Managing iOS devices has never been easier. With built‑in support for third‑party mobile device management (MDM) solutions, iOS drives faster onboarding in large‑scale deployments while still enabling employees to be productive right out of the box.
iOS includes built-in support for MDM solutions making it easy for IT to configure, manage, and update all iOS devices within an organization.
iOS has a built-in MDM framework that allows third‑party MDM solutions to wirelessly interact with iOS devices, and is powerful and scalable enough to fully configure and manage all the iOS devices within an organization. This enables IT to select from a wide range of solutions to fit into the environment, with the confidence that all the same features are available to manage the company’s iOS devices.
With an MDM solution in place, IT administrators can securely enroll devices in an enterprise environment, configure and update settings, monitor compliance with corporate policies, and remotely wipe or lock managed devices. iOS gives MDM solutions a simple way to enable user access to company services while ensuring devices are properly configured — regardless of who owns them.
Installation, management, and removal of accounts that provide access to corporate services.Managed configurations.
Configuration of settings such as passcodes, restrictions, and voice and data roaming policies.Streamlined enrollment.
Authenticate and enroll devices over the air or automate MDM enrollment during setup for company-owned devices.
Scheduled querying of device, network, application, and security information.Security commands.
Ability to clear a user’s passcode, and remotely lock or wipe a lost or stolen device.Managed apps.
Installation, configuration, management, and removal of App Store and custom in-house apps.
iOS makes it simple to enroll iOS devices in MDM — whether deploying devices in a BYOD environment or setting up company-owned devices — so users can be up and running quickly.
For BYOD programs, users can enroll in MDM by initiating the installation of a configuration profile on their personal device. And when no longer needed, users have the option to opt‑out of MDM enrollment at any time by removing the profile from their device.
IT can automate MDM enrollment for all corporate‑owned devices in an organization by enrolling in the Device Enrollment Program. The program allows IT administrators to wirelessly configure and supervise devices while also mandating and locking MDM enrollment.*
iOS enables MDM to manage IT policies that help protect corporate data while maintaining a seamless user experience.
All enterprise settings, accounts, and apps installed by MDM are flagged by iOS as “managed.” This process is hidden from the user and lets the MDM server apply policies with granularity. MDM can prevent only managed apps from backing up to iCloud instead of completely disabling iCloud backup. This gives users the benefits of using iCloud for personal data while keeping corporate information from being stored in the cloud. Other iOS features like per app VPN and open in management are also designed to protect corporate data while preventing personal data from being accessible to the organization.
iOS features like managed accounts, app installation and configuration, open in management, per app VPN, and enterprise single sign on all work together to enable fine‑grain controls for the data that is managed by the MDM server. Managing IT policies this way removes complexity for an organization’s users, allowing them to use the apps they want without jumping back and forth between workspaces or duplicate copies of the same app.
In BYOD environments it’s important to keep personal and corporate data separate. MDM in iOS is built with methods to ensure user privacy while still protecting and securing corporate data.
When users enroll in MDM for the first time on an iOS device, they are provided with information about what the MDM server can access on their devices and the features it will configure. If at any point a user is not comfortable with this access, they can opt out of the relationship by deleting the management profile from their device. When they do, all corporate accounts and apps installed by MDM are removed.
While IT can interact with iOS devices through an MDM server, not all settings and account information are exposed. IT can only manage corporate accounts, settings, and information provisioned via MDM. The user’s personal accounts can’t be accessed. In fact, the same features that keep data secure in corporate‑managed apps also protect a user's personal content from entering the corporate data stream.
MDM can see:
- Device name
- Phone number
- Serial number
- Model name and number
- Capacity and space available
- iOS version number
- Installed apps
MDM cannot see:
- Personal mail, calendars, contacts
- SMS or iMessages
- Safari browser history
- FaceTime or phone call logs
- Personal reminders and notes
- Frequency of app use
- Device location
There are a wide variety of MDM solutions available to meet the needs of any size deployment. MDM solutions can be easily implemented, and offer a range of features to configure, deploy, and manage iOS devices. And MDM can be surprisingly affordable, with a solution to fit any budget.
MDM solutions support a variety of server platforms, management consoles, workflow options, and pricing structures. Whether looking for a cloud-hosted solution or a server that’s installed on premise, IT has the flexibility to choose an architecture that’s best for the company. With the right controls in place, IT can manage devices with ease.
OS X Server includes Profile Manager, a server‑based MDM solution for remotely managing iOS devices. Profile Manager makes it easy to configure iOS and OS X devices so they’re set up to use corporate resources and have the settings that the organization requires. There are no client licenses to purchase or maintain, which makes Profile Manager the simplest and fastest way to get started with mobile device management.
Learn more about Profile Manager