information Systems (SISs) directly or using SFTP, and all three services can use System for Cross-domain Identity Management (SCIM) or federated authentication with Microsoft Azure Active Directory (Azure AD) so administrators can quickly create accounts.
Apple maintains certifications in compliance with the ISO/IEC 27001 and 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Privacy and Security practices for in-scope systems. For more information, see Security certifications for Apple internet services in the Security Certifications and Compliance Center.
Note: To learn whether an Apple program is available in a specific country or region, see the Apple Support article Availability of Apple programs and payment methods for education and business.
Supervision generally denotes that the device is owned by the organization, giving them additional control over the device’s configuration and restrictions. For more information, see About Apple device supervision in Apple Device Device Deployment.