Manage with ease.

Managing iOS devices has never been easier. With built‑in support for third‑party mobile device management (MDM) solutions, iOS drives faster onboarding in large‑scale deployments while still enabling employees to be productive right out of the box.

Complete management.

iOS includes built-in support for MDM solutions making it easy for IT to configure, manage, and update all iOS devices within an organization.

Built right into iOS.

iOS has a built-in MDM framework that allows third‑party MDM solutions to wirelessly interact with iOS devices, and is powerful and scalable enough to fully configure and manage all the iOS devices within an organization. This enables IT to select from a wide range of solutions to fit into the environment, with the confidence that all the same features are available to manage the company’s iOS devices.

Granular control.

With an MDM solution in place, IT administrators can securely enroll devices in an enterprise environment, configure and update settings, monitor compliance with corporate policies, and remotely wipe or lock managed devices. iOS gives MDM solutions a simple way to enable user access to company services while ensuring devices are properly configured — regardless of who owns them.

The MDM framework in iOS supports the following features.

Managed accounts.

Installation, management, and removal of accounts that provide access to corporate services.

Managed configurations.

Configuration of settings such as passcodes, restrictions, and voice and data roaming policies.

Streamlined enrollment.

Authenticate and enroll devices over the air or automate MDM enrollment during setup for company-owned devices.

Device queries.

Scheduled querying of device, network, application, and security information.

Security commands.

Ability to clear a user’s passcode, and remotely lock or wipe a lost or stolen device.

Managed apps.

Installation, configuration, management, and removal of App Store and custom in-house apps.

Streamline enrollment.

iOS makes it simple to enroll iOS devices in MDM — whether deploying devices in a BYOD environment or setting up company-owned devices — so users can be up and running quickly.


For BYOD programs, users can enroll in MDM by initiating the installation of a configuration profile on their personal device. And when no longer needed, users have the option to opt-out of MDM enrollment at any time by removing the profile from their device.

Fully automated.

IT can automate MDM enrollment for all corporate‑owned devices in an organization by enrolling in the Device Enrollment Program. The program allows IT administrators to wirelessly configure and supervise devices while also mandating and locking MDM enrollment.*

Manage corporate data.

iOS enables MDM to manage IT policies that help protect corporate data while maintaining a seamless user experience.

Separate work and personal.

All enterprise settings, accounts, and apps installed by MDM are flagged by iOS as “managed.” This process is hidden from the user and lets the MDM server apply policies with granularity. MDM can prevent only managed apps from backing up to iCloud instead of completely disabling iCloud backup. This gives users the benefits of using iCloud for personal data while keeping corporate information from being stored in the cloud. Other iOS features like per app VPN and open in management are also designed to protect corporate data while preventing personal data from being accessible to the organization.

IT controlled.

iOS features like managed accounts, app installation and configuration, open in management, per app VPN, and enterprise single sign on all work together to enable fine-grain controls for the data that is managed by the MDM server. Managing IT policies this way removes complexity for an organization’s users, allowing them to use the apps they want without jumping back and forth between workspaces or duplicate copies of the same app.

Protect user privacy.

In BYOD environments it’s important to keep personal and corporate data separate. MDM in iOS is built with methods to ensure user privacy while still protecting and securing corporate data.

Opt-in enrollment.

When users enroll in MDM for the first time on an iOS device, they are provided with information about what the MDM server can access on their devices and the features it will configure. If at any point a user is not comfortable with this access, they can opt out of the relationship by deleting the management profile from their device. When they do, all corporate accounts and apps installed by MDM are removed.

Protecting personal accounts.

While IT can interact with iOS devices through an MDM server, not all settings and account information are exposed. IT can only manage corporate accounts, settings, and information provisioned via MDM. The user’s personal accounts can’t be accessed. In fact, the same features that keep data secure in corporate‑managed apps also protect a user’s personal content from entering the corporate data stream.

Examples of what an MDM server can and can’t see on an iOS device.

MDM can see:

  • Device name
  • Phone number
  • Serial number
  • Model name and number
  • Capacity and space available
  • iOS version number
  • Installed apps

MDM cannot see:

  • Personal mail, calendars, contacts
  • SMS or iMessages
  • Safari browser history
  • FaceTime or phone call logs
  • Personal reminders and notes
  • Frequency of app use
  • Device location

MDM for any size deployment.

There are a wide variety of MDM solutions available to meet the needs of any size deployment. MDM solutions can be easily implemented, and offer a range of features to configure, deploy, and manage iOS devices. And MDM can be surprisingly affordable, with a solution to fit any budget.

Third-party MDM solutions.

MDM solutions support a variety of server platforms, management consoles, workflow options, and pricing structures. Whether looking for a cloud-hosted solution or a server that’s installed on premise, IT has the flexibility to choose an architecture that’s best for the company. With the right controls in place, IT can manage devices with ease.

Profile manager.

OS X Server includes Profile Manager, a server‑based MDM solution for remotely managing iOS devices. Profile Manager makes it easy to configure iOS and OS X devices so they’re set up to use corporate resources and have the settings that the organization requires. There are no client licenses to purchase or maintain, which makes Profile Manager the simplest and fastest way to get started with mobile device management.
Learn more about Profile Manager

Get started.

Consider the following when selecting and setting up an MDM solution.

Select an MDM provideer.

There are many MDM solution providers to choose from that support iOS, so IT can focus on selecting the best solution to fit the company’s business needs.

Request a certificate.

Obtain an SSL certificate from Apple. This certificate enables a server to securely communicate with the Apple Push Notification service. Third-party MDM solution providers can offer help to get started. Visit the Apple Push Certificates portal
to learn more

Enroll in the program.

In order to automate MDM enrollment for company-owned devices, the organization must first be enrolled in the Device Enrollment Program and have an Apple Deployment Programs account. It is also important to check with the selected MDM provider to ensure this features is supported.* Visit the Apple Deployment Programs
website to enroll