Intro to mobile device management (MDM)
iOS, iPadOS, macOS, and tvOS have a built-in framework that supports mobile device management (MDM). MDM lets you securely and wirelessly configure devices, whether they’re owned by the user or your organization. Mobile device management includes updating device settings, monitoring compliance with organizational policies, and remotely wiping or locking devices. Users can enroll their own devices in MDM and organization-owned devices can be enrolled in MDM automatically using Apple School Manager or Apple Business Manager.
After the device is enrolled, you can wirelessly distribute, manage, and configure apps and books purchased through Apple School Manager, Apple Business Manager, or enterprise apps developed in-house. Users can install apps themselves, or apps can be installed automatically depending on the type of app it is, how it’s assigned, and whether the device is supervised.
MDM solutions use the Apple Push Notification service (APNs) to maintain persistent communication with Apple devices across both public and private networks. MDM solutions require multiple certificates, including an APNs certificate to talk to devices, an SSL certificate to communicate securely, and a certificate to sign configuration profiles. See How Apple devices work with APNs.
Important: APNs certificates must be renewed annually. When a certificate expires, an MDM solution can’t communicate with Apple devices until the certificate is updated. Be prepared to update all certificates used by your MDM solution before they expire. Contact your Certificate Authority (CA) for information about renewing your certificates. See Apple Push Certificates Portal.