iOS provides comprehensive tools that make it easy for IT to manage and secure corporate data, as well as App Store and in-house enterprise apps. And employees still have the freedom and flexibility to use their iOS devices the way they always have — enabling productivity for all.
Management tools built for IT.
iOS provides a built-in management framework that gives IT complete control for any size deployment. These management features are enabled by using third-party management solutions, with a consistent set of capabilities provided by Apple.
Built into iOS.
iOS provides a mobile device management framework that was designed from the ground up, and is powerful and scalable enough to fully configure and manage all the iOS devices within an organization. iOS gives IT a simple way to enable user access to network services while ensuring devices are properly configured — regardless of who owns them.
iOS provides granular control over corporate managed accounts, apps, documents, and data as well as integrated security features such as password enforcement and remote lock or wipe of lost or stolen devices. Most importantly, iOS provides these controls in a way that respects employee privacy and delivers a great user experience.
Easy for users and IT.
The new IT is about simple, streamlined setup — getting users up and running in minutes. iOS makes it simple and intuitive for employees to set up their devices themselves, so there is no need for huge service operations to manage rollouts. Whether deploying devices in a BYOD environment or setting up company-owned devices, users can be up and running quickly.
A wide range of solutions.
MDM solutions support a variety of server platforms, management consoles, workflow options, and pricing structures. Whether looking for a cloud-hosted solution or a server that’s installed on premise, IT has the flexibility to choose an architecture that’s best for the company. OS X Server also includes Profile Manager, a server‑based MDM solution for remotely managing iOS devices.Learn more about Profile Manager
The right balance for personal devices.
In the new world of IT, it’s possible to allow employees to customize their devices without compromising the security of corporate data and apps. iOS offers personalized setup by users, clarity around how devices are configured, as well as assurance that personal data isn't accessed by IT.
Users can simply enroll in MDM within minutes on their personal device by initiating the installation of a configuration profile. And when no longer needed, users have the option to opt out of enrollment at any time by removing the profile from the device.
A new user interface for profiles in iOS 8 shows users what has been configured and restricted by MDM servers. Now employees can easily view which restrictions, apps, books, and accounts are being managed. If at any point a user is not comfortable with this management, they can opt out of the relationship by deleting the management profile from their device.
The iOS mobile device management framework is built with methods to ensure user privacy while still protecting and securing corporate data. IT can only manage corporate accounts, settings, and information provisioned via the organization's third-party management solution.
Separation of data.
All enterprise settings, accounts, and apps installed by MDM are flagged by iOS as “managed.” Other iOS features like per app VPN and open in management are also designed to protect corporate data while preventing personal data from being accessible to the organization. At the same time, iOS preserves a great user experience — allowing BYOD users seamless use of both work and personal data in native apps.
Examples of what a third-party management server can and cannot see on a personal iOS device.
MDM can see:
- Device name
- Phone number
- Serial number
- Model name and number
- Capacity and space available
- iOS version number
- Installed apps
MDM cannot see:
- Personal mail, calendars, and contacts
- SMS or iMessages
- Safari browser history
- FaceTime or phone call logs
- Personal reminders and notes
- Frequency of all use
- Device location
Bring your own device.
BYOD programs are thriving in businesses everywhere and increasing productivity at the same time. Find out how major corporations are implementing successful programs that support employee choice.Learn more about BYOD
Greater control for corporate‑owned devices.
iOS features like streamlined enrollment, lockable MDM settings, device supervision, and always-on VPN ensure that devices are configured based on your organization’s specific requirements, providing increased control while assuring that corporate data is protected.
The Device Enrollment Program (DEP) helps organizations that have purchased iOS devices directly from Apple to easily set up, configure, and supervise those devices wirelessly. With DEP, devices can be properly configured without the need for staging services that prep devices before users get them. The program also allows IT to mandate and lock third-party management enrollment.
Even more ways to supervise.
Choose to supervise iOS devices owned by your organization if the devices are shared by several people or used for a single purpose such as in a retail store or restaurant. Enabling additional configuration options and restrictions gives IT the ability to disallow modification of account settings, or lets IT filter web connections via Global Proxy to make sure employee web traffic stays within the corporate network.
Examples of additional controls for corporate-owned devices:
- Device Enrollment Program (DEP)
- Streamlined setup
- Supervised controls
- Always-on VPN
- Global proxy
- Advanced content filtering
- Device queries — list installed apps, etc
- Activation Lock Bypass Code
- Full remote wipe
- Locked MDM
Device Enrollment Program.
The Device Enrollment Program provides a fast, streamlined way to deploy institutionally owned iPhones, iPads, and Macs that are purchased directly from Apple. Enrollment begins by creating an Apple Deployment Programs account.
Download the Device Enrollment Program Guide
With an MDM solution in place, you can get up and running by obtaining an SSL certificate from Apple. The certificate allows MDM servers to securely communicate with the Apple Push Notification service. Your third-party MDM solution provider can help get this started.
Requesting a certificate is simple and free.
Follow these instructions to get started.
Contact the MDM solution provider to request a Certificate Signing Request (CSR). The vendor will sign the CSR and deliver it to you.
Select the signed CSR and click upload. After a moment, your certificate will be available for download.
This certificate can now be uploaded to your MDM server for use with the Apple Push Notification service.
Resources for IT.
The following resources are available to support any size deployment. Get the information you need to make your deployment successful.
iOS Enterprise Deployment Resources
Deploy successfully with technical documentation and information.