Apple Mobile Device Management FAQ

What is Apple Mobile Device Management (MDM)?

Apple’s expansion into the enterprise has brought with it a more productive workforce and the ability for employees to work truly anywhere.

But more freedom, ever-expanding boundaries, and new operating systems can also bring challenges.

Organisations of any size must keep everyone’s devices running optimally, ensure that hardware and networks are always protected, and provide each employee with the right amount of access: not too little, not too much.

To ensure speed, consistency and automation of security best practices, your organisation will need MDM.

A good Apple MDM provides:

Remote device, inventory, and application management
Visibility into device status, automatic OS updates, and patch management
Compliance with policies, configurations, and updates without requiring IT to touch the device

A great Apple MDM is built specifically for Apple and provides:

A way for employees to request the applications they need, when they need them
Integration with threat prevention and remediation solutions
A way to ensure secure connectivity to your network and data, as well as to individual employees

By managing your devices with a powerful MDM service such as Jamf Pro or Jamf Now, your organisation will provide a better service to your employees, freeing up IT time and better managing risk. You can also provide a better experience for remote workers, create an engaging and useful onboarding experience, and ensure a more secure connection for all devices and users.


Frequently asked questions about Apple MDM

Q: What is Device Oversight (Supervision)?

Device Supervision gives organisations greater control over the iOS devices that are assigned to them. Supervision allows Mac administrators to apply security or data usage restrictions. It also allows IT to automatically update apps and roll out configurations and features that are useful to everyone in the organisation.

Watch this video to learn why device oversight is important for businesses.

Q: What is Apple Business Manager (ABM)?

It’s a simple web-based portal for IT administrators to easily purchase Apple devices in bulk. Organisations can use Apple Business Manager as a database for their Apple device purchases and as a database for their App Store applications. With Apple Commerce Management, your organisation will no longer need everyone’s Apple ID, and every device you buy through Apple Commerce Management automatically enrolls your MDM and simplifies initial device setup.

That means you can assign names, users, groups, and apps before the device ships to your location. You can even ship devices directly to end users’ homes with the right onboarding workflow from a comprehensive MDM.

Do you really need Apple Business Management? If you want to get the most out of your Apple fleet, absolutely.

Watch our webinar to learn more about how to get started with Apple Business Management.

Q: What is Apple School Manager (ASM)?

This web-based portal helps IT administrators deploy iPads and Macs in schools. It allows you to set up devices and get apps and books for students and teachers. And, especially when working with school-centric MDM education apps, it provides tools to create engaging lessons, collaborate, and support distance learning.

Q: What is an Apple ID and what is a managed Apple ID?

An Apple ID is an identifier and authenticator. Individuals can use their Apple ID to purchase items from the App Store and continue their settings on your iPhone, iPad, Mac, Apple Watch, and other Apple devices with a single sign-in. While you can use a single Apple ID to manage devices in your organisation, using a managed Apple ID is a more secure and easier-to-control process.

A managed Apple ID, created by Apple Business Management, is unique to your organisation, unlike Apple IDs created by employees themselves. IT can use a managed Apple ID to control access and push all apps and tools to Apple devices. This improves security because each app can be properly vetted before it reaches the device. Learn more about how Managed Apple ID can help your organisation.

Q. What is zero-touch deployment?

Zero-touch deployment is a way for organisations to dispatch, secure and maintain their Apple devices without having to touch them. It’s absolutely essential for those with remote workers and those who want to roll out updates and patches immediately.

Read our beginner’s guide to zero-touch deployment to learn more. Do you just need the details? This blog post on how to enable zero-touch deployment for your organisation is a detailed step-by-step instructional blog on how to do this using Jamf Pro and Jamf Connect.

Q: What is Apple Configurator 2?

Apple Configurator 2 simplifies Apple configuration setup for iPad, iPhone, iPod touch and Apple TV devices in your school or organisation.

From one interface screen, IT can view the operating system version, serial number, hardware ID and address, available capacity, and log messages for all connected devices. From there, employees can update software, install applications, configuration files, and more.

Learn how to register mobile devices to Jamf Pro using Apple Configurator 2 and the registration URL.

Q: What are Apple Push Notification services (APNs)?

APNs allow data to propagate across Apple devices without the need for a constant connection.

As a key layer in Apple’s deployment plans, security features, and MDM, APNs are absolutely critical for organisations focused on security and efficiency. Learn more details in our blog post about APNs.

Q: What can MDM access on devices?

Apple does not relax its privacy policies for organisations that manage Apple devices, so access to individual devices is limited.MDM can primarily monitor:

Apple does not relax its privacy policies for businesses that manage Apple devices, so business access to individual devices is limited. mdm can primarily monitor:

Installed applications
Operating system versions
Device inventory
Security alerts
MDM-related configuration settings
Remote lock and erase to prevent loss or theft of the device
Location tracking, but only in lost mode – not continuous monitoring of location.

Q: What can’t MDM access on the device?

MDM does not have control over a user’s iPhone, even if the iPhone is issued by a company. IT cannot use MDM to move your files or send messages on your behalf. They cannot access text, email, photos, or other personal messages or data in applications on the device.
MDM does not have the right to control a user’s iPhone, even if the iPhone is issued by a company.IT cannot use MDM to move your files or send messages on your behalf. They cannot access text, email, photos, or other personal messages or data in applications on the device.

(Retrieved from:

Comments are closed.