Simple to deploy. At any scale.

Whether you have ten devices or ten thousand, it’s easier than ever to integrate, manage, deploy and secure your Apple devices. With Apple Business Manager, devices can be distributed directly to employees and used straight out of the box, all without manual configuration.

Simplifying every step of the device life cycle.

iPhone, iPad, Mac and Apple TV fit right into your existing corporate infrastructure. Apple makes it easy for IT teams to administer devices, manage configurations, distribute apps and content, and secure corporate data. And with flexible deployment models, IT can get employees up and running faster than ever with the best tools for their jobs.

Get started with Apple Business Manager.

Apple Business Manager is a web-based portal helping IT administrators deploy iPhone, iPad, Mac and Apple TV. They can easily provide employees with access to Apple services, set up device enrolment, and distribute apps, books and custom apps — all from one place.


Enrol devices to be set up automatically with Mobile Device Management (MDM). Streamline and customise the setup process for employees.


Easily buy apps and books for employees. And now distribute custom apps within your organisation.


Create Managed Apple IDs for employees and assign privileges for additional users on your IT team.

Integrate with any environment.

Flexible deployment options for every scenario.

Apple makes it easy to choose the right deployment option to meet the needs of your organisation. Protect company information while maintaining privacy for employees who bring their own device to work with User Enrolment. IT can establish a higher level of control on organisation-owned devices with supervision and Device Enrolment.


User Enrolment

Private and secure for BYOD.

New enrolment method.

User Enrolment allows employees to protect their privacy while IT keeps corporate data safe. Behind the scenes, a separate volume keeps managed data cryptographically separated.

Only manage what’s necessary.

IT can manage a subset of configurations and policies while restricting certain management tasks, such as remotely wiping the entire device or collecting personal information.

Two Apple IDs, one device.

Employees bringing their own device to work can also bring their existing Apple ID alongside a Managed Apple ID for corporate data. All data is kept separate and private.

User Enrolment

When a personal device is enrolled with User Enrolment, MDM is limited to certain management functions.

IT can

Configure accounts

Configure Per app VPN

Install and configure apps

Require a passcode

Enforce certain restrictions

Access inventory of work apps

Remove work data only

IT cannot

Access personal information

Access inventory of personal apps

Remove any personal data

Collect any logs on the device

Take over personal apps

Require a complex passcode

Remotely wipe the entire device

Access device location

Device Enrolment

For corporate-owned devices.

Automated enrolment.

IT can automatically provision devices into MDM during setup — straight out of the box. IT can also customise the onboarding experience to streamline the process for employees.

Higher level of control.

By using supervision, IT can use controls not available for other deployment models, including additional security configurations, non-removable MDM and software update management.

Flexible models.

Provide devices to employees for their daily use, share devices among employees for common tasks, or configure devices for a specific purpose locked into a single app.

Device Enrolment

When an Apple device is supervised, IT has a higher level of control to configure settings and apply restrictions.

IT can

Configure accounts

Configure global proxies

Install, configure and remove apps

Require a complex passcode

Enforce all restrictions

Access inventory of all apps

Remotely erase the entire device

Manage software updates

Remove system apps

Modify the wallpaper

Lock into a single app

Bypass Activation Lock

Force Wi‑Fi on

Place device in Lost Mode

Manage with ease.

All Apple devices have a built-in, secure management framework enabling IT to configure settings, manage devices and set up security features remotely over the air. IT can easily create profiles to ensure employees have everything they need to be secure and productive. Apple devices enable IT to manage with a light touch without having to lock down features or disable functionality and still keep company data protected.

One simple framework.

With the secure management framework in iOS, iPadOS, macOS and tvOS, IT can configure and update settings, deploy applications, monitor compliance, query devices and remotely wipe corporate data. The framework supports organisation‑owned and employee‑owned devices.

Configure and control.

MDM supports configuration for apps, accounts and data on each device. This includes integrated features such as password and policy enforcement. Controls remain transparent to employees while ensuring their personal information stays private. And IT maintains necessary oversight without disrupting the productivity employees need to succeed.

Variety of MDM solutions.

Whether your business uses a cloud-based or on-premises server, MDM solutions are available from a wide range of vendors with a variety of features and pricing for ultimate flexibility. And each solution utilises the Apple management framework in iOS, iPadOS, tvOS and macOS to manage features and settings for each platform.

Software update management.

IT can delay over‑the‑air updates for supervised iOS, iPadOS, macOS and tvOS devices. This gives IT time and flexibility to complete a thorough certification. Once IT certifies a version of each release, they can decide what version users should download and install. Then, IT can directly push the update to all employees to ensure they have the latest security features on all their devices.

Personal information is always private. Regardless of enrolment method.

Every Apple product is designed with privacy in mind. On-device processing is used whenever possible, the collection and use of data is limited, and everything is designed to provide users with transparency and controls for their data.

The MDM protocol allows IT to interact with an Apple device but limits the exposure of certain information and settings. Regardless of deployment model, the MDM framework can never access personal information including email, messages, browser history and device location.

Simplified access to corporate data and services.

iOS, iPadOS and macOS make it easier than ever for IT to integrate with your organisation’s directory service or cloud identity provider. IT can now link Apple Business Manager to Microsoft Azure Active Directory, making it seamless for employees to access Apple services with a Managed Apple ID.


Managed Apple IDs for employees.

Managed Apple IDs are created, owned and managed by the organisation and are designed for BYOD and organisation-owned devices. Organisations can use Apple Business Manager to automatically create Managed Apple IDs for employees. This enables employees to collaborate with Apple apps and services as well as access corporate data in managed apps that use iCloud Drive. Managed Apple IDs can also be used alongside a personal Apple ID on employee-owned devices when organisations leverage User Enrolment.


Sign on once.

The latest versions of iOS, iPadOS and macOS introduce a new system-wide extension framework for single sign-on to make it easier for employees to sign in to corporate apps and websites. The new extension framework requires support from cloud identity providers and is configurable through MDM. And for organisations using Kerberos, a first-party extension provides password management and local password sync for internal applications.


Microsoft Azure AD authentication.

With federated authentication, IT teams can connect Apple Business Manager to Microsoft Azure Active Directory, enabling employees to use their existing usernames and passwords as Managed Apple IDs. Employees can access Apple services including iCloud Drive, Notes, Reminders and collaboration, all with their existing credentials. And Managed Apple IDs are automatically created when a user first signs into an Apple device with their Azure AD username and password.

Verify your business uses Microsoft Azure Active Directory

Determine the business domains you’d like to link to Apple Business Manager

Set up the connection to Microsoft Azure Active Directory in Apple Business Manager

Content distribution made incredibly simple.

Apple Business Manager makes it easy to find, buy and distribute content in volume to meet your every business need. Purchase any app available on the App Store or use custom apps built specifically for your business internally or by third-party developers. And when apps are distributed through MDM, IT won’t need to use redemption codes or Apple IDs to get content onto each device.

Apps and books in bulk.

Buying apps in volume for iOS, iPadOS and macOS is even easier with Apple Business Manager. When app licences are no longer needed, they can be reassigned to another device or employee. You can also manage custom app licences made specifically for your business developed internally or by third-party developers. And by purchasing Volume Credit, you can use purchase orders to buy content through your reseller.

Streamlined distribution.

Apps purchased through Apple Business Manager can be distributed easily through MDM to users or devices in any country where the apps are available. With Apple Business Manager, you can privately and securely distribute content to specific partners, clients and franchisees. And now you can also distribute proprietary apps to internal employees.

Secure by design. Enforced by IT.

Once devices are set up, IT can manage and protect corporate data thanks to built-in security features and additional controls made available through MDM. Common frameworks across apps enable configuration and ongoing management of settings.

Keep work data safe.

IT can enforce and monitor security policies through MDM. For example, requiring a passcode via MDM on iOS and iPadOS devices automatically enables Data Protection providing file encryption for the device. An MDM policy can also enable FileVault encryption on a Mac to secure all data at rest. And MDM can be used to configure Wi‑Fi and VPN and deploy certificates for added security.

Lock. Locate. Wipe.

When devices go missing, your corporate data doesn’t have to go with it. For iOS, iPadOS and macOS devices, IT can remotely lock and erase all sensitive data to protect your company’s information. For supervised iOS and iPadOS devices, IT can enable Lost Mode to see the device’s location. IT also has the tools to manage corporate apps, which can be instantly removed from a device without erasing personal data.

Separate, seamless and secure.

MDM solutions allow device management at a granular level without the need for containers, keeping corporate data safe. With Managed Open In, IT can set restrictions to keep attachments or documents from being opened in unmanaged destinations and vice versa. And on macOS, built-in security features let IT encrypt data, protect devices from malware and enforce security settings without the need for third-party tools.

Apps you can trust.

Thanks to a common framework and controlled ecosystem, apps on Apple platforms are secure by design. Our developer programs verify the identity of every developer, and apps are verified by the system before they are launched on the App Store. Apple provides developers with frameworks for features including signing, app extensions, entitlements and sandboxing to provide even greater levels of security.

AppleSeed for IT

Test beta software, access test plans and provide feedback.

Download the AppleSeed for IT programme guide (PDF)

AppleCare Professional Support

Flexible options for hardware and software support.

Learn more about AppleCare Professional Support