Apple Configurator security
Apple Configurator for Mac features a flexible, secure, device-centric design that lets an administrator quickly and easily configure one or dozens of iPad, iPhone, and Apple TV (Wi-Fi and Ethernet only) devices connected to a Mac through USB (or for Apple TV, through Ethernet) before giving them to users. With Apple Configurator for Mac, an administrator can update software, install apps and configuration profiles, rename and change wallpaper on devices, export device information and documents, and much more.
Apple Configurator for Mac can also revive or restore Mac computers with Apple silicon, those with the Apple T2 Security Chip, and Apple Vision Pro (with a Developer Strap). When a Mac or Apple Vision Pro is revived or restored in this manner, the file containing the latest minor updates to the operating systems (macOS, recoveryOS for Apple silicon, or sepOS for T2) is securely downloaded from Apple servers and installed directly on the Mac. After a successful revive or restore, the file is deleted from the Mac with Apple Configurator. At no time can the user inspect or use this file outside of Apple Configurator.
Administrators can also choose to add devices to Apple School Manager or Apple Business Manager using Apple Configurator for Mac or Apple Configurator for iPhone, even if the devices weren’t purchased directly from Apple, an Apple Authorized Reseller, or an authorized cellular carrier. When the administrator sets up a device that has been manually enrolled, it behaves like any other device in one of those services, with mandatory supervision and device management service enrollment. For devices that weren’t purchased directly, the user has a 30-day provisional period to release the device from one of those services, supervision, and a device management service.
Organizations can also use Apple Configurator for Mac to activate iPad, iPhone, and Apple TV devices that have absolutely no internet connection by connecting them to a host Mac with an internet connection while the devices are being set up. Administrators can restore, activate, and prepare devices with their necessary configuration including apps, profiles, and documents without ever needing to connect to either Wi-Fi or cellular networks. This feature doesn’t allow an administrator to bypass any existing Activation Lock requirements normally required during nontethered activation.