Cyber Security

Apple Device Management: Guide to The MDM Solution

As companies increasingly support remote work, bring-your-own-device (BYOD) policies have become more common.  As a result, Apple devices are being used to access sensitive corporate data and resources.

With Apple devices connected to corporate networks and SaaS applications, companies need to be able to monitor and secure these devices.  This article explores the following concepts regarding Apple device management:

Basics of Mobile Device Management

With the growing use of mobile devices for business, companies need Mobile Device Management (MDM) solutions to monitor and manage these devices.  MDM allows an organization to centrally manage large numbers of mobile devices using a single, integrated solution.

MDM provides multiple benefits to the organization including:

Data Security

With BYOD, mobile devices have access to sensitive corporate and customer information.  According to IBM, the average code of a data breach is $4.24 million.  MDM solutions enable organizations to better secure mobile devices, manage access to sensitive data, and enforce corporate security policies. This helps companies to avoid costly data breaches and meet regulatory compliance obligations.

Simplified Management

MDM solutions enable an organization to centrally monitor and manage its mobile devices, including the ability to automate the process of installing mobile apps and security updates.  This bolsters productivity and creates cost savings because IT administrators do not need to individually deploy these to each device or rely on employees to do so.

Consistent Monitoring

MDM software can be automatically deployed to corporate devices, and BYOD users can enroll their own devices on the platform.  This allows an organization to use a single, consistent solution to monitor and manage mobile devices that works across different device OSes and versions.

BYOD policies and a surge in mobile device usage complicate corporate security programs.  MDM provides organizations with the visibility and security that they need to protect sensitive data and enforce corporate security policies on rapidly scaling mobile infrastructure.

What Is Apple Device Management?

MDM is software designed to enable the centralized monitoring and management of mobile devices in general.  Apple Device Management (ADM) provides the same level of support specifically for Apple devices within an organization.

Apple devices can be enrolled in ADM in a few different ways.  The Apple School Manager and Apple Business Manager are web-based enrollment portals.  Apple Configurator on Macs or iPhones is another option for enrolling devices into an ADM solution.

ADM solutions offer various enrollment options, each of which provides different capabilities for monitoring and managing the enrolled devices.  The three primary types of ADM enrollment include:

  • User Enrollment: User enrollment is intended for BYOD users working from their personal Apple devices.  With user enrollment, users will have a managed Apple ID alongside their existing personal Apple ID.  Once a user has enrolled and authenticated to the managed Apple ID, apps and accounts can be installed on the device under the context of this managed Apple ID and alongside the apps and accounts tied to the personal Apple ID.
  • Device Enrollment: Device enrollment is another option intended for BYOD users that allows users to manually enroll their Apple device in the ADM solution.  With device enrollment comes a greater range of restrictions and payloads that can be applied on the device.  Additionally, users can unenroll their devices from the program, which wipes all of the apps, profiles, and settings associated with that enrollment.
  • Automated Device Enrollment: Automated device enrollment is designed to deploy ADM to corporate-owned Apple devices.  Using Auto Advance Deployment, devices can be configured to be enrolled in ADM from the moment they are removed from the box.  Additionally, devices can be configured to block users from removing the ADM profile from the supervised device.

ADM is an MDM solution that can be applied to Apple devices running iOS, iPadOS, macOS, and tvOS.  With ADM, companies have a number of options for enrolling both BYOD and corporate devices in the MDM solution and can centrally manage these devices across the enterprise.

Apple Device Management Glossary

Apple Device Management provides organizations with the ability to centrally manage both corporate and BYOD Apple devices.  When embarking on your ADM journey, here are some key terms that you need to know:

Enrollment

Enrollment is the process by which a device is registered with ADM.  After enrollment, the organization is able to monitor and manage this device.

Payload

A payload is a particular function of a device that the organization is managing or regulating.

Configuration Profile

A configuration protocol is an XML file containing configuration information for a managed device.  This file defines the way in which a particular device is being overseen and managed.

Device Profile

Device profiles define configuration settings for an entire device.  For shared devices, this enables an organization to consistently enforce policies across all user accounts.

User Profile

A user profile defines configuration settings for a particular user.  This allows different users to have different configuration settings on the same device.

Operating System

An operating system (OS) is software that sits between the hardware and mobile apps.  Apple devices may have various different OSes, including iOS, iPadOS, macOS, and tvOS.  The ADM features available on a particular device may depend on the Apple OS that the device is running.

Conclusion

Apple Device Management (ADM) is an MDM solution developed by Apple to allow centralized oversight and management of an organization’s Apple devices.  Both BYOD and corporate-owned devices can be onboarded onto the platform via a few different enrollment options, and IT administrators can remotely install apps and updates and enforce corporate security policies.

However, you may find that as a company, you need all of your devices to be easily configured in one place. That’s where an excellent MDM solution will come in. 

With MDM solutions in general and ADM in particular, organizations can much more scalably and effectively monitor and manage their mobile device infrastructure.  This centralized management improves not only enterprise security but also the productivity of corporate IT staff.

About the author

Norman Gutiérrez

Norman Gutiérrez is our Security Researcher at Prey, one of the leading companies in the security and mobility industry, with more than 8 million users worldwide. In addition to this, Norm is Prey's Content and Communication Specialist, and our Infosec ambassador. Norm has worked for several tech media outlets such as FayerWayer and Publimetro, among others. In his free time, Norman enjoys videogames, cool gadgets, music, and fun board games.