iOS and the new IT.

Progressive IT organizations are prioritizing productivity by empowering employees with iPad and iPhone. Apple makes it easy to manage iOS devices on corporate networks so that IT can focus on what’s most important — helping employees transform the way they work.

Complete management.

iOS provides comprehensive tools that make it easy for IT to manage and secure corporate data, as well as App Store and in-house enterprise apps. And employees still have the freedom and flexibility to use their iOS devices the way they always have — enabling productivity for all.

Management tools built for IT.

iOS provides a built-in management framework that gives IT complete control for any size deployment. These management features are enabled by using third-party management solutions, with a consistent set of capabilities provided by Apple.

Built into iOS.

iOS provides a mobile device management framework that was designed from the ground up, and is powerful and scalable enough to fully configure and manage all the iOS devices within an organization. iOS gives IT a simple way to enable user access to network services while ensuring devices are properly configured — regardless of who owns them.

Granular controls.

iOS provides granular control over corporate managed accounts, apps, documents, and data as well as integrated security features such as password enforcement and remote lock or wipe of lost or stolen devices. Most importantly, iOS provides these controls in a way that respects employee privacy and delivers a great user experience.

Easy for users and IT.

The new IT is about simple, streamlined setup — getting users up and running in minutes. iOS makes it simple and intuitive for employees to set up their devices themselves, so there is no need for huge service operations to manage rollouts. Whether deploying devices in a BYOD environment or setting up company-owned devices, users can be up and running quickly.

A wide range of solutions.

MDM solutions support a variety of server platforms, management consoles, workflow options, and pricing structures. Whether looking for a cloud-hosted solution or a server that’s installed on premise, IT has the flexibility to choose an architecture that’s best for the company. OS X Server also includes Profile Manager, a server‑based MDM solution for remotely managing iOS devices.

Learn more about Profile Manager

The right balance for personal devices.

In the new world of IT, it’s possible to allow employees to customize their devices without compromising the security of corporate data and apps. iOS offers personalized setup by users, clarity around how devices are configured, as well as assurance that personal data isn't accessed by IT.

Opt-in enrollment.

Users can simply enroll in MDM within minutes on their personal device by initiating the installation of a configuration profile. And when no longer needed, users have the option to opt out of enrollment at any time by removing the profile from the device.

Greater transparency.

iOS shows users how their profiles have been configured and restricted by MDM servers. Employees can easily view which restrictions, apps, books, and accounts are being managed. That way they know how their device is being set up. If at any point a user is not comfortable with this management, they can opt out of the relationship by deleting the management profile from their device.

Comprehensive privacy.

The iOS mobile device management framework is built with methods to ensure user privacy while still protecting and securing corporate data. IT can only manage corporate accounts, settings, and information provisioned via the organization's third-party management solution.

Separation of data.

All enterprise settings, accounts, and apps installed by MDM are flagged by iOS as “managed.” Other iOS features like per app VPN and open in management are also designed to protect corporate data while preventing personal data from being accessible to the organization. At the same time, iOS preserves a great user experience — allowing BYOD users seamless use of both work and personal data in native apps.

Examples of what a third-party management server can and cannot see on a personal iOS device.

MDM can see:

  • Device name
  • Phone number
  • Serial number
  • Model name and number
  • Capacity and space available
  • iOS version number
  • Installed apps

MDM cannot see:

  • Personal mail, calendars, and contacts
  • SMS or iMessages
  • Safari browser history
  • FaceTime or phone call logs
  • Personal reminders and notes
  • Frequency of all use
  • Device location

Bring your own device.

BYOD programs are thriving in businesses everywhere and increasing productivity at the same time. Find out how major corporations are implementing successful programs that support employee choice.

Learn more about BYOD

Greater control for corporate‑owned devices.

iOS features like streamlined enrollment, lockable MDM settings, device supervision, and always-on VPN ensure that devices are configured based on your organization’s specific requirements, providing increased control while assuring that corporate data is protected.

Automated enrollment.

The Device Enrollment Program (DEP) helps organizations that have purchased iOS devices directly from Apple to easily set up, configure, and supervise those devices wirelessly. With DEP, devices can be properly configured without the need for staging services that prep devices before users get them. The program also allows IT to mandate and lock third-party management enrollment.

Even more ways to supervise.

Choose to supervise iOS devices owned by your organization if the devices are shared by several people or used for a single purpose such as in a retail store or restaurant. Enabling additional configuration options and restrictions gives IT the ability to disallow modification of account settings, or lets IT filter web connections via Global Proxy to make sure employee web traffic stays within the corporate network.

Examples of additional controls for corporate-owned devices:

  • Device Enrollment Program (DEP)
  • Streamlined setup
  • Supervised controls
  • Always-on VPN
  • Global proxy
  • Advanced content filtering
  • Device queries — list installed apps, etc
  • Activation Lock Bypass Code
  • Full remote wipe
  • Locked MDM

Device Enrollment Program.

The Device Enrollment Program provides a fast, streamlined way to deploy institutionally owned iPads, iPhones, and Macs that are purchased directly from Apple or through participating Apple Authorized Resellers and carriers. Enrollment begins by creating an Apple Deployment Programs account.
Enroll in the Device Enrollment Program
Learn more about the Device Enrollment Program

Get started.

With an MDM solution in place, you can get up and running by obtaining an SSL certificate from Apple. The certificate allows MDM servers to securely communicate with the Apple Push Notification service. Your third‑party MDM solution provider can help get this started.

Requesting a certificate is simple and free.
Follow these instructions to get started.


Contact the MDM solution provider to request a Certificate Signing Request (CSR). The vendor will sign the CSR and deliver it to you.


Sign into the Apple Push Certificate Portal, then create a certificate and agree to the terms of use.


Select the signed CSR and click upload. After a moment, your certificate will be available for download.


This certificate can now be uploaded to your MDM server for use with the Apple Push Notification service.