Skip to main content

5 Things You Should Know About Apple Mobile Device Management

Posted in: Jamf Now, Bushel

Apple Mobile Device Management (MDM for short) is a means of distributing data and settings to iPhone, iPad, iPod Touch and OS X. Using MDM, you can push email, security settings, apps, app settings and even content through devices. Bushel uses Apple’s MDM to push these to Apple devices. There are some limitations and misconceptions, so here are 5 things you should know about how Apple Mobile Device Management really works:

  1. Your data doesn’t route through Apple. All Push Notifications do route through Apple, but the data in these is small and minor. For example, if you use Bushel to push an email account to a device, the email settings (which are otherwise easily attainable on the Internet) are applied to a new email account on a device; however, the mail password never flows through that connection. The Push notification that goes through Apple only indicates there is a setting on the Apple Mobile Device Management solution, the Mobile Device Management suite sends the settings and then the person using the device provides the password, building in at least 2 layers of security between Apple and the password.Unknown
  2. You cannot change the background of an iOS device through MDM. Apple doesn’t allow changing the background of a device except using the device itself. You can restore a backup to a lot of devices to get a consistent background on devices, using Apple Configurator or iTunes. But no MDM solution can mass change backgrounds of iOS devices.
  3. You must have your own APNS certificate. The hardest part of setting up a Bushel account is installing your Apple Push Notification certificate. We know this. But installing a Push Notification Certificate, and renewing it when it expires is necessary for all Mobile Device Management suites.
  4. If you send a VPP app to a device from any Mobile Device Management solution then that app is removable. If you send a web-clip then whether it’s removable is optional. If you remove the device from the Apple Mobile Device Management solution then the app will always remove. The web-clip will remove only if it’s been set to being removable.
  5. All devices added to an Apple Mobile Device Management solution through DEP devices are supervised and can only be unsupervised if you remove the device via DEP. DEP is one option to enroll but there are many others if you don’t need users unboxing and setting up their own devices.

There are hundreds of other little factoids out there about MDM. But these are the most common questions we’ve gotten recently!