Choose a device management service
There are many device management services available from a variety of third parties. Evaluate which aspects of device management are most important to your organisation — including hosting options and pricing — before you choose one. The criteria below can help with your decision.
Based on your criteria, you can create a shortlist of device management services and set them up on a trial basis with just a few test devices to evaluate which service best meets your needs before making a final decision. Apple School Manager and Apple Business Manager both allow you to connect with more than one device management service and assign devices to different services as needed.
Tip: It’s vitally important to select the appropriate device management service before your deployment. Changing mid-deployment may require you to erase each device and re-enrol it.
Vendor support access and policies
The device management service is a mission-critical part of your overall deployment and management plan. You need to evaluate the support, services and training each device management service developer provides.
Device management framework support
Apple devices provide a rich set of configuration options available through the device management framework. Organisations need to evaluate whether the intended device management service supports required profiles and configurations. In addition, evaluate which declarative device management capabilities it supports if you’re planning to use enforced software updates, managed service configuration files or other functionality the declarative device management protocol provides.
Device support
Some device management services provide in-depth support for specific Apple device types — for example, just Mac computers or iPhone devices — while others offer cross-platform support. You can choose a mix of device management service developers to support each device type with a specialised service. Automatic assignment by device type in Apple School Manager or Apple Business Manager makes this simple. Or choose a device management service developer that supports all Apple device types you use across your organisation.
Support for Apple web-based portals
Some device management service developers offer enhanced support for device enrolment and Managed Distribution. Some, for example, offer the ability to import multiple content tokens for Apple School Manager or Apple Business Manager. Having multiple content tokens associated with purchasing apps and books is helpful if your organisation has multiple manager accounts, such as one for each school in a local authority. With multiple content tokens, an organisation can have separate enrolment settings for different sets of devices. In this case, an enterprise might have one for shared devices and another for one-to-one devices.
Device management services also play a key role in enforcing access management rules for Managed Apple Accounts. When a Managed Apple Account tries to sign in, the device sends a GetToken request to the device management service to determine whether its management status aligns with the organisational requirements. For more information, see Get Token on the Apple Developer website.
User account information
Device management services can set up mail and other user accounts automatically. Depending on the device management service you use, and its integration with your internal systems, you can pre-populate account payloads with a user’s name, email address and certificate identities for authentication and signing.
A device management service can configure the following types of accounts with user information:
Calendar
Contacts
Exchange ActiveSync (EAS)
Exchange Web Services (EWS)
Extensible single sign-on
Google
Identity
LDAP
Mail
Subscribed calendars
VPN
802.1X
Device management commands
Device management services can send commands to enrolled Apple devices. To learn which commands are available for your devices, consult your developer’s device management service documentation. You can use commands to trigger software updates, locate misplaced devices with Lost Mode or install apps remotely. For more information, see Device management commands.
Query and reporting services
A device management service can query Apple devices for a variety of information, including hardware serial number, Unique Device Identifier, Wi-Fi, media access control (MAC) address and (for Mac computers) FileVault encryption status. It can also query for software information, such as device version and restrictions, and list the apps installed on the device. You can use this information to ensure that users maintain the appropriate apps. iOS, iPadOS and visionOS 1.1 allow queries about the last time a device was backed up to iCloud and about the app assignment account hash of the logged-in user. In tvOS, a device management service can query enrolled Apple TV devices for asset information, such as language, locale and organisation. For more information, see Device information queries.
Education-centric functionality
Some device management service developers offer functionality designed specifically for education environments. Well before the day you give devices to students, make sure your device management service developer supports Apple services and apps, such as Apple School Manager, Classroom, Schoolwork, Shared iPad and all the education features in the latest versions of Apple operating systems. For more information on deploying Apple hardware, software and services in education, see the Apple Deployment Guide for K–12 Education.
In iPadOS 17.6 or later, developers can take advantage of additional apps alongside their primary assessment app — for example, accessibility apps and apps that may use calculators, notes and spreadsheets.
In iPadOS 17.5 or later with Schoolwork 3.0, teachers can:
Send any document or file as a Classroom assessment, including PDFs and files created from Pages, Numbers, Keynote and Google Suite (docs, sheets, slides)
Upload documents from iCloud and scan paper documents directly into Schoolwork
Review and mark student work and documents using scoring features
Analyse student performance per question, which includes other reporting and insight features
Business-centric functionality
Some device management service developers offer functionality designed specifically for business. Examples include tools for auditing and for integrating with Active Directory and LDAP directory services.