iOS has a built-in MDM framework that allows third-party MDM solutions to wirelessly interact with iOS devices. This lightweight framework was designed from the ground up for iOS devices, and is powerful and scalable enough to fully configure and manage all the iOS devices within an organization.
With an MDM solution in place, IT administrators can securely enroll devices in an enterprise environment, configure and update settings, monitor compliance with corporate policies, and remotely wipe or lock managed devices. iOS gives MDM solutions a simple way to enable user access to company services while ensuring devices are properly configured — regardless of who owns them.
To communicate with an iOS device, all MDM servers use the Apple Push Notification service to silently prompt the device to check in for management. Once a secure connection is established between the server and the device, all management tasks are carried out by the built-in MDM framework in iOS. This framework enables MDM servers to contact devices on demand without affecting performance or battery life. It also means there’s no need for each MDM solution provider to create a custom agent of their own to perform management tasks.
MDM on iOS is built with methods to ensure user privacy throughout. When users enroll in MDM for the first time on an iPhone or iPad, they are provided with information about what the MDM server can access on their devices and the features it will configure. If at any point a user is not comfortable with this access, they can opt out of the relationship by deleting the management profile from their device. When they do, all corporate accounts and apps installed by MDM are removed.
iOS features like per app VPN and open in management are designed to protect corporate data while preventing personal data from being accessible to the organization. The same features that keep data secure in corporate-managed apps also protect users’ personal content from entering the corporate data stream.
While IT can interact with iPhone and iPad devices through an MDM server, not all settings and account information are exposed. IT can only manage corporate accounts, settings, and information provisioned via MDM. The user’s personal accounts can’t be accessed.
Once you’ve selected an MDM solution, there are a few simple steps to get up and running. Beyond basic installation and configuration of your server, you’ll need to obtain an SSL certificate from Apple. This certificate enables your server to securely communicate with the Apple Push Notification service. Your third-party MDM solution provider can help you get this started.