Ready. Set.
Apple fits easily into your existing infrastructure, no matter how many devices you run. Zero-touch deployment allows IT to configure and manage remotely, and IT can tailor the setup process to any team. So every Mac, iPad, iPhone and Apple TV is ready to go from the start.
You’re in control
with Apple
Business Manager.
Apple Business Manager is a web‑based portal that helps you deploy iPhone, iPad, Mac and Apple?TV. And you can easily provide employees with access to Apple?services, set up device enrolment, and distribute apps, books and software — all from one?place.
Devices
Enrol devices to be set up automatically with mobile device management (MDM). Streamline and customise the setup process for employees.
Content
Easily buy apps and books for employees. And distribute custom apps within your?organisation.
People
Create Managed Apple?IDs for employees and assign privileges for additional users on your IT?team.
Integrate with any?environment.
Wi-Fi and Networking. Apple devices have secure wireless network connectivity built?in. iOS, iPadOS and macOS all provide the built-in security to access those wireless networks, including industry‑standard WPA3-Enterprise and 802.1X. When an Apple device is used on a Cisco network, Fast?Lane prioritises the most critical business apps so that employees have uninterrupted access. And enhanced roaming capabilities ensure that iPhone and iPad remain connected as they travel across access?points.
VPN. Easily configure Apple?devices for secure access to your corporate network through built-in support for?VPN. Out of the box, iOS, iPadOS and macOS support the industry-standard networks IKEv2, Cisco IPsec and L2TP over?IPsec. Apple devices also support VPN On Demand, Always On VPN and Per‑App VPN for facilitating connections on a much more granular basis for managed apps or specific?domains. Whatever method your business chooses, data in transit is protected.
Email. iPhone, iPad and Mac work with Microsoft Exchange, Office?365 and other popular email services, like G?Suite, for instant access to push email, calendar, contacts and tasks over an encrypted SSL connection. And Exchange support is built into the Mail, Calendar, Contacts and Reminders apps on iPhone and iPad — making it intuitive for employees to perform common tasks, such as accepting meeting invitations and finding contacts in the Global Address List.
File Providers. The Files app in iOS and iPadOS and the Finder in macOS let employees instantly access their third‑party cloud services — like Box, Dropbox, OneDrive, Adobe Creative Cloud and Google Drive — so they have all of their files on all of their?devices. The Files app and the Finder also have built-in support for file sharing with SMB and WebDAV, ensuring that employees can access the corporate file servers seamlessly on all their Apple?devices.
Directory Services. Apple devices can access directory services for managing identity and other user data, including Active Directory, LDAP and Open?Directory. Some MDM vendors provide tools to integrate their management solutions with Active Directory and LDAP directories — straight out of the?box. And for organisations using on‑premise Active Directory, a first‑party Kerberos extension provides password management and Kerberos ticket management for signing in to internal apps and?websites.
Identity Providers. The latest versions of iOS, iPadOS and macOS support a new single sign-on (SSO) extension framework, allowing users to sign in to a corporate application once without being asked again for other apps or websites. This feature enables advanced multifactor authentication, supported by participating identity providers, whenever users sign in to a corporate resource. IT teams can also now configure authentication from cloud identity providers during initial enrolment and device setup.
Apple Business Manager Resources
Flexible deployment options for every?scenario.
Apple makes it easy to choose the right deployment option to meet the needs of your?organisation. Protect company information while maintaining privacy for employees who bring their own devices to work with User?Enrolment. Or maintain a higher level of control on organisation-owned devices with supervision and Device?Enrolment.
User Enrolment for?BYOD.
It’s safe and secure.
User Enrolment allows employees to protect their privacy while IT keeps corporate data?safe. Behind the scenes, a separate volume keeps everyone’s managed data cryptographically separated, including a separate account in iCloud Drive.
Only manage what’s?necessary.
IT can manage a subset of configurations and policies while restricting certain management tasks such as remotely wiping the entire device or collecting personal information.
Use two Apple?IDs on one?device.
Employees bringing their own devices to work can also bring their existing Apple?ID alongside a Managed Apple?ID for corporate data. All data is kept separate and?private.
MDM functions are limited on personal?devices.
IT can
Configure accounts
Configure Per‑App VPN
Install and configure apps
Require a passcode
Enforce certain restrictions
Access inventory of work apps
Remove work data only
IT cannot
Access personal information
Access inventory of personal apps
Remove any personal data
Collect any logs on the device
Take over personal apps
Require a complex passcode
Remotely wipe the entire device
Access device location
Supervision for corporate?owned devices.
Simplify with automated enrolment.
IT can automatically provision devices into MDM during setup — straight out of the?box. IT can also customise the onboarding experience to streamline the process for?employees.
Get a higher level of?control.
By using supervision, IT can access controls unavailable for other deployment?models. That includes additional security configurations, non-removable MDM and software update management.
Choose from flexible models.
IT can provide devices to employees for their daily use, share devices among employees for common tasks or configure devices for a specific purpose locked into a single?app.
IT has more control when Apple?devices are supervised.
IT can
Configure accounts
Configure global proxies
Install, configure and remove?apps
Require a complex passcode
Enforce all restrictions
Access inventory of all apps
Remotely erase the entire device
Manage software updates
Remove system apps
Modify the wallpaper
Lock into a single app
Bypass Activation Lock
Force Wi-Fi on
Place device in Lost Mode
Prevent app removal
Create personalised experiences with Shared?iPad.
Sign in to any device.
Shared iPad allows multiple users to share devices without sharing?information. When employees sign in with a company-provided Managed Apple?ID, iPad loads their data, apps and settings. So employees can pick up any device and get started.
Get personalised access.
Users have access to their own files and folders through the Files?app and Mail?account configured with MDM, along with app settings and?data.
Use a Temporary Session.
Temporary Session enables any user to access iPad and automatically removes all data when the user signs out. The SSO extension can be used with Temporary Session to provide easy access to apps and websites. And IT can set a logout time to ensure data is removed.
Deployment and Provisioning Resources
Manage every device with ease.
Apple devices have a built-in, secure management framework enabling IT to configure settings, manage devices and set up security features remotely over the?air. IT can easily create profiles to ensure that employees have everything they need to be secure and productive. Apple devices enable IT to manage with a light touch, without having to lock down features or disable functionality, and still keep company data?protected.
Leverage solutions in one?framework.
With the secure management framework in iOS, iPadOS, macOS and tvOS, IT can configure and update settings, deploy applications, monitor compliance, query devices and remotely wipe corporate?data. The framework supports organisation?owned and employee?owned devices.
Choose from a variety of MDM?solutions.
Whether your business uses a cloud-based or on‑premise server, MDM solutions are available from a wide range of vendors with a variety of features and pricing for ultimate flexibility. And each solution utilises the Apple management framework in iOS, iPadOS, macOS and tvOS to manage features and settings for each platform.
Easily configure and?control every device.
MDM supports configuration for apps, accounts and data on each device. This includes integrated features such as password and policy enforcement. Controls remain transparent to employees while ensuring that their personal information stays?private. And IT maintains necessary oversight without disrupting the productivity employees need to?succeed.
Test and deploy updates on your?time.
IT can delay over?the?air updates for supervised iOS, iPadOS, macOS and tvOS devices. This gives IT time and flexibility to complete a thorough certification. Once IT certifies a version of each release, they can decide what version users should download and?install. Then IT can directly push the update to all employees to ensure that they have the latest security features on all their?devices.
Keep personal information private.
Every Apple product is designed with privacy in?mind. On‑device processing is used whenever possible, the collection and use of data is limited, and everything is designed to provide users with transparency and controls for their data.
The MDM protocol allows IT to interact with an Apple?device but limits the exposure of certain information and?settings. Regardless of deployment model, the MDM framework can never access personal information including email, messages, browser history and device?location.
Corporate information is rigorously protected.
Once devices are set up, IT can manage and protect corporate data thanks to built-in security features and additional controls made available through?MDM. Common frameworks across apps enable configuration and ongoing management of?settings.
Protect work data.
IT can enforce and monitor security policies through MDM. For example, requiring a passcode via MDM on iOS and iPadOS devices automatically enables Data Protection, providing file encryption for the?device. An MDM policy can also enable FileVault encryption on a Mac to secure all data at?rest. And MDM can be used to configure Wi-Fi and VPN, and deploy certificates for added security.
Lock, locate and wipe.
When a device goes missing, your corporate data doesn’t have to go with?it. For iOS, iPadOS and macOS devices, IT can remotely lock and erase all sensitive data to protect your company’s?information. For supervised iOS and iPadOS devices, IT can enable Lost?Mode to see the device’s location. IT also has the tools to manage corporate apps, which can be instantly removed from a device without erasing personal?data.
Make it separate, seamless and?secure.
MDM solutions allow device management at a granular level without the need for containers, keeping corporate data?safe. With Managed Open In, IT can set restrictions to keep attachments, documents or pasteboard from being opened, or pasted into unmanaged destinations. And on macOS, built-in security features let IT encrypt data, protect devices from malware and enforce security settings without the need for third-party tools.
Use apps you can trust.
Thanks to a common framework and controlled ecosystem, apps on Apple platforms are secure by?design. Our developer programmes verify the identity of every developer, and apps are verified by the system before they are launched on the App?Store. Apple provides developers with frameworks for features including signing, app extensions, entitlements and sandboxing to provide even greater levels of security.
Security and Compliance Resources
Simplified access to corporate data and?services.
iOS, iPadOS and macOS make it easy for IT to integrate with your organisation’s directory service or cloud identity provider. IT can link Apple Business Manager with Microsoft Azure Active Directory and Google Workspace (available in early 2022), making it seamless for employees with a Managed Apple?ID.
Create Managed Apple?IDs for employees.
Managed Apple?IDs are created, owned and managed by the organisation, and are designed for BYOD and organisation-owned devices. Organisations can use Apple Business Manager to automatically create Managed Apple?IDs for?employees. This enables employees to collaborate with Apple apps and services as well as access corporate data in managed apps that use iCloud Drive. Managed Apple?IDs can also be used alongside a personal Apple?ID on employee-owned devices when organisations leverage User?Enrolment.
Simplify login with single sign-on.
iOS, iPadOS and macOS have a system-wide extension framework for single sign-on to make it easy for employees to sign in to corporate apps and?websites. The extension framework requires support from cloud identity providers and is configurable through?MDM. And for organisations using Kerberos, a first-party extension provides password management and local password sync for internal applications.
Connect to your identity provider.
With federated authentication, IT teams can connect Apple Business Manager to Microsoft Azure Active Directory and Google Workspace (available in early 2022), enabling employees to use their existing usernames and passwords as Managed Apple?IDs. Employees can access Apple services including iCloud Drive, Notes and Reminders to collaborate using their existing credentials. And Managed Apple?IDs are automatically created when users first sign in to an Apple device with their federated username and password.
To prepare for this simplified sign-in experience:
- Verify that your business uses Microsoft Azure Active Directory or Google Workspace
- Determine the business domains you’d like to link to Apple Business Manager
- Set up the connection to Microsoft Azure Active Directory or Google Workspace in Apple Business Manager
Content distribution made incredibly?
simple.
Apple Business Manager makes it easy to find, buy and distribute content in volume to meet your every business?need. Purchase any app available on the App?Store or use custom apps built specifically for your business internally or by third-party developers. And when apps are distributed through MDM, IT won’t need to use redemption codes or Apple?IDs to get content onto each device.
Purchase apps and books in?bulk.
Buying apps in volume for iOS, iPadOS and macOS is even easier with Apple Business Manager. When app licences are no longer needed, they can be reassigned to another device or employee. You can also manage custom app licences made specifically for your business internally or by third-party developers. And by purchasing Volume Credit, you can use purchase orders to buy content through your?reseller.
Streamline distribution.
Apps purchased through Apple Business Manager can be distributed easily through MDM to users or devices in any country where the apps are available. With Apple Business Manager, you can privately and securely distribute content to specific partners, clients and franchisees. And you can also distribute proprietary apps to internal employees.